How to Detect Honeypot Tokens — Full Guide
Honeypot tokens are one of the most common scams on decentralized exchanges. They let you buy but prevent you from selling, trapping your funds permanently. This guide explains exactly how honeypot scams work, what smart contract techniques they use, and how to detect a honeypot token before you risk a single dollar.
What Is a Honeypot Token?
A honeypot token is a type of cryptocurrency scam built directly into the token's smart contract. The contract is written so that anyone can buy the token on a decentralized exchange, but only the deployer (or a small set of insider wallets) can sell. When you attempt to sell your tokens, the transaction fails, reverts, or deducts a fee so large that you receive nothing back. Your investment is effectively locked forever.
The name comes from the concept of a honey pot used in security: something attractive that lures victims in and traps them. In the crypto context, the bait is usually a token with a rapidly rising price chart. New buyers see the price going up, buy in expecting to sell later at a profit, and then discover they cannot sell at all.
Honeypot tokens are estimated to account for 20-40% of newly launched tokens on some chains, particularly on low-fee networks like BNB Chain and Base where deploying a scam contract costs very little. This makes learning how to detect honeypot tokens an essential skill for anyone trading on decentralized exchanges.
For a deeper explanation of what honeypot tokens are and why they exist, see our dedicated article on what a honeypot token is.
How Honeypot Scams Work: 5 Common Techniques
Honeypot contracts use a variety of techniques to block sells while keeping buys open. Understanding these techniques is the first step toward being able to detect a honeypot token. Here are the five most common methods scammers use.
1. Blacklist Functions
The contract includes functions like setBlacklist, addToBlacklist, or isBlacklisted that allow the deployer to block specific wallet addresses from executing sell transactions. After you buy, the deployer adds your address (or all buyer addresses) to the blacklist. Any subsequent attempt to call the transfer or sell function reverts with an error. Because the blacklist is controlled by the contract owner, only the deployer can remove addresses from it, which they never do.
2. Max Transaction Limits
The contract contains a setMaxTxAmount or setMaxSellAmount function that the deployer can modify at any time. Initially, the limit is set high enough to allow normal trading. After buyers accumulate tokens, the deployer sets the maximum sell amount to zero or an extremely small number like 1 wei. Your sell transaction reverts because it exceeds the allowed maximum. The buy function is not subject to the same limit, so new victims can still purchase tokens.
3. Hidden Fees on Sell
The contract applies asymmetric tax rates for buy and sell transactions. The buy tax is set to a reasonable percentage, typically between 1-5%, to avoid raising suspicion. However, the sell tax is set to 90-100%, which means attempting to sell returns almost nothing or causes the transaction to fail entirely. Some contracts use a dynamic fee function that starts low and gradually increases the sell tax over time, making early detection more difficult.
4. Approve Manipulation
This technique targets the ERC-20 approval mechanism that decentralized exchanges rely on. After you buy the token and approve the DEX router to spend your tokens, the contract silently revokes or modifies the approval. When you attempt to sell, the router lacks the necessary allowance to transfer your tokens, and the transaction fails. Some contracts override the approve function itself so that approvals for the router address are never actually stored.
5. Transfer Restrictions
The contract overrides the standard transfer or transferFrom function with custom logic that selectively blocks transactions. Common implementations check whether the sender is the contract owner or the liquidity pair, allowing only the deployer to sell. Other variations use a cooldown timer set to an impossibly long period, a whitelist that only includes the deployer, or conditional logic that restricts transfers based on block number or timestamp.
Many honeypot contracts combine multiple techniques to create redundant sell blocks. A contract might use blacklisting as the primary mechanism and a high sell tax as a fallback, ensuring that even if one method is bypassed, the other still traps the buyer's funds.
How to Detect a Honeypot Token: 7 Methods
Before buying any new token on a decentralized exchange, run through these seven detection methods. Each method targets a different aspect of honeypot behavior, and using them together gives you the highest level of protection.
Simulate a Sell Transaction
Use a transaction simulator or a tool like Coinibi to simulate selling the token before you buy. The simulator executes the sell function against the current contract state without broadcasting the transaction to the network. If the simulation reverts, returns an error, or shows that you would receive zero tokens back, the token is a honeypot. This is the single most reliable detection method because it tests the actual contract behavior rather than relying on code analysis alone.
Check Buy/Sell Tax Difference
Compare the buy tax and sell tax applied by the token contract. A legitimate token might apply a small tax in both directions, typically under 10%. A honeypot often has a reasonable buy tax of 1-5% paired with an extreme sell tax of 50-100%. If you see a sell tax that is dramatically higher than the buy tax, or if the sell tax exceeds 20%, treat the token as extremely suspicious. Coinibi displays both buy and sell tax percentages on every token detail page.
Verify the Contract Source Code
Check whether the contract source code is verified on the blockchain explorer for the relevant chain. If the code is not verified, you have no way to inspect what the contract actually does and should treat it as high risk by default. If the code is verified, search for dangerous patterns: functions that modify tax rates, owner-only modifiers on transfer logic, and proxy patterns that allow the implementation to be swapped. Unverified contracts on new tokens are a major warning sign.
Look for Blacklist Functions
Search the verified contract code for any functions related to address blocking. Common names include blacklist, setBlacklist, addBot, isBot, setBot, blockAddress, and denylist. If the contract includes any mechanism to selectively block addresses from transacting, the deployer can activate it at any time to trap buyers. Even if the function has not been called yet, its mere presence gives the owner the ability to create a honeypot on demand.
Check the Trading History
Examine the token's transaction history on the blockchain explorer. A healthy token shows buy and sell transactions from many unique wallet addresses. A honeypot typically shows many buy transactions from different wallets but zero sells, or sells only from the deployer wallet and a handful of insider addresses. If a token has been trading for several hours and you cannot find a single successful sell from a regular wallet, it is almost certainly a honeypot.
Use Automated Scanners
Automated honeypot scanners combine multiple detection techniques into a single check. These tools simulate sell transactions, analyze the contract bytecode for known honeypot patterns, compare buy and sell taxes, check holder distribution, and review transaction history. Coinibi runs these checks automatically for every token in the live feed and displays the results in the safety score. Using an automated scanner is faster and more thorough than manual inspection.
Try a Small Test Trade
If all automated and manual checks pass but you still have concerns, execute a minimal test buy followed by an immediate sell. Use the smallest practical amount for your test. If the buy succeeds but the sell fails, reverts, or deducts an unexpectedly large fee, do not invest further. The small amount lost in testing is insignificant compared to the potential loss from a larger position. This is the final confirmation step that proves the token can actually be sold.
For a broader overview of token safety practices that go beyond honeypot detection, read our token security analysis guide.
Honeypot Red Flags Checklist
Use this checklist as a quick reference before buying any token. Each red flag is categorized by severity. If you encounter any Critical-level flag, do not buy the token.
| Red Flag | Severity |
|---|---|
| Sell simulation fails or reverts | Critical |
| Sell tax above 20% | Critical |
| Contract source code not verified | High |
| Blacklist or block functions in contract | Critical |
| No successful sells from non-deployer wallets | Critical |
| Buy tax and sell tax differ by more than 10% | High |
| MaxTxAmount or MaxSellAmount function present | High |
| Owner can modify transfer logic post-deploy | High |
| Approval manipulation in the approve function | Critical |
| Token launched less than 1 hour ago with no sells | Medium |
| Deployer wallet holds large share of supply | Medium |
| Proxy contract pattern with upgradeable logic | High |
Honeypot scams are closely related to rug pulls, another common threat on decentralized exchanges. Learn the differences and how to protect yourself in our rug pull detection guide.
Using Coinibi to Detect Honeypots
Coinibi automates the entire honeypot detection process for you. Every token that appears in the live token feed is automatically scanned for honeypot characteristics. Here is how to use Coinibi for honeypot detection:
Automatic Safety Score
Every token in the Coinibi feed receives an automated safety score that factors in honeypot risk. The score considers sell simulation results, buy/sell tax asymmetry, contract code patterns, holder concentration, and trading history. Tokens flagged as likely honeypots receive a low safety score and display a clear warning indicator.
Token Checker Tool
Use the Token Checker to manually scan any token by entering its contract address. The checker runs a complete safety analysis including honeypot simulation, tax calculation, contract code review, liquidity analysis, and holder distribution. Results are displayed within seconds and include specific warnings about any detected honeypot characteristics.
What Coinibi Checks
- Sell transaction simulation — tests whether a sell can execute successfully
- Buy and sell tax calculation — flags asymmetric or extreme tax rates
- Contract code analysis — identifies blacklist, pause, and limit functions
- Trading history review — checks for sell transactions from non-deployer wallets
- Holder distribution — detects concentrated ownership that enables manipulation
Running these automated checks takes seconds and can save you from losing your entire investment. Make it a habit to check every token on Coinibi before buying, regardless of how promising the chart looks. Browse our glossary if you encounter unfamiliar terms used in scan results.
Summary
Honeypot tokens are designed to exploit the trustless nature of decentralized exchanges by embedding sell restrictions directly into the smart contract. They rely on the fact that most buyers do not read contract code or simulate transactions before purchasing. By learning the five common honeypot techniques and applying the seven detection methods covered in this guide, you can identify and avoid the vast majority of honeypot scams.
The most important takeaway is to never buy a token without checking it first. A five-second scan on Coinibi's Token Checker can reveal whether a token is a honeypot before you commit any funds. Prevention is the only reliable protection because funds lost to honeypot scams are almost never recoverable.
Frequently Asked Questions
What is a honeypot token in crypto?+
A honeypot token is a cryptocurrency scam where the smart contract allows you to buy the token but blocks you from selling it. The contract uses hidden restrictions such as a 100% sell tax, address blacklisting, or sell function revert logic to trap your funds permanently. Only the contract deployer and insiders can sell. Honeypot tokens are among the most common scams on decentralized exchanges.
How do I detect a honeypot token before buying?+
The most reliable method is to simulate a sell transaction before you buy. Use a tool like Coinibi that automatically simulates sells and reports the result. Additionally, check whether the buy and sell taxes are similar, verify the contract source code is public, look for blacklist functions in the code, and review the trading history for successful sells from regular wallets. If any of these checks fail, avoid the token.
Can I recover funds trapped in a honeypot?+
In nearly all cases, funds trapped in a honeypot token cannot be recovered. The smart contract is specifically designed to prevent selling, and blockchain transactions are irreversible. There is no technical mechanism to bypass the sell restriction without the contract owner's cooperation, which they will not provide. Prevention through pre-purchase detection is the only reliable protection.
What is the difference between a honeypot and a rug pull?+
A honeypot blocks you from selling your tokens by restricting the sell function at the smart contract level. A rug pull occurs when the token creator removes all liquidity from the trading pool, crashing the price to near zero. Both result in lost funds, but they use different mechanisms. A token can technically be both a honeypot and a rug pull if the deployer blocks sells and later drains the remaining liquidity.
Are honeypot tokens illegal?+
Honeypot tokens constitute fraud in most jurisdictions because they are designed to deceive buyers into thinking they are purchasing a tradable asset when the contract is intentionally rigged to prevent selling. However, enforcement is extremely difficult due to the pseudonymous nature of blockchain and the cross-border operation of most scammers. Practical protection relies on detection tools rather than legal recourse.
Does Coinibi detect honeypot tokens automatically?+
Yes. Coinibi runs automated honeypot detection on every token in the live feed. The scanner simulates sell transactions, calculates buy and sell taxes, analyzes contract code for known honeypot patterns, and checks trading history for sell activity. Results are reflected in the token safety score. You can also manually check any token by entering its contract address in the Token Checker tool.