Scams do not always look like scams. On chain they often look like a normal ERC‑20 or BEP‑20 with a logo, a website, and a Telegram pinned message that screams “renounced.” What matters is what the contract and liquidity can do to you after you buy. Here is how I check if a token is a honeypot or wired for a rug, using on‑chain signals anyone can verify with block explorers and a bit of patience.
What “honeypot” actually means
A honeypot crypto token lets you buy but makes it hard or impossible to sell. The restriction can be blatant, like a revert when to equals the DEX pair, or subtle, like a dynamic tax that spikes to 100 percent for sellers only. Sometimes it is wrapped in anti‑bot language, or hidden behind role‑gated parameters that the owner can flip mid‑pump.
On Ethereum, BNB Chain, and most EVM chains, the trap lives in the token contract. The first stop is the contract page on Etherscan or BscScan. Verified source, holder distribution, and the write functions tell a story. When you want a quick snapshot, tools marketed as a safe token scanner or a honeypot token checker can help, but you still need to confirm by reading what the chain says.
A fast pre‑trade routine
- Search the token address on Etherscan or BscScan. Confirm the contract is verified, not a proxy you do not understand, and check the creator. Open DexScreener for the pair. Look at liquidity depth, pooled assets, and the DEX router. Tiny liquidity and exotic routers raise risk. Inspect holders on the Token Tracker. If top 5 non‑DEX wallets hold most of supply, you are one admin key away from a crash. Check if LP tokens are locked or burned. If the pair’s LP token holder is a regular wallet, ask where that lock is. Read the contract’s Read and Write tabs. Look for owner‑only settings that can change taxes, blacklist, pause trading, or mint.
If any one of these feels wrong, stop there. No need to get clever on a bad base.
Contract verification and proxies
A verified contract lowers guesswork. On Etherscan, the green check and the source match allow you to open the code and search for risk keywords. On BscScan the flow is the same. If you see a Proxy or UUPS badge, click through to the implementation. Proxies are not evil, but they mean the logic can change. If the upgrade admin is a single EOA, your assumptions about taxes or limits can vanish in one tx.
Experienced auditors often start with inheritance. OpenZeppelin ERC20 is a clean baseline. When you see custom routers, bespoke arithmetic, or lots of unchecked delegatecall, that is where backdoors hide. If the project claims renounced ownership, verify it. owner() should return the zero address for Ownable. AccessControl uses roles instead, so DEFAULT_ADMIN_ROLE holders matter more than owner().
The functions that trap sellers
Most honeypot token detection boils down to how transfer and transferFrom behave when the receiver is the pair. Scammers use a few recurring patterns.
- Hard sell block. Code checks to == pair or isMarketPair[to] == true and reverts on sell, often gated by a boolean like tradingOpen or canSell. If that flag never flips for normal users, you are stuck. Dynamic or owner‑settable fees. Functions named setFeeTx, setTax, setSellTax, or similar let the owner push the fee up to 100 percent for sells. Some tokens store different fees for buys vs sells, keyed by the pair. If there is no max cap in code, you are trusting the owner forever. Blacklists and whitelists. Mappings like _isBlacklisted, _isWhitelisted, isExcludedFromFee, or auth often control whether an address can sell. A common trick is to allow early buys, then blacklist non‑whitelisted addresses before the first big sell wave. MaxTx, maxWallet, and cooldowns. Legit anti‑whale settings exist, but if the owner can set maxTxAmount or maxWallet to near zero, any sell will fail. Cooldown code that requires a delay between transfers can also block routine sells, especially if measured in blocks and always reset on purchase. Router‑dependent quirks. Some tokens only let you sell through a specific router the owner controls. Look for custom router addresses in code, or functions that check msg.sender == router during transfers. If the router is not the standard UniswapV2 or PancakeSwap router, the risk jumps.
You can spot these with a plain read of the source. Short on time, search for keywords like “blacklist”, “max”, “fee”, “pair”, “sell”, “router”, “cooldown”, “onlyOwner”, “set”. Then trace through the conditions that modify transfer behavior.
Taxes that feel like theft
Fee‑on‑transfer tokens skim a percentage on every move, then swap those tokens for ETH or BNB and send to a treasury. Nothing wrong with that design if parameters are capped and transparent. The red flags are owner‑controlled fee rates with no safe upper bound, and a swap function that can be executed at will to create massive price impact.
Functions to watch: setSwapBackSettings, swapAndLiquify, setSwapThreshold, and any withdraw or sweep that can move native assets from the contract. If the tax wallet is a regular EOA, one bad actor can nuke the chart with a single sell. If the team uses a multisig like Gnosis Safe and publishes the address, risk is lower.
Also check whether fee exemptions exist for insiders. A mapping like _isExcludedFromFee that includes the deployer and marketing wallets means they can buy tax‑free and dump into your taxed order flow.
Liquidity reality check
Rugs happen when the team controls the liquidity. You can verify this without trusting a screenshot.
Open the pool on DexScreener, click the LP token address, and view holders on the explorer. If the top holder is a dead address like 0x0000…dead, the LP is burned. If it is a known locker contract, such as a common third‑party locker, you at least know there is a time lock. If it is an EOA or a fresh contract with no history, they can pull it.
Look at total liquidity versus market cap. A 5 million market cap with 20 thousand in liquidity means thin support. A single sell can move the price 50 percent. Also check for multiple pairs. If the main liquidity sits in a weird pair with a custom router, that pair can be drained independently of the mainstream pool.
Supply ownership matters too. If the deployer holds a large undistributed allocation, they can mint a dump even without a mint function by unlocking team wallets. Scan the Token Tracker holders tab. Contracts often name the pair and dead address clearly. Anything else in the top 10 deserves a click.
Reading Etherscan and BscScan like a human
A quick Read Contract tour tells you more than any honeypot token checker. Pull owner(), fee parameters, maxTx, maxWallet, and any boolean like tradingEnabled, swapEnabled, or limitsInEffect. If values look safe, check Write Contract for owner‑only setters. The presence of a setter implies it can change. If ownership is renounced, try calling an owner‑only function with a dummy value using eth_call simulation in a tool like Tenderly to confirm it reverts.
Event logs are underrated. Search for events like OwnershipTransferred, SetFee, ExcludeFromFee, or Blacklisted. If you see many addresses blacklisted right after launch, or fees toggled repeatedly, the pattern is hostile.
On BNB Chain, scams often copy old templates. BscScan’s “Similar Contracts” helps you find known bad families. Security firms like PeckShield and CertiK often flag these patterns publicly, and you will see clusters of addresses with near‑identical bytecode.
Practical sell test, without becoming exit liquidity
On Ethereum mainnet, a true sell test costs real gas and slippage. A safer path is to simulate first. Use Tenderly or Foundry’s cast call to simulate swapExactTokensForETH from a test address that owns some tokens. If simulation fails with a revert string that mentions selling or fees, you just found your answer. Not every token emits helpful errors, but silent reverts appear in call traces.
If you do buy a dust amount, set your slippage higher than the stated tax to account for fee‑on‑transfer mechanics. Then try a tiny sell. If it fails with transfer amount out errors, it might be a sell tax mismatch, not a hard honeypot. Still bad, but different. If it reverts with a require about trading not enabled, wait and re‑check write privilege. Owners sometimes enable trading selectively, whitelisting insiders first.
Red flags auditors see over and over
- The token looks standard, but transfer calls an internal _beforeTokenTransfer hook that routes through complex fee logic with owner‑settable paths. Hidden blacklist lives there. Ownership “renounced,” yet the proxy admin or AccessControl role retains full power. On chain, the admin can upgrade the implementation and bring back owner functions. mint or setBalance functions guarded by a non‑obvious modifier. It might be called onlyMinter, onlyMarketing, or a custom role. Always search for balanceOf[_] = style direct writes. Sell blocking exists only when to == pair, so P2P transfers work. That is by design. It lets a team move tokens around, but you cannot exit through the DEX. Trading variables measured in blocks with very small windows. During the first N blocks, only whitelisted can trade. Teams can keep toggling the window to harvest buys.
These are precisely the issues security firms like Hacken and Consensys Diligence flag in audits. An audit is not a guarantee, but when real firms sign it and the code matches the audited commit, risk drops significantly.
Social signals and market structure
Scammers can fake websites, but they cannot fake on‑chain history. Still, social checks add color. CoinGecko and CMC listings do some due diligence, yet many bad tokens slip through. I like to search X for the contract address. On‑chain sleuths with a history of accurate calls will often surface honeypot crypto patterns early. If PeckShield Alerts or CertiK Skynet flags a find out more pair, give that heavy weight.
Market structure on DexScreener tells you the tradeability story. Look at 24h volume, average trade size, and the price impact of recent sells. A chart that rises only on buys, with sells constantly failing or tagged as transfers, screams sell restriction.
BSC specifics
BSC is flooded with copy‑paste honeypots. A bsc honeypot check tool can quickly flag many of them, but never stop there. Verify that the PancakeSwap pair is the main liquidity, the router is the official one, and that the LP tokens are locked. Many BSC scams use 100 percent sell taxes that they tweak mid‑launch. If you see a setFeeTx or setSellFee that allows 10000 basis points, you already have your answer.
Edge cases that are not scams, just tricky
- Legit fee‑on‑transfer tokens break aggregators and some routers. Your sell might fail on one DEX and succeed on another with fee‑aware paths. Fresh launches run anti‑bot phases that block sells for a few minutes. Owners should communicate start and end times clearly. If they do not, assume the worst. Bridges wrap tokens with different decimals or fee logic per chain. A token might be safe on Ethereum and sketchy on BNB Chain because the wrapped contract differs.
The fix is always the same: read the specific contract you are trading, not the brand name.
A simple decision framework
- If ownership is not renounced or secured by a reputable multisig, and the owner can change taxes, limits, or blacklist, you are taking team risk. If liquidity is not burned or time‑locked with a public lock, you are taking rug risk. If transfer or transferFrom branch on the pair and can revert, you are taking honeypot risk. If a proxy exists with a centralized admin, you are taking upgrade risk. If top holders are insiders and no vesting is visible on chain, you are taking supply risk.
Stack enough of these and you are not investing, you are donating.
Final thoughts you can act on
You do not need a fancy honeypot token detection dashboard to avoid most traps. A 10 minute Etherscan walk, a DexScreener glance, and a tiny simulated sell catch the majority of “token cannot sell” setups. When a project touts a smart contract audit, check that the auditor is real, like CertiK, PeckShield, Hacken, or Consensys, and that the deployed bytecode matches the audited commit. When a community on X flags a contract, read their threads, then verify on chain.
Crypto rewards skepticism. If the team will not share the LP lock, if the owner can set taxes without caps, if the proxy admin is a single wallet, or if a safe token scanner disagrees with their marketing, pass. There will always be another chart.