Security

What Is a Honeypot Token? How to Detect One Before You Lose Money

Honeypot tokens let you buy but trap you from selling. Learn how they work, how to detect them on-chain, and how to avoid losing money.

Blog
C
ChainRaven Team·March 27, 2026·6 min read

You buy a token. The price is rising. You decide to take profits and hit "sell" — but the transaction fails. You try again, adjust slippage, everything. It still fails. You're trapped.

This is a honeypot.

How Honeypot Tokens Work

A honeypot token is a smart contract designed to allow purchases but block or penalize sales. The mechanics vary, but the goal is the same: lure buyers in with rising prices (often pumped by the deployer), then trap their funds.

There are three main technical approaches:

1. The Blacklist Honeypot

The contract contains a blacklist() function that the owner can call on any address. Once blacklisted, a wallet cannot sell or transfer the token. The deployer buys early, waits for the price to rise as outside buyers come in, then blacklists all the buyers and sells their own tokens.

On-chain signature: A blacklistAddress(), addToBlacklist(), or setBlacklist() function controlled by the contract owner.

2. The Tax Trap

The contract has a configurable sell tax. Initially the tax might be 5%, but the owner can raise it to 99% at any time. By the time you try to sell, you'd net almost nothing.

On-chain signature: Functions like setSellTax(), updateTax(), or tax parameters stored in mutable state variables without a cap.

3. The Transfer Lock (Pausable Contracts)

The contract has a pause() function that freezes all transfers. When the deployer is ready to exit, they pause the contract for all users except themselves, dump their tokens, then unpause and disappear.

On-chain signature: A pause() function, often inheriting from OpenZeppelin's Pausable with owner-only access.

4. The Hidden Approve/Transfer Override

Some advanced honeypots override the standard ERC-20 transfer or transferFrom functions to add custom logic — checking if the sender is whitelisted, or reverting sells above a certain amount.

On-chain signature: Custom transfer() logic that checks sender address against a mapping, often with non-obvious variable names to obscure the check.

How to Detect a Honeypot

Manual Method (Slow)

  1. Read the source code on Etherscan. Search for blacklist, pause, tax, fee, and transfer functions. Check what they do and who controls them.
  2. Simulate a sell using a tool like Tenderly transaction simulator before committing real funds.
  3. Check the contract owner — has ownership been renounced? Is it a multisig?

Automated Method (Fast)

ChainRaven's free scanner automatically detects honeypot signals:

  • Active blacklist functions
  • Pausable transfer mechanisms
  • Uncapped or mutable tax parameters
  • Hidden transfer overrides
  • Max transaction limits that block sells

Paste any ERC-20 or Solana address and get a risk score in seconds.

Common Honeypot Patterns to Watch

PatternWhat It Looks LikeRisk
Owner blacklistblacklistAddress(address) functionExtreme
Adjustable sell taxsetSellTax(uint256) with no capHigh
Pausable transferspause() function with owner controlHigh
Max tx amountSell limit of 0.01% per transactionMedium-High
Whitelisted buy-onlyDeployer in allowlist, buyers notExtreme

Real Warning Signs in Practice

Before any purchase, look for these on-chain signals:

  1. Unverified source code — If you can't read the code, you can't know what it does.
  2. Single-owner control — All admin functions controlled by one EOA (externally owned account), not a multisig.
  3. No LP lock — Combined with honeypot mechanics, the team can both trap buyers and drain liquidity.
  4. Suspiciously one-sided price action — Price only goes up, no organic sell pressure.
  5. High slippage required to buy — Often means a buy tax is already active, with a sell tax waiting.

What to Do If You're Caught in a Honeypot

Unfortunately, if you're fully trapped in a honeypot, your options are limited:

  • Try minimal sells — Sometimes there's a tiny allowance. Even selling 0.1% of your holding confirms the trap.
  • Wait — Some honeypots are eventually abandoned, at which point restrictions may be lifted. Rare and not a strategy to rely on.
  • Document and report — Report to DEX aggregators (1inch, Dexscreener) so they can flag the token. Help protect the next person.

Prevention is the only real protection. Always scan before you buy.

Scan Any Token for Free

ChainRaven automatically detects honeypot mechanics before you invest. Try the free scanner →

Share this article