What Is a Honeypot Token and How to Detect One

A honeypot token lets you buy but blocks you from selling. You put money in. You cannot get it out. The scammers drain the liquidity and disappear.

How a honeypot works

The contract looks normal: buy function, sell function, liquidity on a DEX. The sell path has a hidden condition. Common implementations:

• Transfer restrictions. The contract checks the from address against a hidden blacklist on every transfer. Everyone except the deployer is blocked from selling.
• Tax-to-zero. Sell “fee” is set to 99-100%. You execute the swap. You receive almost nothing.
• Modified approval. The approve() call succeeds but the router transfer reverts on-chain. The swap never settles.
• Pausable trading. An owner function freezes all sells at any moment. Buyers are stuck with worthless tokens.

The deployer adds liquidity, promotes the token on Telegram or Twitter, watches buys accumulate, then drains the pool.

On-chain signals that indicate a honeypot

You do not need to read Solidity to spot a honeypot. Look for:

1. Buy tax and sell tax are very different. A 5% buy tax and a 90% sell tax is a honeypot pattern.
2. Sell success rate is zero or near zero. On-chain simulations show every sell failing.
3. No successful sells in the history. Hundreds of buys, zero sells - something is blocking them.
4. Ownership not renounced. The deployer can still call pause() or change the fee.
5. Proxy contract with upgradeable logic. The sell block can be added after launch.
6. Deployer holds a large supply. Hidden minting or pre-allocation lets the team dump at will.
7. Anti-whale limits that only apply to sells. Max sell of 0.01% per transaction makes exit economically impossible.

How GoPlus detects honeypots

Web3defender passes every token through the GoPlus Labs API. It simulates a buy and sell on a fork of the current chain state. If the sell reverts or slippage exceeds a threshold, the contract is flagged as a honeypot.

The result is deterministic: same contract, same block, same verdict every time. No AI guessing.

How to check a token before you buy

1. Paste the contract address into Web3defender. Verdict in under 20 seconds.
2. Check is_honeypot and buy_tax / sell_tax in the result.
3. Check can_take_back_ownership. If true, the owner can reclaim a renounced contract.
4. Check holder_count and whether the top holder is the deployer.

If any flag is raised, treat the token as hostile until proven otherwise.

Red flags in token promotion

Scammers use social pressure to make you buy before you think:

• Countdown timers: “Presale ends in 2 hours.”
• Celebrity endorsement screenshots (always fake).
• Telegram groups with thousands of members (most are bots).
• “Anti-bot” or “anti-dump” mechanisms marketed as safety features. They are often the honeypot mechanism itself.
• Promises of locked liquidity while the contract still has an owner who can drain it.

What to do if you are already in a honeypot

If you bought a token and cannot sell:

1. Confirm it is a honeypot using Web3defender or a block explorer simulation.
2. Do not send more money hoping to average down.
3. If the token has a burn function, burning your balance may cost less gas than repeated failed sell attempts.
4. Report the contract address to GoPlus and the exchange’s security team.
5. File a report with your country’s financial crime authority if the amounts are significant.

The money is most likely unrecoverable. The goal is to stop further losses.

---

FAQ

Can a honeypot be fixed after launch? Rarely, and not in your favor. If the owner “fixes” the sell function, they are likely preparing to dump after buyers return.

Does renounced ownership mean it is safe? No. The honeypot condition is hardcoded at deploy time. Renouncing ownership just means nobody can remove it. The sell block is permanent.

What chains are honeypots most common on? BSC and Ethereum are the most frequent targets. Token deployment is cheap and DEX liquidity is abundant. Polygon and Base see the same pattern.