Honeypot

A crypto scam that lures users into a seemingly profitable token, app, or link, then blocks withdrawals or steals funds and data.

A honeypot in crypto is a deceptive setup designed to attract victims with the promise of easy profits, exclusive access, or rewards, then trap them into losing funds or exposing sensitive information. Unlike traditional cybersecurity honeypots, which are defensive decoys used to observe attackers safely, crypto honeypots are malicious schemes built to exploit users.

How crypto honeypots work

Many honeypots revolve around smart contracts and tokens. A common pattern is a token that can be bought normally, often after hype on social media or in chat groups, but becomes difficult or impossible to sell. The contract may include hidden restrictions, such as allowing only whitelisted addresses to sell, applying an extreme sell tax, or using functions that selectively revert sell transactions. Victims see buying activity and rising chart performance, assume liquidity is available, and then discover they cannot exit their position.
Honeypots can also appear off chain. For example, a fake airdrop or “wallet verification” page may prompt users to connect a wallet and approve permissions. The site may request an unlimited token allowance or a signature that enables a drainer contract to move assets. In these cases, the trap is not a blocked sale, it is stolen funds or compromised credentials.

How to spot them and why they matter

Because smart contracts can hide complex rules, honeypots are often difficult to detect at a glance. Basic due diligence includes reviewing contract behavior, checking whether sells are succeeding for regular addresses, and being cautious with approvals and signature requests.

Honeypots matter because they exploit the transparency and composability of blockchains, turning open access into an attack surface. Understanding them helps users protect funds, evaluate token risks, and interact more safely with DeFi and new projects.