Honeypot Tokens: What They Are & How to Detect Them
A honeypot token is a crypto token you can buy but cannot sell. Its contract keeps the buy path open so the token looks tradable, then blocks the sell: the transaction reverts through a hidden require check, an automatic blacklist, a balance reset, or a sell tax set to 100%. The result is a trap where your funds are stuck while the deployer keeps the liquidity. Only bytecode-level analysis or a live sell simulation reliably exposes it.
How honeypot contracts work
Honeypots weaponize the token's own transfer logic. A buy stays open so liquidity looks real, while the sell path reverts, commonly via a require that only whitelists the deployer, an auto-blacklist that flags every buyer, a rebasing hook that zeroes your balance before the swap, or a sell fee fixed at 100 percent.
How to detect a honeypot
You cannot tell from price, volume, or a green chart, because honeypots let buys succeed and often look actively traded. The only reliable checks are reading the decompiled contract for asymmetric buy and sell rules and simulating a real sell against the live liquidity pool before committing funds.
How Tok{In} detects honeypots
Tok{In} decompiles the token's EVM bytecode with Dedaub's Gigahorse engine to surface asymmetric transfer logic, then runs a live buy-then-sell simulation against the real DEX pool on Ethereum, BSC, Base, Arbitrum, or Avalanche. If the simulated sell reverts or returns near zero, the token is flagged as a honeypot.
What to do if a token is a honeypot
Do not buy, and never send more to unlock a stuck balance, as that is a second scam. Verdicts can change when deployers alter contract state, so re-scan immediately before any trade rather than trusting an older result.
Check any ERC-20 token for this and 20+ other risks in seconds — free, no wallet connection.
Scan a token →Frequently asked questions
- How do I know if a token is a honeypot?
- Run the contract through a scanner that both decompiles its bytecode and simulates a real sell on the live pool. Price, holder count, and volume prove nothing, since honeypots let buys through to look legitimate. If a simulated sell reverts or returns almost nothing, treat the token as a honeypot and do not buy.
- Can you get your money back from a honeypot?
- Almost never. The contract is designed so only the deployer can sell or withdraw liquidity, and there is no admin to appeal to on a decentralized chain. Ignore anyone offering to recover your funds for a fee, as that is a follow-up scam. Scanning before buying is the only reliable protection.
- Is a honeypot the same as a rug pull?
- No. A honeypot blocks you from selling from the moment you buy, trapping funds in the contract. A rug pull lets you trade normally until the team suddenly removes liquidity or dumps supply. Both end in loss, but honeypots are detectable before purchase through a live sell simulation.
- Why did a honeypot pass one scan but fail another?
- Deployers can flip a contract between safe and malicious by toggling trading, editing a blacklist, or raising the sell tax after launch. A scan reflects the contract's state at that moment, so always re-scan right before trading rather than relying on an earlier verdict.