Honeypot scams are deceptive schemes prevalent in the Web3 ecosystem, designed to trap unsuspecting investors. These scams typically involve the creation of tokens or contracts that entice users with the promise of profits but ultimately prevent them from selling or accessing their funds.
With the help of this blog, we will take you through the deceptive mechanisms behind these scams, shedding light on how unsuspecting users fall victim to losing their funds. Let’s dissect the common tactics used by scammers and the widespread impact of these schemes.
The Anatomy of Honeypots
Table of Contents
Honeypot scams target crypto investors who lack deep knowledge of solidity, the programming language for smart contracts. These scams often display enticing price charts with all green candles, triggering FOMO (fear of missing out) and impulsively prompting users to buy tokens. Once purchased, victims find themselves unable to sell due to various deceptive mechanisms deployed by scammers.
Some Prevalent Tactics
The Blacklist
Among the most rudimentary forms of honeypot contracts is the blacklist. This method operates straightforwardly: once an investor purchases the scam token, their wallet address is added to a blacklist.
Subsequently, any attempt to sell the tokens from a blacklisted wallet is met with prevention by the token’s sell function. While some variations attempt to obscure their purpose by employing misleading function names, such as ‘Approval For All,’ the underlying mechanism remains the same. Essentially, the blacklist serves as a mechanism to lock investors into holding worthless tokens, unable to sell and recoup their investment.
The Balance Change
Another insidious tactic employed in honeypot scams involves manipulating a user’s token balance. Instead of outright preventing users from selling, this method surreptitiously alters their token balance to a predetermined amount set by the contract creator.
Although the user may still perceive themselves as holding their purchased tokens, the reduced balance recorded within the contract renders them unable to sell more tokens than their altered balance. Consequently, investors find themselves trapped with tokens they can neither sell nor transfer, effectively rendering their investment worthless.
The Minimum Sell Amount
In a variation of the honeypot scam known as the minimum sell amount tactic, users are ostensibly allowed to sell their tokens, but only above a prohibitively high threshold. This threshold is typically set at an outrageous number, far surpassing the available supply of tokens. As a result, investors are effectively prevented from selling their tokens, as the required sell amount exceeds what is realistically achievable. Even if users attempt to acquire more tokens to meet the threshold, the process perpetually repeats, leaving them unable to sell and recoup their investment.
The Extent of the Issue
Honeypot tokens pose a persistent threat, especially as market conditions improve and more participants enter the Web3 space. Some scams masquerade as well-known projects to deceive investors, and scammers automate contract deployment, creating thousands of fraudulent contracts. Investigations reveal alarming statistics:
A single threat actor created 979 honeypot contracts within a two-month period.
Losses from honeypot scams may seem minimal per victim but accumulate rapidly with the sheer volume of contracts deployed.
Calculating Losses
By examining a specific instance involving a fake Shia Token on the Binance Smart Chain (BSC) utilizing the balance change honeypot method, we can grasp the extent of the damage inflicted on unsuspecting investors.
In the case of the fake Shia Token, the scam operates by triggering the increaseAllowance() function, effectively resetting users’ token balances to zero. This function, highlighted in the contract code, manipulates the current balance of a wallet by subtracting it from itself, facilitated by obscure variable names chosen by the scammers to obfuscate the smart contract’s logic. As a result, victims hold worthless tokens, unable to sell or recoup their investment.
Despite the seemingly minimal losses incurred by individual victims, totaling approximately $60 for four users in this instance, the cumulative impact of such scams is significant. Considering the proliferation of honeypot contracts, exemplified by the creation of 979 contracts in a two-month period, the aggregate losses quickly escalated. For each contract averaging $60 in losses, the total sum amounts to approximately $58.7k, underscoring the substantial financial toll inflicted on investors within a relatively short timeframe.
Conclusion
The prevalence of honeypot contracts in Web3 presents a significant risk to investors. These scams exploit social media hype and automated deployment to trap unsuspecting users’ funds. The infamous Squid Game honeypot token exemplifies the disastrous consequences of falling victim to such schemes. Investors should exercise caution and utilize available tools to assess the risk of encountering a honeypot scam.
Exercise vigilance when encountering tokens with all-green price charts, especially if promoted aggressively. Remember, if it seems too good to be true, it probably is. Stay informed, stay cautious, and protect your investments in the ever-evolving landscape of Web3.