What a honeypot actually is
A honeypot is a smart contract that lets you buy tokens but silently prevents you from selling them. The contract looks normal on the surface. The chart looks like any other low-cap token. The first transaction goes through. Then when you try to sell, the transaction reverts or your balance silently drops to zero.
The simplest version is a transfer function that rejects any transfer except those from the owner's wallet. The more sophisticated versions ramp the sell tax to 99 percent after the price doubles, blacklist random buyer wallets, or only allow sells when the contract balance is above a threshold the owner controls. They all have the same outcome: your money becomes the owner's money, and the chart goes to zero on cue.
Honeypots are the most common scam on BNB Chain by volume because they are easy to deploy (template contracts exist), cheap to ship (under $5 in gas), and profitable until the wallets get flagged. The good news is they are equally easy to detect if you know what to check.
The 60-second checklist
These five checks, in order, catch over 95 percent of honeypots before you buy:
- Run the contract through the MoonSale token scanner
- Verify the contract source is published on BscScan
- Inspect the holder distribution and top wallets
- Check the recent transactions tab for actual sells
- Optional: try a $1 test buy and immediate sell
Each check takes 5 to 15 seconds. The first three together catch most scams.
Step 1: scan the contract
The fastest single check is to paste the contract address into the MoonSale token scanner. It runs an automated analysis of the bytecode and returns a verdict on every common honeypot pattern:
- Buy tax and sell tax (if either is above 25 percent, walk away)
- Whether tax can be modified by the owner after launch (means tax can suddenly become 99 percent)
- Presence of a blacklist function (means the owner can prevent specific wallets from selling)
- Presence of a hidden mint function (means the owner can dilute supply at will)
- Whether trading can be paused on demand
- Whether the contract is upgradeable through a proxy (means the logic can be swapped after audit)
A clean scan is not a guarantee, but a dirty scan is a guaranteed exit. If the scanner flags any of these, do not buy.
Step 2: verify the source code is published
Open the contract address on BscScan or Etherscan. Look for the green "Contract Source Code Verified" check on the Code tab. If the source is not verified, treat it as a honeypot until proven otherwise.
Verified source code does not mean the contract is safe. It means you, or someone, can read what the contract actually does. Unverified contracts are bytecode only, which means even seasoned auditors cannot tell what is in them. New legitimate projects verify their source within minutes of deployment. The ones that do not are hiding something.
Step 3: inspect the holder distribution
Click the Holders tab on BscScan. Look for these red flags:
- Top wallet holds more than 50 percent of supply (excluding the LP address). One wallet that can dump and crash the chart.
- Liquidity pool address is not in the top three holders. A real launch parks 80 to 95 percent of supply in the LP. If the LP is the seventh-biggest holder, supply is concentrated elsewhere.
- Multiple wallets with identical balances created on the same day. This is the deployer fanning supply across throwaway wallets to look more decentralized.
- No locked liquidity. Click the LP address. If it is held by an EOA wallet (not a lock contract like the MoonSale lock), the team can pull liquidity at any time.
A healthy holder distribution looks like: LP at the top with 80 to 95 percent, dozens of small holders below it, no single non-LP wallet over 5 to 10 percent.
Step 4: check actual sell transactions
Open the Transactions tab on BscScan. Filter for the last 24 hours. Look at the rows.
In a real token, you see a mix of "Transfer to" (buys, where the LP sends tokens to a buyer) and "Transfer from" (sells, where a holder sends tokens back to the LP). In a honeypot, you see only buys. Every "buy" leaves the LP, but no tokens come back. That is the honeypot signature.
If you see zero successful sells in 24 hours but dozens of buys, the contract is almost certainly blocking sells. Walk away.
The exception is the very first hour after launch where bot buys fire before any human has had time to sell. Wait at least one hour before drawing a conclusion from this check alone.
Step 5: try a test buy and sell
If the first four checks pass and you are still unsure, the final test is a $1 simulated trade. Buy $1 worth of the token through PancakeSwap. Wait for the buy confirmation. Immediately try to sell the entire $1 back. If the sell transaction reverts (fails) or executes for an amount close to zero (sell tax of 99 percent), the contract is a honeypot.
This costs you about $1 plus gas to confirm. Cheap insurance against losing a real position.
Red flags that take 10 seconds each
If you have less than 60 seconds, these instant signals are enough:
- Buy tax above 10 percent, sell tax above 25 percent. Suspicious by default.
- Tax functions controlled by the owner with no time-lock. The owner can rug the tax up to 99 percent the moment they choose.
setBlacklistoraddToBlacklistfunction in the contract. Owner can prevent any wallet from selling.pauseorunpausefunctions. Owner can stop all trading on demand.- Unlocked LP. The team holds the liquidity pool LP tokens directly and can withdraw them.
- Upgradeable proxy contract. The logic can be swapped to a malicious version after launch.
- Honeypot.is or TokenSniffer flags the contract red. These third-party scanners are not perfect but they catch the obvious cases.
A contract with any one of these is a possible scam. A contract with two or more is a definite skip.
What MoonSale does to prevent honeypots on its platform
Every project deployed through Create Token uses an audited template that does not contain ANY of the honeypot patterns above. There is no setBlacklist function. The tax cannot be modified after deploy. The contract is not upgradeable. Source code is verified automatically on deploy.
Beyond the contract template, the security score page rates every project on the launchpad against a weighted checklist of 11 categories (KYC, audit, LP lock, vesting, holder distribution, and more) and surfaces the result on the project card. A buyer browsing MoonSale sees the score before they see the buy button. Audit tags are managed through the CA audits page so external audit reports are visible to every potential buyer.
The post Common Mistakes New Token Creators Make covers the founder-side equivalent: how to ship a launch that does not look like a honeypot to buyers, even when it is not.
When the scanner says "clean" but you are still unsure
Some honeypots are sophisticated enough to bypass automated scanners. If the contract scans clean but the project still feels off, sanity-check these soft signals:
- The Telegram is full of bots and the founder does not respond
- The X account was created in the last 30 days and has no followers
- The website is a Notion page or a 404
- The team has no doxx and no LinkedIn presence
- The chart pumped 100x in 4 hours with no organic discovery
A clean contract with a fake community is still a rug waiting to happen. The contract just will not be the part that kills you.
Ready to scan a contract?
Open the token scanner and paste any contract address. The scan returns in 5 seconds and covers every check in this post. For the broader project-trust view, check the security score page, which surfaces the same signals at the project-card level for every launchpad-hosted project.
For the founder-side perspective on what shipping a non-honeypot launch looks like, see What Makes a Successful Token Launch? and Common Mistakes New Token Creators Make.
A honeypot is the cheapest scam to ship and the most expensive scam to fall for. Sixty seconds of due diligence catches almost all of them. Sixty seconds is always cheaper than the loss.