Honeypot Contract
Published Last updated
Key Takeaway
A honeypot contract is a malicious smart contract coded to allow token purchases but block all sell transactions, trapping investor funds permanently while only the deployer can withdraw.
Learn These First
What Is Honeypot Contract?
A honeypot contract is a malicious smart contract coded to allow token purchases but block all sell transactions, trapping investor funds permanently while only the deployer can withdraw.
How Honeypot Contract Works
Frequently Asked Questions
What is a honeypot contract in crypto and how does it trap investors?
A honeypot contract is a token smart contract coded to accept buy transactions from any wallet but block all sell transactions for everyone except the deployer. Investors purchase the token and watch its price rise, believing they can sell at any time. When they attempt to sell, the transaction either reverts with an error or is taxed at 100%, making exit economically impossible. The deployer captures all the liquidity investors added by buying in. The trap is invisible during the buying phase — contracts process purchases normally to build false confidence before investors discover they cannot exit their position.
How can I check if a token is a honeypot before buying?
The fastest method is to run the token's contract address through a dedicated honeypot detection tool. Honeypot.is simulates buy and sell transactions against the contract and reports whether selling is possible. Token Sniffer analyzes the contract for known malicious code patterns and flags risks within seconds. DEXTools provides a token audit tab showing sell tax rates, transfer restrictions, and ownership concentration. For additional verification, check whether the token's source code is verified on Etherscan or BscScan — unverified contracts cannot be inspected, which is itself a warning sign. Always run at least one automated check before purchasing any unfamiliar token launched by an unknown team.
Can a honeypot be activated after a token launches normally?
Yes — some honeypot contracts are designed to operate normally during an initial trust-building phase before being switched to sell-restriction mode by the deployer. This is achieved through upgradeable contract logic or admin functions that allow the deployer to modify transfer rules after deployment. The token may process buys and sells normally for days or weeks, building genuine holder confidence and trading history, before the restriction is activated and exits blocked. This delayed honeypot design is harder to detect with static analysis tools because the malicious restriction does not appear active during initial checks. Monitoring for contract upgrades and admin function calls after purchase adds a layer of ongoing protection for upgraded contract designs.
Common Misconceptions About Honeypot Contract
If other people are successfully buying a token, it cannot be a honeypot.
Honeypot contracts are specifically designed to allow buying while blocking selling — so active visible buying is entirely consistent with the contract being a trap. The fact that purchases are processing normally is not evidence of legitimate sell capability. Other buyers may be unaware of the restriction, or they may themselves be sock-puppet wallets controlled by the deployer creating artificial transaction activity to attract genuine investors. The only reliable confirmation of sell capability is running the contract through a honeypot detection tool that explicitly simulates a sell transaction, not observing that buy transactions are succeeding.
Honeypot contracts are always immediately detectable with automated tools.
Automated honeypot detectors catch the most common and well-documented patterns, but sophisticated implementations can evade them. Delayed activation honeypots operate normally at launch, defeating static analysis. Some contracts use proxy patterns where malicious logic is held in an implementation contract pointed to by an upgradeable proxy, making initial analysis appear clean. Novel restriction mechanisms not yet included in detector databases will pass automated checks. Automated tools are a necessary first step but not a complete guarantee — combining detector results with manual source code review and checking for admin key control provides meaningfully stronger assurance than relying on automated scans alone.
Honeypot contracts only target DeFi tokens and do not affect NFTs or other crypto assets.
Honeypot mechanics extend beyond fungible DeFi tokens to NFT contracts and other smart contract applications. NFT honeypot contracts may allow minting but block transfers or marketplace listings through hidden approval restrictions, trapping NFTs in buyer wallets permanently. Staking contract honeypots accept deposits but implement withdrawal restrictions that make fund recovery impossible. The underlying mechanism — coding one-directional capital flow through smart contract logic — can be applied to any asset type or financial operation implemented in smart contract code. The same pre-purchase verification habit of checking contract logic applies across all smart contract interactions, not only token swaps.