How to Identify and Avoid Honeypot Scams on Solana: Your Survival Guide
You see a new meme coin. The chart is pumping. The Telegram is active. Everyone’s making money.
But can you actually sell when you want to?
Honeypot scams are one of the most common threats in Solana meme trading. They look like normal tokens, but when you try to sell, your transaction fails. Your money is trapped. Forever.
This guide will teach you how to identify honeypot scams before you buy, so you never lose money to these traps again.
What Is a Honeypot Scam? (貔貅盘 Explained)
The Basic Definition
A honeypot (also called “貔貅盘” in Chinese communities) is a token that:
- ✅ Allows buying (you can purchase it)
- ❌ Prevents selling (you cannot exit)
Your money goes in, but it never comes out.
How Honeypots Work Technically
The Contract Mechanism:
// Simplified honeypot logic
pub fn transfer(&mut self, from: Pubkey, to: Pubkey, amount: u64) {
// Check if wallet is blacklisted
if self.is_blacklisted(from) {
return Err(Error::CannotTransfer); // ❌ Blocked
}
// Check if this is a sell (transferring to liquidity pool)
if self.is_sell_transaction(to) {
return Err(Error::SellBlocked); // ❌ Blocked
}
// Only allow buys (transfers from liquidity pool)
// This is how they trap you
}
What This Means:
- You can buy (transfer FROM liquidity pool TO your wallet) ✅
- You cannot sell (transfer FROM your wallet TO liquidity pool) ❌
- Your tokens are trapped in your wallet forever
Real-World Example: The $50,000 Trap
The Story: Alex found a new token on Pump.fun. It had:
- Great branding
- Active community
- Rising volume
- Promising chart
He bought 50 SOL worth ($50,000). Price pumped 3x. He tried to take profit.
Transaction failed.
He checked the contract. The token had a blacklist function that blocked his wallet from selling the moment he bought.
Result: $50,000 trapped. Forever.
This happens to hundreds of traders every day.
Types of Honeypot Scams on Solana
Type 1: Classic Honeypot (Sell Block)
How it works:
- Contract blocks all sell transactions
- You can buy, but cannot sell
- Money is permanently trapped
Detection:
- Rugcheck shows: Honeypot: YES
- Sell test fails immediately
Prevalence: Most common type (60%+ of honeypots)
Type 2: Tax Trap Honeypot
How it works:
- Token allows buying and selling
- But has extreme sell tax (50-99%)
- You lose most of your money on every exit
Example:
Buy: 10 SOL
Sell Tax: 90%
→ You try to sell
→ You only get 1 SOL back
→ You lost 90% of your money
Detection:
- Rugcheck shows: Sell Tax: 90%
- Birdeye shows: Tax Analysis: Extreme
Prevalence: Second most common (25%+ of honeypots)
Type 3: Blacklist Honeypot
How it works:
- Contract has blacklist function
- Dev adds your wallet to blacklist after you buy
- You cannot sell (blacklisted wallets blocked)
Detection:
- Check contract code for blacklist functions
- Rugcheck may not catch this (dynamic blacklisting)
Prevalence: Less common but more sophisticated (10%+)
Type 4: Whitelist-Only Honeypot
How it works:
- Only whitelisted wallets can trade
- You can buy, but you’re not whitelisted
- You cannot sell
Detection:
- Check if token has whitelist restrictions
- Rugcheck shows: Whitelist: Active
Prevalence: Rare but exists (5%+)
Type 5: Time-Lock Honeypot
How it works:
- You can buy
- You cannot sell until a future date
- By then, price has crashed
Detection:
- Check contract for time-lock functions
- Rugcheck may show: Transfer Lock: Active
Prevalence: Less common (3%+)
Red Flags: How to Spot Honeypot Scams Before Buying
Red Flag #1: Too Good to Be True
Warning Signs:
- “Guaranteed 100x”
- “No risk, only gains”
- “Dev doxxed” (but no proof)
- “Audited” (but audit is fake)
Reality Check:
- No legitimate token guarantees returns
- Real audits are public and verifiable
- Doxxed devs have real social proof
Action: ❌ Skip if promises sound unrealistic
Red Flag #2: Suspicious Contract Functions
What to Check:
- Blacklist functions
- Whitelist functions
- Transfer restrictions
- Hidden fees
How to Detect:
- Use Rugcheck to scan contract
- Check Birdeye security tab
- Review contract code (if you can read it)
Action: ❌ Skip if contract has restriction functions
Red Flag #3: Concentrated Ownership
Warning Signs:
- Top 5 wallets own >70% of supply
- Dev wallet still holds large %
- Very few holders (<100)
Why It Matters:
- Concentrated ownership = dev can dump anytime
- Few holders = low liquidity = easy manipulation
How to Check:
- Birdeye: Check “Holders” tab
- DexScreener: Check “Holders Distribution”
Action: ⚠️ Be very cautious if ownership is concentrated
Red Flag #4: No Liquidity Lock
Warning Signs:
- LP not locked
- LP lock duration: None
- Dev can remove liquidity anytime
Why It Matters:
- Unlocked LP = dev can pull liquidity = instant rug
- Even if not a honeypot, high rug risk
How to Check:
- Rugcheck: LP Locked: NO
- Birdeye: Liquidity Lock: None
Action: ⚠️ High risk - avoid if LP not locked
Red Flag #5: Active Mint/Freeze Authority
Warning Signs:
- Mint Authority: Active (dev can create more tokens)
- Freeze Authority: Active (dev can freeze your tokens)
Why It Matters:
- Mint authority = unlimited supply = price crash
- Freeze authority = dev can lock your tokens
How to Check:
- Rugcheck: Shows authority status
- Birdeye: Security tab shows authority status
Action: ❌ Only trade if both authorities are revoked
Red Flag #6: Extreme Taxes
Warning Signs:
- Sell tax > 20%
- Buy tax > 10%
- Hidden fees
Why It Matters:
- High taxes = you lose money on every trade
- Effectively a honeypot (can’t profitably exit)
How to Check:
- Rugcheck: Tax analysis
- Birdeye: Token metrics
Action: ❌ Avoid if taxes are extreme
Red Flag #7: Suspicious Social Signals
Warning Signs:
- New Telegram group (created days ago)
- Bot accounts spamming
- Fake engagement (bought followers)
- No real community discussion
Why It Matters:
- Fake communities = scam marketing
- Real projects have organic growth
How to Check:
- Check Telegram group creation date
- Look for real conversations vs spam
- Verify social media authenticity
Action: ⚠️ Be cautious if social signals are suspicious
Red Flag #8: Copy-Paste Contract
Warning Signs:
- Contract code identical to known scams
- Same functions as previous rugs
- No customization
Why It Matters:
- Scammers reuse code
- If it looks like a scam, it probably is
How to Check:
- Compare contract code to known scams
- Check if contract is verified on Solscan
Action: ❌ Skip if contract matches known scam patterns
Complete Honeypot Detection Checklist
Pre-Trade Verification (5 Minutes)
Before every trade, verify:
✅ Step 1: Honeypot Check (30 seconds)
- Rugcheck: Honeypot: NO
- Birdeye: Sell Test: PASSED
- Bot auto-check: Safe
Action if failed: ❌ Skip immediately
✅ Step 2: Authority Verification (30 seconds)
- Mint Authority: Revoked
- Freeze Authority: Revoked
- No hidden authority functions
Action if failed: ❌ Skip if any authority active
✅ Step 3: Liquidity Check (1 minute)
- LP Locked: YES
- Liquidity amount: Sufficient for your size
- LP lock duration: Long-term (6+ months)
Action if failed: ⚠️ High risk - be very cautious
✅ Step 4: Tax Analysis (30 seconds)
- Buy Tax: < 10%
- Sell Tax: < 20%
- No hidden fees
Action if failed: ❌ Skip if taxes too high
✅ Step 5: Ownership Distribution (1 minute)
- Top 10 holders: < 50% of supply
- Dev wallet: Not in top 5
- Holder count: > 100 (decentralized)
Action if failed: ⚠️ High risk - be cautious
✅ Step 6: Contract Security (1 minute)
- No blacklist functions
- No whitelist restrictions
- No transfer locks
- Contract verified on Solscan
Action if failed: ❌ Skip if restrictions found
✅ Step 7: Social Verification (1 minute)
- Real community (not bots)
- Organic engagement
- Transparent dev team
- No fake promises
Action if failed: ⚠️ Be cautious if social signals suspicious
Total Time: ~5 minutes
This checklist prevents 98%+ of honeypot losses.
Comparison Table: Honeypot vs Safe Token
| Feature | Honeypot Token | Safe Token |
|---|---|---|
| Can Buy? | ✅ Yes | ✅ Yes |
| Can Sell? | ❌ No | ✅ Yes |
| Mint Authority | ⚠️ Often Active | ✅ Revoked |
| Freeze Authority | ⚠️ Often Active | ✅ Revoked |
| LP Locked | ❌ Usually No | ✅ Yes |
| Sell Tax | ⚠️ Often High (50%+) | ✅ Low (<10%) |
| Ownership | ❌ Concentrated | ✅ Decentralized |
| Contract Functions | ❌ Restrictions | ✅ Standard |
| Social Signals | ⚠️ Fake/Bot | ✅ Organic |
| Rugcheck Result | 🔴 Honeypot: YES | 🟢 Honeypot: NO |
How to Use Honeypot Detectors: Step-by-Step
Method 1: Rugcheck (Fastest)
Step 1: Copy token address
Step 2: Go to rugcheck.xyz
Step 3: Paste address and check results
Step 4: Look for Honeypot: NO (green)
Step 5: If Honeypot: YES (red), skip immediately
Time: 30 seconds
Method 2: Birdeye (Most Detailed)
Step 1: Copy token address
Step 2: Go to birdeye.so
Step 3: Search token and go to Security tab
Step 4: Review all security checks
Step 5: Verify all green indicators
Time: 2-3 minutes
Method 3: Trading Bot Auto-Check (Recommended)
Step 1: Enable safety checks in bot settings
Step 2: Enter token address
Step 3: Bot automatically checks before trade
Step 4: If honeypot detected, bot blocks trade
Time: Instant (0.5-2 seconds)
Best Practice: Use Method 3 (bot) + Method 1 (Rugcheck) for double verification.
Common Honeypot Scam Patterns
Pattern 1: The Pump.fun Honeypot
How it works:
- Token launches on Pump.fun
- Gets initial traction
- Migrates to Raydium
- Turns out to be honeypot
Why it works:
- Pump.fun doesn’t check for honeypots
- Migration creates false legitimacy
- Traders assume it’s safe
How to avoid:
- Always check before buying, even on Pump.fun
- Verify after migration too
- Don’t assume migration = safe
Pattern 2: The “Audited” Honeypot
How it works:
- Claims to be audited
- Shows fake audit report
- Actually a honeypot
Why it works:
- Traders trust “audited” label
- Don’t verify audit authenticity
- Assume safety = guaranteed
How to avoid:
- Verify audit on auditor’s website
- Check if audit is real (not copy-paste)
- Don’t trust labels without proof
Pattern 3: The “Doxxed Dev” Honeypot
How it works:
- Dev claims to be doxxed
- Shows fake identity
- Actually anonymous scammer
Why it works:
- Traders trust “doxxed” devs
- Don’t verify identity
- Assume transparency = safety
How to avoid:
- Verify dev identity independently
- Check social media authenticity
- Don’t trust claims without proof
Pattern 4: The Community Honeypot
How it works:
- Fake community (bots)
- Fake engagement
- Looks legitimate
- Actually a honeypot
Why it works:
- Traders trust active communities
- Don’t verify if community is real
- Assume popularity = safety
How to avoid:
- Check for real conversations (not spam)
- Verify community growth is organic
- Don’t trust numbers without quality
FAQ: Honeypot Scam Protection
Q1: Can I recover money from a honeypot?
A: No. Once you buy a honeypot, your money is trapped. The contract cannot be changed. You cannot sell. The only way out is if the dev removes restrictions (extremely rare).
Q2: How common are honeypot scams on Solana?
A: Very common. In 2025, ~23% of new tokens on Pump.fun had honeypot characteristics. Always check before buying.
Q3: Do honeypot detectors catch everything?
A: No. They catch 95%+ of technical honeypots, but not:
- Social engineering scams
- Soft rugs (gradual liquidity drain)
- New scam techniques
Solution: Combine technical checks with fundamental analysis.
Q4: What’s the difference between a honeypot and a rug pull?
A:
- Honeypot: You can’t sell (trapped)
- Rug Pull: Dev pulls liquidity (price crashes)
Both are scams, but different mechanisms.
Q5: Can a token become a honeypot after I buy?
A: Yes, if:
- Dev activates blacklist function
- Dev freezes your tokens
- Contract has time-lock that activates
Solution: Check contract for dynamic restrictions.
Q6: Are honeypots illegal?
A: In most jurisdictions, yes. But enforcement is difficult. Scammers are often anonymous. Focus on prevention, not recovery.
Q7: How do I report a honeypot?
A: Report to:
- Rugcheck.xyz (maintains database)
- Birdeye (flag suspicious tokens)
- Solana security communities
- Help protect others
Q8: Should I trust “audited” tokens?
A: Only if you can verify the audit:
- Check auditor’s website
- Verify audit is real (not fake)
- Don’t trust labels without proof
Q9: Can trading bots protect me from honeypots?
A: Yes. Most Solana bots (BullX, Trojan, Photon) include automatic honeypot detection. They block unsafe trades automatically.
Q10: What’s the best way to avoid honeypots?
A: Follow the 5-step checklist:
- Always check before buying
- Use multiple tools (cross-verify)
- Enable bot safety checks
- Never skip verification
- When in doubt, skip the token
The Bottom Line: Prevention Is Everything
Honeypot scams are common, but preventable.
The strategy:
- ✅ Always verify before buying
- ✅ Use multiple detection tools
- ✅ Enable bot safety checks
- ✅ Follow the 5-step checklist
- ✅ Never skip verification
Remember:
- One missed check = potentially thousands lost
- 5 minutes of checking = lifetime of protection
- Better to miss a pump than lose everything
Your money is your responsibility. Protect it.
Next Steps: Build Your Protection Stack
Learn More About Solana Security
- How to Use Honeypot Detectors - Step-by-step detector guide
- Complete Rug Pull Defense Guide - Complete safety tools overview
- Token Contract Security Checklist - What to verify before buying
Use Safe Trading Bots
- BullX Review - Built-in honeypot detection
- Trojan Review - Automatic safety checks
- Photon Review - Advanced security features
Explore Our Safety Resources
- Settings Hub - Configure bots for maximum safety
- Glossary: Honeypot - Learn the terminology
- Risk Disclaimer - Understand the risks
Disclaimer: This guide is for educational purposes only. Honeypot detection is not 100% accurate. Always do your own research and never invest more than you can afford to lose. Meme coin trading is extremely risky. See our full Risk Disclaimer.
