Crypto Newbie

Crypto Newbie / Blog

Honeypot.is โ€” How To Detect Crypto Tokens You Can't Sell (2026 Guide)

๐Ÿ“… May 12, 2026ยท๐Ÿ“– 5 min readยทdex

Honeypot.is is a free tool that detects 'honeypot' crypto tokens โ€” contracts engineered so you can buy but never sell. It works by simulating a buy + sell transaction against a forked blockchain โ€” if the simulated sell fails (or executes with 95%+ tax), the tool flags the token. Honeypots are one of the deadliest scam patterns: the chart looks healthy, trades appear to happen, but every retail buyer is permanently trapped. According to Chainalysis, honeypot scams stole $200M+ in 2024 alone, with most victims unable to recover anything.

This guide explains how Honeypot.is works under the hood, walks through a real check, covers the four main contract patterns it detects, when to combine it with GoPlus for thorough vetting, and the dangerous false-negative cases where a token passes Honeypot.is but is still a scam.

Updated May 2026. Includes coverage of Solana memecoin honeypots, which use different mechanisms than EVM contracts.

What is a honeypot token?

A honeypot token's contract has logic that prevents selling for most users โ€” or charges a 95-99% sell tax that makes selling unprofitable. The contract looks normal: buys execute, chart shows volume, price 'grows'. Then when you try to sell, the transaction either reverts or returns near-zero proceeds. You're permanently trapped.

The most common pattern: a whitelist function that allows only specific addresses (the developer's) to sell. Everyone else's sell transactions revert. Variants include time-locks ('you can sell after 30 days' that never come), tax-based traps (95% sell tax), and access-controlled functions disguised as standard ERC-20 methods.

How Honeypot.is works

Honeypot.is operates a forked Ethereum/BSC/Polygon node. When you submit a token contract, it:

  1. Simulates a buy transaction from a random address using a small amount of WETH/WBNB.
  2. Records: did the buy succeed? What was the actual buy tax?
  3. Simulates a sell of the just-bought tokens from the same address.
  4. Records: did the sell succeed? What was the actual sell tax?
  5. Reports the result: 'Honeypot' if sell fails or sell tax > 49%, 'Probably safe' if both succeed cleanly with low tax.

This 'simulate then test' approach catches dynamic honeypots that change behavior based on conditions โ€” something static contract analysis (which GoPlus uses) sometimes misses.

How to use Honeypot.is in 30 seconds

  1. Copy the token contract address from DexScreener or wherever you found it.
  2. Go to honeypot.is (yes, the .is TLD is correct).
  3. Select the chain (Ethereum, BNB Chain, Base, Polygon, Arbitrum โ€” Solana support via Solsniffer/RugCheck instead).
  4. Paste the contract address. Click Check.
  5. Results in 5-10 seconds. Look for: Is Honeypot (Yes/No), Buy Tax %, Sell Tax %, Transfer Tax %.

Reading the Honeypot.is report

Three outcomes:

  • Green 'Not a honeypot, looks safe': both buy and sell simulations succeeded with reasonable taxes (under 5%). Token is mechanically tradeable. Doesn't mean it's NOT a rug โ€” team can still drain liquidity โ€” but at least you can sell.
  • Yellow 'Suspicious': sell tax 5-49%, or some non-blocking abnormality. Walk away unless you have specific reason to accept the high tax.
  • Red 'Honeypot detected' or 'Could not sell': sell simulation failed or sell tax > 49%. Do not buy. Honeypot.is is rarely wrong on this โ€” false positives are < 1%.

Common honeypot patterns Honeypot.is catches

  • Hardcoded whitelist โ€” only specific addresses can sell. Most basic pattern.
  • Dynamic ownership transfer โ€” contract appears to renounce ownership, but a 'hidden owner' retains transfer-blocking power.
  • Reentrancy block on transfer โ€” sells revert for any address that has previously bought.
  • Cooldown trap โ€” '1 transaction per 24 hours' that's actually 'never'.
  • Tax escalation โ€” sell tax starts at 5%, jumps to 99% after price hits a threshold.
  • Liquidity-locked-but-modifiable โ€” LP appears locked but contract has owner-controlled override.

When Honeypot.is gives false negatives

Honeypot.is checks if you CAN sell. It does NOT check:

  • Team rug-pull intent โ€” the team can drain liquidity even if the contract is mechanically clean.
  • Mint authority โ€” owner might be able to mint unlimited tokens, diluting holders to zero.
  • Future contract updates โ€” proxy contracts can change behavior post-launch.
  • Time-bombed honeypots โ€” contract behaves normally for 30 days then flips. Hard to detect via simulation.
  • Off-chain social engineering โ€” fake team, paid wash trading, hyped social media presence.

Always combine Honeypot.is with GoPlus (broader contract scan) and manual checks: team identity, LP lock proof, holder distribution. Honeypot.is is necessary but not sufficient.

Solana honeypots โ€” different tools needed

Solana tokens use SPL standard, not ERC-20. Honeypot.is doesn't support Solana. For Solana memecoin checks use RugCheck.xyz or SolSniffer.io. These tools check for: mintable supply (owner can dilute), freezable accounts (owner can freeze your tokens), and lp-lock status (analogous concept).

Solana memecoins via Pump.fun have a different structural risk: bonding curves that 'graduate' to Raydium liquidity pools. Pre-graduation tokens are pump.fun-specific risk; post-graduation tokens behave like standard SPL tokens.

If you're already trapped in a honeypot

Accept the loss. The technical reality: you cannot sell. No workaround exists. Trying to 'wait it out' doesn't help โ€” honeypots don't recover.

Tax-wise: in the US, you can claim the loss as a capital loss when the token is determined worthless. Document the buy transaction and the failed sell attempt as evidence. Tax software like Koinly handles this. Don't pay 'recovery services' that promise to retrieve your funds โ€” they are second-stage scams.

Frequently asked questions

+Is Honeypot.is free?

Yes, the web interface is free. They also offer a paid API for high-volume integrations (DEX backends, bot operators). For retail use, free is sufficient.

+Does Honeypot.is support BNB Chain?

Yes โ€” BNB Smart Chain is fully supported alongside Ethereum, Polygon, Arbitrum, Base, and Optimism. BNB Chain has the highest concentration of honeypots due to low launch costs.

+Why don't all token scanners catch honeypots?

Some scanners do static analysis only (read the contract code). Dynamic honeypots that change behavior based on conditions (caller, time, state) can pass static checks. Honeypot.is's simulated transaction approach catches dynamic patterns better.

+Can Honeypot.is be tricked by tokens?

Rarely. Some sophisticated honeypots use the caller's address to decide whether to allow selling โ€” they could whitelist Honeypot.is's known test addresses. Real-world false negatives exist but are uncommon.

+Should I run Honeypot.is on Coinbase-listed tokens?

Probably overkill โ€” major CEX listings have undergone extensive vetting. Honeypot.is is most valuable for tokens you discover on DexScreener, Twitter, or Telegram where no vetting has occurred.

+What's the difference between GoPlus and Honeypot.is?

GoPlus does broad contract scans (30+ checks including mint authority, owner privileges, LP lock). Honeypot.is specifically simulates buy/sell to confirm tradability. Use both for new tokens.

+Are all high-sell-tax tokens scams?

Not always. Some legitimate memecoins use 4-5% sell tax for marketing / liquidity. Above 10% is concerning. Above 49% is functionally a honeypot regardless of stated reason.

+Can a 'safe' Honeypot.is token still rug pull?

Yes. Honeypot.is verifies mechanical tradability. Team can still drain liquidity (rug pull). Always check LP lock and holder distribution in addition.

Related tools

Related articles