1. Definition and origin of the term
Honeypot (English 'honey pot') in the crypto environment is a type of fraudulent smart contract or token where users can pay ('the trap is sweet like honey'), but cannot withdraw their funds back.
The term comes from traditional cybersecurity: a honeypot is a trap for attackers that mimics a vulnerable resource to attract hackers and study their methods. In crypto, however, the 'honey pot' attracts greedy traders, but instead of profits, it locks their funds inside the contract.
2. How it works: basic mechanisms
1. Irreversible withdrawal restrictions
The smart contract is set up so that the transfer function only activates on deposit, while the balance remains the same when attempting to withdraw.
2. Registered liquidity, but with a surprise
At first, it may seem that there is liquidity in the pool (for example, on PancakeSwap), but it is 'locked' under special conditions.
3. False promises
The project promises huge referral rates, high APY, or free airdrops — all to lure more incoming transactions.
3. The most notorious cases of honeypot scams
SQUID (Squid Game Token), November 2021
After a sharp rise, the price fell to zero — investors could not sell their tokens due to the blocked withdrawal. The damage was estimated at tens of millions of dollars.
PAWS Token, August 2021
A project that promised a 'meme token with a charitable mission' blocked withdrawal functions. Losses reached hundreds of thousands of dollars.
ANIMUS (unofficial example)
The trick with a 'temporarily unavailable withdrawal contract' — investors were waiting for the unlock, but the administrators disappeared.
4. Why is it called 'honeypot'?
Bait: a yellow, 'sweet' meme token promising a quick price response.
Trap: just as honey attracts bees, this token lures greedy investors.
Invisible trap: at first glance, the contract seems legitimate, but 'sticky' restrictions prevent fund withdrawals.
5. How not to fall for it: security checklist
1. Code analysis of the contract
Open the source code on Etherscan/PancakeScan.
Ensure that the approve/transfer and transferFrom functions do not contain conditional locks.
2. Owner and role verification
Check if the owner has the ability to change parameters or block withdrawals.
If admin roles are not reassignable by participants, the risks are higher.
3. Audit and reputation
Look for links to independent audits (CertiK, Hacken, etc.).
Do not trust audits if their report is 'closed' or paid; it is better to choose projects with public, verified audits.
4. Transaction limits
Try to withdraw the minimum amount: if it works — the risks are lower.
Check for restrictions on minimum/maximum withdrawals.
5. Community and roadmap
Chat and forum activity is an indicator of the team's seriousness.
A clear roadmap, Github with regular commits, and a transparent team — all of this reduces the risk of honeypot schemes.
6. What to do if you've already fallen for it
1. Keep evidence
Screenshots of transactions, links to the contract and exchange.
2. Report to the community
Write to the official Telegram/Discord of the project and exchange.
Post information in thematic chats and forums.
3. Contact exchange support
Some centralized platforms may freeze contracts or facilitate investigations.
4. Legal assistance
In particularly large cases, it is wise to contact cybersecurity specialists.
5. Lesson for the future
Analyze errors and draw conclusions; share experiences in the community to warn others.
7. Conclusion
Honeypot scams are one of the most sophisticated ways to deceive in DeFi. They exploit the greed and haste of investors to 'lock' funds inside the contract.
The main security rule is to always check the code, do not trust loud promises, and act gradually: small bets and test withdrawals will help preserve your assets.
DYOR: there is no price for self-verifying the code and project reputation. Stay vigilant, and honey won't turn into a trap!
