Smart contracts Programs over a decentralized network of nodes could easily be left out on recent blockchains like Ethereum. The popularity Smart contracts are gaining by the day, coupled with their potential, make them a likely target for cyber attackers. Hackers in recent times have been targeting several smart contracts.
However, there’s been a new trend of cyber-attacks where attackers no longer search for vulnerable contracts, but in the stead are using a more proactive approach. They seek to trick their victims into traps by forwarding them contracts that seem vulnerable but contain hidden traps. These special types of contracts are best described by the term ” Honeypots”
Honeypots refer to smart contracts appearing to have design issues that allow arbitrary users to drain ETH from the contract should the user send a certain quantity of ETH to the contract earlier. However, the moment their user attempts exploiting this “issue”, a trap door opens and hinders the success of the operation.
What does a honeypot do?
The major thing is that the user is engrossed totally in the apparent weakness and ignores any hint that the contract’s got another vulnerability. Honeypot attacks thrive primarily on the continual ease of deceiving people, just as it is in other frauds. Therefore, people are hardly able to quantify risk in the face of their avarice and assumptions.
How to spot a crypto honeypot
One of the easiest techniques to spot a crypto honeypot is by examining the trade history. Generally, a crypto asset should allow you to buy or sell as you wish. A typical honeypot scam wk has lots of buy options for the coin, but selling will be a major issue. This is an indicator that the coin is not legitimate, and as such, should be avoided.
Another method would be the use of a data science approach. This is based on the contract transaction trend and can be used to classify contracts either into honeypots or non-honeypots.
How to protect against honeypot contract scamsAs honeypot scams increase by the day, so are the techniques available to spot them and ultimately protect you from falling prey. Some tools can assist you in sighting red flags and staying away from these currencies with suggestions for Bitcoin and personal finanace. Some of such tools are the Etherscan and BScScan. Make use of Etherscan if the coin you intend to buy is on the Ethereum network, and use BscScan if the said coin is on the Binance Smart Chain.
Get your coin’s Token ID, and enter it on Etherscan or BscScan, as the case may be. Next, go to the “Token Tracker” menu, a tab labeled “Holders” will surface. There you’ll see a list of all wallets holding tokens and liquidity pools. There are quite some combination of items to be aware of, being red flags to avoid and stay safe from honeypot crypto scams, viz;
Zero dead coins: In a case where over 50% of coins are in a dead wallet, a project is somewhat protected from rug pulls (commonly identified as 0x000000000000000000000000000000000000dead). You should be cautious if less than half or none of the coins are dead.
No audit: The possibilities of crypto honeypots are almost eliminated if a trustworthy company audits them.
Few wallet holders: Stay away from cryptocurrencies that have just one or a few wallets.
Scrutinize their website: This involves a careful look at the general outlook of the website. You want to avoid websites whose development appears rushed and poor. One good hack for this is to visit “who is.domaintools.com” and input the domain name to know when the website was registered. Most honeypot scam domain sites are registered within 24 hours or less of the project’s start. Avoid them!
Go through their social media: Honeypot scam projects hardly use good quality photos. Apart from their photos being low quality (or sometimes stolen), their posts are often filled with grammatical problems and annoying spam (majorly “drop your ETH address below”). They hardly give out links to any concrete information on the project. Check if they have genuine engagement on their posts or it’s some automated bot engagement. You should be cautious of projects with a weird social media presence.