Honeypots in crypto and how to avoid them
Smart contracts have grown in value and popularity, making them an attractive target for attackers. Hackers have exploited these smart contracts in a variety of ways, including direct attacks on the code that runs them. However, recent events have seen these attacks adopt a more proactive strategy. By sending out contracts that appear vulnerable but contain hidden traps, the attackers hope to trick their victims into falling into these traps. Contracts deployed for this purpose are known as HONEYPOTS.
WHAT ARE HONEYPOTS?
A honeypot is a smart contract that pretends to have an obvious flaw that would lure a user into providing some funds in order to take advantage of the flaw. By doing so, the user’s funds gets trapped with no viable method of retrieving the funds while the attacker who still has access to the contract will be able to withdraw all the funds in it. It bears certain similarities to a rugpull but honeypots are way worse.
HOW DOES A HONEYPOT WORK?
To a casual joe, honeypot scams can look quite complex to create and would require specific technical skills to pull off but in reality, the attacker has the same skills as a regular user. The most important thing the attacker needs are the funds to set-up and bait the contract. A honeypot usually works in three stages:
1. The attacker uses a smart contract that appears to be compromised and bait it with money.
2. The victim tries and fails to take advantage of the contract by depositing the required amount of funds requested by the contract.
3. The attacker takes both the bait and the funds the victim deposited during the exploitation attempt.
HOW TO SPOT HONEYPOTS?
A honeypot is a one way set-up that only allows the victim to deposit funds but won’t be able to withdraw them. Therefore, a good way to spot a honeypot scam project is by looking at the trading history of the token on its token tracker. If you spot a lot of buys but can’t see any sales, then that token is most likely a honeypot and any interaction with it will mean kissing your funds goodbye.
HOW TO AVOID HONEYPOTS?
In addition to monitoring the buys and sells of the token used in the honeypot scam, you should also keep an eye out for:
- No audits: An audit from a reputable audit firm will almost certainly eliminate the possibility of a honeypot scam. So keep an eye out for audits from these firms.
- Examine large wallet holders: If a large portion of the token’s supply is distributed among a few wallets, it is best to avoid interacting with such a token.
- Examine their social media accounts: The presence of stolen and low-quality photos, posts riddled with grammatical errors, and non-existent links to relevant project information is a trademark of honeypot scam projects.
- Examine the website: If the user interface appears rushed, clunky, or the level of web development is poor, this is a red flag. To find out when a website was registered, go to whois.domaintools.com and enter the domain name. If the domain name was registered within 24 hours or less of the project’s start, you can be certain that the website is a forgery.
The crypto space is becoming more difficult to navigate because bad actors are constantly devising new and innovative ways to defraud unsuspecting investors and users of their funds. Honeypot scams are just one of the many scams currently plaguing the cryptocurrency space, and hopefully this post has provided you with enough information to predict and protect yourself from them.
