A Guide to Identifying Scam Tokens
Written by Crypto Rachel
Please take time to read this as it may just save you money.
Your Crypto Is At RISK::::
Pay close attention as behind the scenes lie lurkers who prey on your Crypto.
With the Rise of DEX (Decentralized Exchanges) also came a rise in scams. In So many situations anyone can make a token and list it on these dexs, making it look real and making it available to be purchase by anyone not willing to look deeper and DYR ( Do Your Research ).
For instance did you know a token can be made so that it is only sellable by those on a list or only owner.
These scammers approve only addresses they control and buy and sell all day, giving the token buys and sells and volatility. This makes it look like a real token if you don’t look deeper…
This happens daily in larger numbers than you might think…
They make these tokens look really enticing with a lot of Liquidity and a great starting prices…
REMEMBER:
If it’s too good to be True, it probably isn’t good…
Firstly when trying to decide on a Tokens merit
Find what Token Lists they are on, scammers rarely make it on a token list (hence why Uniswap has the Token lists, the more reputable the list the safer you are)
You are Pretty safe if you stick to the main lists
If not on a list you will want to do More research..
Google it, find a website. (any real token project will have a site)
Make sure that it isn’t a cookie cutter website,
(ie. They haven’t used a standard template and filled with junk)
Check that they have a plan or purpose for the token
See if there Developer team (creators) are Public or hiding in Anonymity.
Find the official Token Address (Token Names are copied all the time, scammers will take advantage of a known Name)…
Get as much info on the coin and compare to the contract. (As much as possible even if you don’t know solidity you can read)
Go To Etherscan.io and in the search box enter the contract address.
You will see this
From here you have access to all the Tokens readable info..
If the token listed a site it will be here above the balance, you have the Token name, creators address, and most importantly access to the contract.
First
If you don’t see a check mark next to the contract tab that’s a bad sign… (Most Legitimate tokens publish their contracts source code so that it is readable, if it’s not published you have to wonder what they are hiding right :) )
Second
If there is a checkmark on the comments tag, Read them, someone may already be warning you
Third
Click on the Tokens name, this will take you to the token info page.. Here you can see the Total supply, decimals, amount of holders, a link to website (if given by creator), You will also have access to some more tabs.. just down a bit (where you saw the contracts tab in last screen) You will See Hodlers tab, here you can see who holds how much of the token, use high caution with tokens that Have large holders unless they are contracts designed for the token. Rug Pullers will commonly have few holders and then 1 address with like 100’s of times the pools quantity so that they can just sell it all.
Now click the contract address (top right area to take you back to previous pg)
Then click into the contract tab you will see this
If you are going to invest into Tokens That are High risk due to lack of the above you will want to be able to at least glance through the code on this page…
there are a couple things even a novice user could find…
This is a Standard ERC20 contract
https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol
Notice how the Transfer function only subtracts from you and adds to the receiver (also some basic check to verify balance )…. Anything beyond that is non standard
function _transfer(address sender, address recipient, uint256 amount) internal virtual {
require(sender != address(0), “ERC20: transfer from the zero address”);
require(recipient != address(0), “ERC20: transfer to the zero address”);
_beforeTokenTransfer(sender, recipient, amount);
uint256 senderBalance = _balances[sender];
require(senderBalance >= amount, “ERC20: transfer amount exceeds balance”);
_balances[sender] = senderBalance — amount;
_balances[recipient] += amount;
emit Transfer(sender, recipient, amount);
}
There can be many things done to this.
That doesn’t absolutely say it’s a scam, just points out it’s not standard. (fee on transfer, rebase tokens, reflection tokens, and others change this function or add other functions)
There are usually more than one transfer and transferFrom, the public one which is called, and leads to the internal one… Any of these can be changes so looking through these functions is very helpful. Look for lines that block the uniswap router or the tokens pair pool.
However if you learn to at least glance through a contract you will be safer than not even looking…
Like this is a common modifier right now…
Easy to spot and will block all sales
It’s a nasty little modifier that goes through were the token is going to and coming from, this way it can allow purchases from anyone but block sales from those who aren’t on a list.
Another way, that can be harder to notice is the fee to death token, which will hide the Fee behind another contract that isn’t verified. You can look for interfaces that lead to an outside contract. Most times the scammer will even use something with fee in the variable name. There are many legitimate tokens that have small fees, they usually go to some use, real tokens you can usually easily find out the fee by clicking on the “read” Button in the contract and looking for a fee of sort.. Scam tokens will make it as difficult as possible to see. Be very wary if you can not find a fee in the contract or in the read section of the contract…
An older way that still exists although it’s rare are Approval Blocks. This allows the token to work like normal, but when trying to approve for a contract to Swap the tokens it wont let you.
This is a basic standard approval.
function approve(address spender, uint256 value) external override returns (bool)
{
_approve(msg.sender, spender, value);
return true;
}
This approval can have things done to it that don’t break it, but the scammers will include a line or more that blocks the approval function, which is needed for a contract like uniswaps to transferFrom (the function allowing uniswap to spend your tokens)..
the line could look something like this
if(spender == “0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D”);
revert
or
require(spender != “0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D”, “message”);they will usually have a name there like uniswap but could be any thing.
A Quick Side Note On Approvals
When you give another contract or address an approval, you are giving that address the ability to transfer your tokens.
It is Very important that you know who or what you give this approval to.
Know who you stake your LP, Tokens with. When you stake with a contract, you usually give allowances for that contract to spend unlimited or a specific amount of that token. If this isn’t revoked, it’s possible for that address to take your tokens at any time. Outside of the fact that while staking the contract controls your tokens, if there were a bad function in that contract, the owner of that contract could take your tokens, even when they are back in your wallet.
It is a good habit to Remove token allowances after you are done staking.
https://revoke.cash/
https://tac.dappstar.io/#/
Just like checking tokens to make sure your not buying spam. Checking your staking contracts and the company hosting or running it, Is Very important. Remember that when tokens leave your wallet they are no longer in your control and you are trusting the other end to hold up their end of the bargain.
I’ve seen many of lost funds due to improper allowances.
Keep in mind The Scammers are Always changing and always growing,,, This is just a small guide to help you not get scammed, no one is impervious to this, even with good research it’s still possible to get burned.
However it is still best to do what research you can. (that is if you like your Crypto : ). ).
A couple other quick reads with more and different info
https://coinmarketcap.com/alexandria/article/how-to-identify-and-avoid-uniswap-scams
If this has helped and you would like to donate
‘’’
Written by Crypto_Rachel
Ether: 0xecf3abd1a9bd55d06768dde7deef3fd2a48c8e13
BTC: 3CDt2WWoTFryFTa9J65XFVJGmzhVmNr328
Segwit: bc1qklwklunsefl2wxfk8npvfc585uhw2m2wf6nffu
BTC: 1QBdacdaVVpHkuinaAn8LyRZvkzALQLugt
LTC: LUMNv5hc2yN5wXtGCzHAQxuhronMZMrjbT
XMR: 4AXMBRt5oNxKasWcUeGmp2Qzuhh8rb2cgVY3YaVMmTf5Q5TeprXXfaZTt21vsJZyshYacaYm8x86YHBBJaJuHBrDHzL8rmW
‘’’
Blessed Be