New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Honeypot Crypto Scam Meaning

Mar 16, 2024 | Updated Mar 16, 2024
A honeypot crypto scam employs a malicious smart contract to entice unsuspecting victims with the prospect of substantial returns or rewards. The scheme’s ultimate intent is to swindle the victim’s funds.

What Is a Honeypot Crypto Scam?

In a honeypot crypto scam, an attacker uses a cryptocurrency wallet, token, or smart contract to bait unsuspecting users into investing, transferring, or trading crypto tokens. 

Honeypot scams often bait investors with a sumptuous “pot of cryptocurrency” or the promise of substantial returns. The scammers may pose as novice users seeking help or as honest businesses rewarding users. Individuals falling for such gimmicks make investments or transfer cryptocurrency to the scammer’s wallet. Only later do they realize that it was all a ruse and they’ve been defrauded.

 How Does It Work?

A honeypot scam happens in three steps. First, the bad actor deploys a smart contract that seems to have a design flaw that allows any user to extract the contract’s tokens. This is the “honeypot,” preying on users’ instinctual greed. What’s the catch? The user must first send a certain amount of cryptocurrency to the contract. 

Secondly, the unwitting users transfer the required cryptocurrency deposit and attempt to exploit the vulnerability to cash out. However, a second vulnerability prevents the victims from withdrawing their initial deposit and the contract’s stash. And finally, the attacker cashes out all the funds from the contract, including the victims’ deposit.

For example, Dechat mistakenly posted a honeypot smart contract link on Feb 26, 2024, on their social media platforms, which exposed users to financial loss. The protocol, however, immediately rectified the error.

Alternatively, the attacker first contacts other crypto users via social media platforms. They pose as novice users with substantial crypto funds requiring help cashing out or transferring. The bad actor promises the victim a portion of the said tokens and even provides their private keys to earn the victim’s trust and appear naive. 

While the victim finds a substantial amount of tokens that have significant value, they cannot be utilized to cover transaction costs. Hence, the victim is compelled to deposit the native token of the blockchain the wallet operates on to withdraw the tokens. Unfortunately, the funds are instantly redirected to another wallet using automated scripts once they reach the wallet.

Token

Tokens are a type of digital asset that refers to a programmable unit of value or utility and can be used to represent ownership, access rights, or participate in decentralized applications.

Full definition

Layer 1 Blockchain

Layer 1 is the foundational layer of a blockchain network that provides the underlying infrastructure to securely process and validate transactions.

Full definition

Vesting

Vesting is a process where a certain amount of a project’s overall token supply is set aside for a period of time and released after certain conditions are met.

Full definition