New: Introducing the world's first secure touchscreen hardware wallets

Shop Now

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Honeypot Crypto Scam Meaning

Mar 16, 2024 | Updated Mar 16, 2024
A honeypot crypto scam employs a malicious smart contract to entice unsuspecting victims with the prospect of substantial returns or rewards. The scheme’s ultimate intent is to swindle the victim’s funds.

What Is a Honeypot Crypto Scam?

In a honeypot crypto scam, an attacker uses a cryptocurrency wallet, token, or smart contract to bait unsuspecting users into investing, transferring, or trading crypto tokens. 

Honeypot scams often bait investors with a sumptuous “pot of cryptocurrency” or the promise of substantial returns. The scammers may pose as novice users seeking help or as honest businesses rewarding users. Individuals falling for such gimmicks make investments or transfer cryptocurrency to the scammer’s wallet. Only later do they realize that it was all a ruse and they’ve been defrauded.

 How Does It Work?

A honeypot scam happens in three steps. First, the bad actor deploys a smart contract that seems to have a design flaw that allows any user to extract the contract’s tokens. This is the “honeypot,” preying on users’ instinctual greed. What’s the catch? The user must first send a certain amount of cryptocurrency to the contract. 

Secondly, the unwitting users transfer the required cryptocurrency deposit and attempt to exploit the vulnerability to cash out. However, a second vulnerability prevents the victims from withdrawing their initial deposit and the contract’s stash. And finally, the attacker cashes out all the funds from the contract, including the victims’ deposit.

For example, Dechat mistakenly posted a honeypot smart contract link on Feb 26, 2024, on their social media platforms, which exposed users to financial loss. The protocol, however, immediately rectified the error.

Alternatively, the attacker first contacts other crypto users via social media platforms. They pose as novice users with substantial crypto funds requiring help cashing out or transferring. The bad actor promises the victim a portion of the said tokens and even provides their private keys to earn the victim’s trust and appear naive. 

While the victim finds a substantial amount of tokens that have significant value, they cannot be utilized to cover transaction costs. Hence, the victim is compelled to deposit the native token of the blockchain the wallet operates on to withdraw the tokens. Unfortunately, the funds are instantly redirected to another wallet using automated scripts once they reach the wallet.

Sidechain

A sidechain is a discrete blockchain that is connected to the main blockchain or mainnet through a 2-way bridge. Sidechains were created to solve transaction speed issues in blockchains by decongesting the mainnet.

Full definition

Public Blockchain

A public blockchain is a decentralized network that is not controlled by a single entity. It is accessible to anyone, anywhere in the world.

Full definition

Know Your Customer (KYC)

KYC or “Know Your Customer” is a procedure used within financial institutions to confirm their customers’ identities and prevent fraudulent activity.

Full definition