New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Honeypot Crypto Scam Meaning

Mar 16, 2024 | Updated Mar 16, 2024
A honeypot crypto scam employs a malicious smart contract to entice unsuspecting victims with the prospect of substantial returns or rewards. The scheme’s ultimate intent is to swindle the victim’s funds.

What Is a Honeypot Crypto Scam?

In a honeypot crypto scam, an attacker uses a cryptocurrency wallet, token, or smart contract to bait unsuspecting users into investing, transferring, or trading crypto tokens. 

Honeypot scams often bait investors with a sumptuous “pot of cryptocurrency” or the promise of substantial returns. The scammers may pose as novice users seeking help or as honest businesses rewarding users. Individuals falling for such gimmicks make investments or transfer cryptocurrency to the scammer’s wallet. Only later do they realize that it was all a ruse and they’ve been defrauded.

 How Does It Work?

A honeypot scam happens in three steps. First, the bad actor deploys a smart contract that seems to have a design flaw that allows any user to extract the contract’s tokens. This is the “honeypot,” preying on users’ instinctual greed. What’s the catch? The user must first send a certain amount of cryptocurrency to the contract. 

Secondly, the unwitting users transfer the required cryptocurrency deposit and attempt to exploit the vulnerability to cash out. However, a second vulnerability prevents the victims from withdrawing their initial deposit and the contract’s stash. And finally, the attacker cashes out all the funds from the contract, including the victims’ deposit.

For example, Dechat mistakenly posted a honeypot smart contract link on Feb 26, 2024, on their social media platforms, which exposed users to financial loss. The protocol, however, immediately rectified the error.

Alternatively, the attacker first contacts other crypto users via social media platforms. They pose as novice users with substantial crypto funds requiring help cashing out or transferring. The bad actor promises the victim a portion of the said tokens and even provides their private keys to earn the victim’s trust and appear naive. 

While the victim finds a substantial amount of tokens that have significant value, they cannot be utilized to cover transaction costs. Hence, the victim is compelled to deposit the native token of the blockchain the wallet operates on to withdraw the tokens. Unfortunately, the funds are instantly redirected to another wallet using automated scripts once they reach the wallet.

Decentralized Application

A decentralized application is a software program operating on a peer-to-peer network. It runs independently on the internet using smart contracts, outside the control of a single entity or authority.

Full definition

Return On Investment (ROI)

ROI, or Return on Investment, is a financial metric used by investors to assess the profitability and performance of an investment by measuring the profit relative to its initial cost,

Full definition

Sim Swap

A SIM swap is a type of scam where a hacker takes control of your phone number by tricking your mobile carrier into transferring it to their SIM card.

Full definition