Following helpbook contains information about scams identified by Laser Desk.
We explain how they work (mechanics), how to detect them (identification), and what to do if you're a victim (mitigation).
For any feedback & suggestions — @Laser_Desk
The idea is to trick you to interact (buy / sell / swap / transfer) with some malicious token or website:
Illustration by PeckShield
Your best strategy is to ignore the airdropped token:
If your seed phrase or private key has been compromised — immediately create completely new (uncompromised) wallet and transfer all your tokens there.
If you want to avoid phishing websites — install PeckShield chrome extension.
The idea is to trick you into buying a token that you won't be able to sell:
In every case scammer abuses your inability to sell. Your money get stuck in liquidity pool which makes it a "honeypot". When enough money are collected scammer pulls them out and runs away with all the "honey".
Try to find contract audit and to read it. If it mentions that deployer can burn or lock user funds, pause the contract, change taxes, blacklist holders from trading, buyback tokens, etc. — then there is a high honeypot risk.
PeckShieldAlert Tweet: Pattern in recent honeypots
Your best strategy is to avoid buying potential honeypots.
If you've already invested in one — your money are probably gone forever. Just walk away.
Some honeypots are serial (e.g. NinjaFloki). Therefore it's important to make information about them public:
The idea is to trick you into buying a token and then pull out the liquidity:
Sometimes rug pull happens due to a hack. For example, scammer can gain access to a dev wallet and dump corresponding tokens to the market (e.g. ARIVA hack). Other common hack is a flash loan (article 1, article 2).
Rug pulled tokens:
The safest strategy is to avoid holding rug pullable token.
Contrary to honeypot it is always sellable. This makes you the master of your fate.
If you are unsure about some token — just sell it. Don't follow your FOMO and greed. They will make you hesitate for too long. There is no way to get your money back after the rug.
If team announces that rug pull was caused by a hack — just wait. In many cases projects recover or compensate losses.
Fakes are designed for inattentive investors. To avoid them — ALWAYS double-check information at official website or in official social accounts.
Sometimes scams are hard to classify. In this case we mark them as unclassified scam.
Sometimes scam has yet to reveal itself. But transactions and / or social accounts are already unnatural (generated by bots). In this case we mark token as potential scam.