Honeypot Tokens – The Airdrop Scam That Makes You Watch Fake Profits You Can Never Spend

I found tokens in my wallet last week. RoyalDog on Ethereum, and something called Mezo – also on Ethereum. Neither one was anything I bought or signed up for. Both showed real dollar values sitting right there in my wallet.

I couldn’t sell either of them.

The error message said “low liquidity.” But that wasn’t really what was happening. What was actually happening is one of the most common and cleverly designed scams in crypto right now – the honeypot token.

Here’s exactly what it is, how it works, and what you should do if you find one sitting in your wallet.

What Is a Honeypot Token?

A honeypot token is a malicious smart contract designed to let you buy – but never sell.

The contract code contains hidden restrictions that block selling for everyone except the scammer’s own wallet. From the outside it looks like a normal token. It has a price. It has apparent liquidity. It may even show price history and trading volume. But the moment you try to swap it for ETH or any other real asset, the transaction fails.

The “low liquidity” error you see is the surface-level symptom. The real problem is deeper – the smart contract itself was written to make your tokens permanently unsellable.

How the Scam Works – Step by Step

Step 1 – Deploy the contract

The scammer writes a token contract with hidden sell restrictions built in. Only whitelisted wallet addresses – usually just the scammer’s own – can sell. Everyone else’s sell transactions fail silently or return a generic error.

Step 2 – Create a one-sided liquidity pool

The scammer adds just enough liquidity on the buy side to make the token tradeable on a DEX like Uniswap. This makes it appear legitimate – it shows up in wallets, has a token price, and can be “bought.” There is no real sell-side liquidity because none was ever intended.

Step 3 – Airdrop it to thousands of wallets

The token gets dropped to mass wallet addresses, often scraped from on-chain activity. Anyone who has ever interacted with DeFi protocols, used a DEX, or held any popular token is a target. The cost to the scammer is near zero – deploying a token and airdropping it costs only gas.

Step 4 – Let greed do the work

This is where it gets clever. The scammer now buys their own token to drive the price up. Victims see tokens in their wallet appreciating in value – sometimes dramatically. The pressure builds. “I have $300 sitting right there and the price is going up – I need to sell before it drops.”

Step 5 – Trigger the real trap

Victims who try to sell and fail often go looking for solutions. This is where the second layer of the scam kicks in. The token contract, or a fake website associated with it, prompts users to “approve” the contract or visit a third-party site to “unlock” their tokens. That approval is often the real attack – once signed, the contract gains permission to access your actual assets.

The tokens you couldn’t sell were never the target. Your ETH and real crypto are.

The Mezo Fake – Impersonating Real Projects

One detail worth highlighting from my own experience – the “Mezo” token that appeared in my wallet.

Mezo is a real project. It’s a legitimate Bitcoin economic layer built by Thesis, the team behind tBTC, with genuine institutional backing and a real development history. The token airdropped to my wallet had nothing to do with the real Mezo project.

This is a specific tactic called name-squatting – scammers deploy tokens using the names of real, credible projects to make them look legitimate at first glance. If you Google “Mezo crypto” you find a real project with a real team, which lends false credibility to the fake token sitting in your wallet.

Always verify: if an unexpected token appears in your wallet using a name you recognize, go directly to the official project website and check whether they conducted any airdrop. Do not interact with the token until you’ve confirmed it’s real.

Why “Low Liquidity” Is the Wrong Error Message

The error your wallet shows – “low liquidity” or “insufficient liquidity” – is technically accurate but deeply misleading. It implies the token might be sellable if liquidity improves. It might not be. It might never be.

The distinction matters:

• Genuine low liquidity – a real token with a small pool. Price impact is high but you can still sell, just at a worse rate
• Honeypot low liquidity – no sell-side liquidity exists because the contract prevents it. The pool will never have enough sell-side liquidity because sells are blocked at the contract level

The only way to tell the difference is to check the contract itself – which brings us to the tools you need.

How to Check If a Token Is a Honeypot

Before interacting with any unexpected token, run it through one of these tools:

Token Sniffer – tokensniffer.com – pastes the contract address and returns an automated audit flagging common honeypot patterns

Honeypot.is – honeypot.is – simulates a buy and sell transaction against the contract without spending real money, showing you directly whether sells are blocked

Go+ Security – gopluslabs.io – scans for blacklist functions, sell restrictions, mint functions, and other red flags

Etherscan Token Approval Checker – etherscan.io/tokenapprovalchecker – shows what contracts already have approval to access your wallet

To use any of these, you need the token’s contract address – find it by looking up your wallet address on Etherscan and finding the token in your transaction history.

What To Do If You Have a Honeypot in Your Wallet

Do nothing with the token itself. It costs you nothing to leave it sitting there. It will never be worth anything real, but it also can’t hurt you as long as you don’t interact with it.

Do not:

• Try to add liquidity to “fix” the problem
• Visit any website linked in the token’s contract or associated social media
• Approve any contract interaction related to the token
• Send any ETH or other crypto to “unlock” your holdings
• Share your seed phrase with anyone claiming to help you recover the tokens

Do:

• Check Etherscan’s token approval checker to make sure you haven’t already approved anything suspicious
• Revoke any unknown approvals at revoke.cash
• Report the token contract on Etherscan so it gets flagged for other users

The Bigger Picture – Why This Scam Works

Honeypot tokens are effective for one reason – they exploit something completely reasonable. Finding value in your wallet and wanting to access it is not greedy or naive. It’s a normal human reaction.

The scammers know this. The fake price appreciation is deliberate. The “low liquidity” error is deliberately vague. The third-party “recovery” sites are deliberately designed to look helpful. Every step of the funnel is engineered to turn a confused victim into someone who hands over wallet access trying to fix a problem that was never fixable.

The defence is simple but requires knowing what you’re looking at. Any token you didn’t buy, didn’t sign up for, and can’t sell – run it through Token Sniffer before you do anything else. If it comes back flagged, ignore it permanently.

Quick Reference – Honeypot Red Flags

• Token appeared in your wallet without any action on your part
• Price is going up but you can’t sell
• Error message says “low liquidity” or “insufficient liquidity” on sells only
• Token uses the name of a real project but you can’t verify the airdrop on their official site
• Any website or message offering to “unlock” your tokens or “fix” the liquidity
• Contract is unverified on Etherscan – no source code visible

Tools Mentioned in This Article

• Token Sniffer – tokensniffer.com
• Honeypot Checker – honeypot.is
• Go+ Security – gopluslabs.io
• Revoke.cash – revoke.cash
• Etherscan – etherscan.io

📖 Related Articles

• How to Stay Safe in Crypto – Security Guide 2026
• How I Almost Got Scammed – A Real DM Attack Dissected
• Active Airdrops – Legitimate Opportunities Right Now
• Monad Ecosystem Airdrop Guide