Honeypot scams
Does this article need to be translated?
This article was adapted from a blog post available here.
Although they have a pleasant-sounding name, honeypot scams aim to steal funds by luring you into interacting with a fraudulently configured wallet.
Their name references the fact that, at least from the outside, the wallet is highly appealing โ just like a pot of honey left outdoors would attract insects and animals.
Contents:
So how do they work?โ
Step 1: First contactโ
Honeypot scams revolve around the principle of dangling the prospect of free money in front of you. They present you with a well-stocked wallet that you can access, hoping that you do indeed to try to access it and send funds out.
To make sure that you can actually access it, a key element in the ploy is the scammer sharing the wallet's Secret Recovery Phrase (seed phrase). Usually, they get in touch to do so, posing as an innocent web3 citizen that needs help with their wallet. For example:
They do this in the hope that your thought process will be something like: Hah, what a noob โ I'll just go straight into their wallet and transfer that 6,000 USDT straight to my own wallet. Easy money!
Never, ever share your Secret Recovery Phrase like thisโ
The scammer above has deliberately shared their Secret Recovery Phrase to fool you. To be clear: you should never share yours.
Step 2: You try to move the tokens to your own walletโ
Possessing the private key to a wallet with $6,000 worth of tokens sitting in it is tantalizing. But wait: this is where things get a little more complex.
Usually, the value in a honeypot wallet will be tied up in tokens other than the network's native token. This means that if you wanted to send them anywhere else, you'd need to somehow get a small amount of the network's native token into the wallet to pay the gas fees for the transfer. In the above screenshot, the scammer "Candi" lets us know the network, telling us that the USDT is a "trx20" token. (TRX suggests the Tron network; but even if it were on there, it would actually be a TRC20 token; anyway, let's not get distracted.)
So let's say you load up Candi's wallet on a new browser instance or similar, with the intention of transferring the 6,000 USDT out. You send a little TRX to fund the transaction, and... it's gone.
What happened?
Step 3: A script steals the tokens you intended to use for gasโ
This is where the scammer makes their money. The funds they leave in the wallet as bait are never touched, because no one can ever transfer them out. The tokens you send to the address to use for gas fees are automatically sent elsewhere by a sweeper script (a.k.a. sweeper bot) before you can send a transaction yourself.
If you were to load up the block explorer page for an address that was serving as a honeypot, it would look something like this:
Notice how there are lots of transactions happening within very short, distinct windows: BNB, a native token used to pay for gas, is being transferred out almost as soon as it is being added.
This is because the script is 'listening' for transfers into the wallet address, and reacting to them virtually immediately by submitting a transaction to sweep them out.