TokenSniffer.com
@Token_Sniffer
Followers
32,392
Following
110
Media
16
Statuses
321
#DeFi token metrics and scam detection from @Solidus_Labs . There is no official Telegram/Discord.
Joined October 2020
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
オーロラ
• 492250 Tweets
Joost
• 334472 Tweets
#الهلال_الحزم
• 85607 Tweets
Fulham
• 81859 Tweets
#SixTONESANN
• 78237 Tweets
Man City
• 62845 Tweets
自分これ
• 61859 Tweets
Gvardiol
• 54232 Tweets
Ali Koç
• 47760 Tweets
Dremo
• 41197 Tweets
太陽フレアのせい
• 39467 Tweets
Burnley
• 33746 Tweets
SEE YOU NEXT MONTH JIN
• 31685 Tweets
دوري روشن
• 30597 Tweets
الدوري الاقوي
• 28769 Tweets
Granada
• 25210 Tweets
روشن السعودي
• 24591 Tweets
Luton
• 22315 Tweets
Haley
• 22196 Tweets
やまとなでしこ
• 14763 Tweets
الدوري التاريخي
• 14541 Tweets
#الهلال_بطل_الدوري_التاريخي
• 11927 Tweets
Pinned Tweet
Introducing the TokenSniffer API: a programmatic way to determine whether a cryptocurrency’s smart contract is dangerous or benign.
Learn more:
See pricing:
1
29
112
🚨SCAM ALERT: there is an increase in scam tokens where holders are manually blocklisted from selling. Check contract transactions for unusual repetitive function calls.
Example:
Repeated callOracle() blocklist function calls:
1
29
91
UPDATE: The scammer seems to profit from these tokens in at least three ways:
1⃣By impersonating new projects
2⃣By collecting variable transfer fees as high as 20%
3⃣By removing liquidity while holders remain
Here are the buy & sell fees for one of these tokens, BoneTools:
Over the past 1.5 months one person has created 114 meme coin scams.
Each time stolen funds from the scam are sent to the exact same deposit address.
0x739c58807B99Cb274f6FD96B10194202b8EEfB47
794
2K
6K
1
22
48
🚨SCAM ALERT: Since
@coinbase
's testnet launch of
@BuildOnBase
, four impersonation tokens have been created to capitalize on the hype surrounding the Layer 2 network.
The tokens' details:
2
18
41
Almost all contract transactions should be either "Approve" or "Transfer".
1
3
35
A common tactic by scammers is to create a token with the same name as a popular one hoping that you will mistakenly buy theirs instead. For example, there are 16 tokens named "SafeMoon" in our database, four of which are known honeypot scams.
15
6
34
🚀 We just launched 2 new open-source projects for devs using Token Sniffer API!
1️⃣ CLI for quick, command-line access
2️⃣ React Widgets for seamless UI integration
👩💻 Speed up your workflow with tools from our new
#GitHub
organization:
0
5
26
🚨SCAM ALERT: someone reported the "Pump NationWide" TG group. Currently they are promoting a honeypot token (no verified contract source, all-green chart)
Help report this group and get it banned:
3
9
29
DeFi investor, DEX platform or savvy software developer? Let’s talk DeFi scams!
Join
@Solidus_Labs
and
@FortaNetwork
experts for a Twitter Space unpacking the latest in smart contract scams, DeFi fraud and crypto market abuse.
11
7
27
“Everybody I know has gotten rug-pulled.” Billions are lost annually through a variety of cryptocurrency scams. The way things are going—this will only get worse. via
@wealth
8
11
25
Below is BoneTools' ( $BTOOLS ) full trading history on Uniswap.
Its creator profited from:
-10% of every buy swap ($1.17M)
-20% of every sell swap ($2.32M)
-18 personal sell swaps ($2,413 net of buys)
-1 liquidity withdrawal ($760 net of deposits)
s/o to
@zachxbt
for the find.
0
7
22
Just a friendly reminder to always check the contract address of the token you are trading. There are lots of copycats floating around.
3
4
22
🚨SCAM ALERT: avoid new tokens called
#RedMoon
$RDMN with unverified source and all-green charts (unable to sell). In general use caution with tokens that do not have verified source.
Does not apply to tokens with that name that have verified source.
9
2
25
To get started:
📝Select a plan – Basic Sniffer, Pro Pack, or Enterprise
🔐Store your API key somewhere safe
✅Use it to make requests for token information, metrics, and Smell Test results
Here’s an example API call and response (ft. the original SQUID token):
1
1
18
1/ More than 650 scam tokens have already been deployed on Base — and many of them are currently being traded, wash traded, and rug-pulled on the network’s DEXs.
Scammers feed on hype; approach the tokens playing off of it with caution.
When Coinbase’s Layer 2 network Base launched for developers on July 13, scam token creators snuck along for the ride. In the days between its developer launch and its public launch, devs deployed more than 500 scam tokens on the network.
The full story:
4
4
9
1
6
20
How do you know you have the "right" token? CHECK THE CONTRACT ADDRESS. Where do you find it? On the project's website or Twitter look for a 42 character ID starting with 0x, like 0xdac1... Instead of typing the token name into your favorite exchange app, paste in the address.
6
3
12
@zachxbt
Excellent work! We did our own analysis and found an additional 25 tokens for a total of 139. These are all rug pulls (sudden removals of unlocked liquidity).
Full list:
2
4
16
About these scam types:
⦿ Honeypot scammers program their tokens’ smart contracts to prevent buyers from reselling them.
⦿ Impersonation scammers imitate the branding of established organizations – many of which don’t have their own token – to steal from unaware investors.
1
2
14
@binance
@cz_binance
Have you considered a grants program for projects like that are working to make
#BSC
a safer place to trade?
1
2
11
This is a great explanation of an often-used scam (flagged 3 tokens just today)
Quick and dirty analysis of a scam on
#BSC
and
#PancakeSwap
with NoApproval issue
#ScamToken
SafeGravity, Shining, ECLIPSE, Shining Star (SST), Ape (APE)
All use the very same mechanism with LP and blocked approve method.
2
0
6
1
2
8
Less than 3 hours until Unleash The Network: Protecting Your Investment From DeFi Fraud is live
DeFi investor, DEX platform or savvy software developer? Let’s talk DeFi scams!
Join
@Solidus_Labs
and
@FortaNetwork
experts for a Twitter Space unpacking the latest in smart contract scams, DeFi fraud and crypto market abuse.
11
7
27
4
1
9
@AndreCronjeTech
@etherscan
Indeed! We rely on them for much of our database. Any chance you would promote TokenSniffer too? :) Working to help traders avoid clones and scams.
0
0
7
2/ The TokenSniffer website and API now support the Base chain. Always check before you trade.
0
1
8
@omgooses1
@zuckerbrins
@OliverRush
I should've bought some $HOGE apparently lol. HOGE is not an upgradeable proxy contract. DelegateCall is one way. TokenSniffer's "Smell Test" checks for "contract ... is Proxy" in the source.
1
0
6
@Yash__Mehar
@CryptoMoonShots
Thanks! Added the tokens and they were auto-flagged due to known exploits. The narrator is incorrect about the cause, it's not the "payable" function which just prevents ETH/BNB transfers to the contract. The real cause is that the contracts block transfers to the LP address.
2
0
4
@AwiVitality
No, the Smell Test score should not be interpreted as investment advice but rather included with more comprehensive research into the project/team. No scam scanner can catch all possible exploits or predict the intentions of the creators.
2
0
3
@LokiDogi19
@MissDarkBunnyy
@CharlieMichale3
@shibaleash
@Pc79C
@DrBugwam
@MisaInu2
Here's an example of a known rug pull, TruAMPL:
1
0
3
@CatMcGeeCode
@gebloke
Yes, we scan transactions for contract deployments and if verified source is available we download and analyze it. Tokens without verified contract source are assigned a much lower safety score.
0
0
3
@WARONRUGS
For what it's worth, it's a simple clone of $RFI with just the supply and fee changed:
3
1
2
0
0
3
@LokiDogi19
@MissDarkBunnyy
@CharlieMichale3
@shibaleash
@Pc79C
@DrBugwam
@MisaInu2
Also concerned with rug pulls but don't have good tools yet (other than looking at raw transactions which is slow). Automating honeypot detection has been easier. The Daschund Inu chart looks like a classic pump & dump. If you can point me to more info I'll gladly take a look🙂
1
1
3
@edchapak
These are open blockchains, there are no restrictions on who can create a contract or its code.
1
0
2
@Start01_
It means you will connect your wallet and sign a message to prove that you are the owner of the wallet you used to connect. I'll reword it so it's clearer
0
0
2
@Can33343334
@TadpoleDaHermit
See the contextHandler modifier on transferFrom, in particular this line:
require(from == owner, "Order ContextHandler");
0
1
1
0
0
2
@rich_kappel
@wealth
@Bloomberg
@BabyDogeCoin
@bscscan
It's a different token with the same name (often a tactic used by scammers). Always verify the contract address before purchasing!
Real:
Fake:
1
1
2
@MikeGearyGems
@SaitaInformer
@DelCrxpto
@BitMartExchange
The lock amount/duration shown on our site matches what is shown on Unicrypt
3
0
1
@Atommaulwurf
I didn't have room to add the network/address but I will next time. With 100 new tokens per day I can't keep track of what's real and what's fake.
1
0
2
@jiwoks
Not yet, hope to add detailed documentation soon.
That contract allows the sender to mint tokens to themself. See "_ownership" function lines 294-299
3
0
2
@LokiDogi19
@MissDarkBunnyy
@CharlieMichale3
@shibaleash
@Pc79C
@DrBugwam
@MisaInu2
You can scroll through the transactions on Etherscan. See "Transfers" and look for "remove liquidity" method:
It's easier to do on because you can filter by type "Removes" of which there aren't any shown:
2
0
2
@archindivide
@WARONRUGS
That's a good point. Contract issues are the easy part, rug pulls are very hard to predict. The industry is developing standards and tools but it takes time and experience. When I invest in these microcap tokens I expect to lose it all. Casinos on the blockchain 🙂
0
0
2
@julianchuk
Thanks for the alert. Can you point to the transaction that locks liquidity for 3 years? I just see a single address holding 99% of liquidity:
2
0
1
@franckisted
1. Not all tokens get listed, only those on CoinGecko, , or mentioned in certain Telegram channels. After the BSC node is ready all new tokens will be added immediately.
2. Great idea! Here's the BSC address: 0x32cf20F1Ffd71fB0E4248472376C7474E2Ef4110
1
0
1
@tweets4shaf
It is safest to enter the contract address 0x25b0c0d8dcee3051337ba9382ead9040ab3d5531 since there are many imposter tokens, some of which are scams.
3
0
1
0
0
1
@Solidus_Labs
and
@FortaNetwork
are live now! Join to hear about protecting against DeFi scams and fraud.
0
0
1
@kroese_t
It appears that the owner controls who can sell:
function addAllow(address holder, bool allowApprove) external onlyOwner {
allow[holder] = allowApprove;
}
Anyone out there who can confirm this? Flagged it for now.
1
0
1
@RaphaTisserand
@WARONRUGS
Yes, some weird code in the contract. Just glanced quickly but noticed:
- Minimum tx amount of 1000
- Tx fees distributed to dev address
- Only 1 sell tx every 30 mins
0
0
1
@kroese_t
It appears that the owner controls who can sell:
function addAllow(address holder, bool allowApprove) external onlyOwner {
allow[holder] = allowApprove;
}
Anyone out there who can confirm this? Flagged it for now.
1
0
1
0
0
0
@archindivide
The
@waronrugs
news is strange and disappointing. Some of their earlier work was very helpful and that's what was referenced by TokenSniffer.
3
0
1
@JohnGo32819390
It would be difficult to detect automatically. I flagged it so that clones can be detected.
1
0
1
@benjamin_lebeau
YFI & METRIC are governance tokens. The contracts are small (<200 lines) and simply implement ERC-20 functions. Perhaps METRIC copied YFI or they both used the same template. Both support a platform that adds value, so the fact that they are highly similar is not a red flag.
1
0
1
@Billi_the_goat_
Try searching the contract address in the search bar then select "Request Analysis". If not found then DM me 😊
0
0
0
@XRPStandard2020
That looks like a typical honeypot chart. When imported it was auto-flagged as a copy of a known scam.
2
0
1
@Roninn18158244
@RoyalNavySNY
I'll think about a way to make it clearer. There are no restrictions on what people name these tokens and keeping track of which token is the original takes time. Next time I'll put the network/address in the tweet.
0
0
1
@gavinjary
Thank you! I haven't seen this code pattern yet. In transferFrom() there is a call to ensure() which blocks transfers for everyone except the owner. Flagging all similar contracts now ...
0
0
1