Every day, thousands of new tokens launch across Solana, Ethereum, BNB Chain, Base, and dozens of other networks. The overwhelming majority of these tokens exist for one purpose: to separate you from your money. The scale is staggering — billions of dollars are lost to token scams every year, and the problem is accelerating.

The good news is that nearly every scam follows predictable patterns. Once you know what to look for, you can identify dangerous tokens before you interact with them. This guide covers the 10 essential checks every trader should perform before buying any token on any chain.

Why this matters No single check is sufficient on its own. A token can have locked liquidity but a hidden mint function. It can have a verified contract but a blacklist that activates after you buy. The only way to be reasonably safe is to check multiple factors simultaneously.

1. Is the Liquidity Locked or Burned?

Liquidity is what allows you to buy and sell a token. When a creator adds liquidity to a decentralized exchange, they receive LP (liquidity provider) tokens in return. These LP tokens represent their share of the pool. If the LP tokens are not locked or burned, the creator can remove all liquidity at any time — and everything you invested goes with it.

This is called a rug pull, and it is the single most common type of crypto token scam.

What to look for

  • Burned LP is the gold standard — the liquidity can never be removed. The LP tokens are sent to a dead address permanently.
  • Locked LP is the next best — a third-party locker (like Team.Finance or Unicrypt) holds the LP tokens until a specified date. Check the expiry — locks of less than 30 days offer minimal protection.
  • Unlocked LP is a major red flag. The creator can pull everything at any moment.
The "burn 1 token" scam Some scammers burn exactly 1 LP token out of millions. This technically shows as "burned" on some scanners, but effectively nothing is locked. Always check what percentage of LP tokens are burned, not just whether any burn occurred.

Tools like RugCheck (Solana) and GoPlus Security (EVM chains) can verify LP lock status automatically.

2. Can the Owner Mint New Tokens?

Mint authority is a function that allows the token creator to generate new tokens at will. If this authority has not been revoked, the owner can mint an amount equal to or greater than the entire circulating supply, then sell all those new tokens into the liquidity pool — effectively draining it completely.

On Solana, this is called mint authority. On EVM chains, it appears as an is_mintable flag in contract analysis. Some tokens legitimately need mint functions (stablecoins, governance tokens), but for newly launched meme tokens or community tokens, an active mint function is a critical warning sign.

Learn more in our detailed guide: Mint Function Scam: Unlimited Token Supply Exploit

3. Is Freeze Authority Revoked?

On Solana, token creators have an option called freeze authority that allows them to freeze any wallet holding their token. Once frozen, you cannot transfer or sell your tokens — they are effectively worthless even though they still appear in your wallet.

On EVM chains, the equivalent is a blacklist function embedded in the smart contract. The owner can add any wallet address to a blacklist, preventing that wallet from selling or transferring tokens.

The scam pattern is straightforward: bots pump the price, you buy in, your wallet gets frozen, and you can never sell. The creator then removes liquidity or lets the price crash to zero while you watch, unable to do anything.

Read our full analysis: Freeze Authority: The Scam That Locks Your Tokens

4. Who Holds the Tokens?

Token distribution tells you who actually controls the supply. Healthy tokens have distribution spread across hundreds or thousands of wallets. Scam tokens concentrate supply in a few wallets — sometimes disguised across many addresses controlled by the same person.

Red flags in holder distribution

  • Top holder above 20% (excluding LP and exchanges) — one wallet can crash the price
  • Top 10 holders above 60% — supply is dangerously concentrated
  • Same-size wallets — if 10 wallets each hold exactly 1.3%, it is likely one person using multiple wallets (sybil attack)
  • "Unknown balance" wallets — wallets that received tokens before public trading began are insiders
The burn concentration trick Some creators burn 99% of supply to make it look "safe," then keep 0.5% — which is actually 50% of the real circulating supply. Always calculate holder percentages relative to the circulating supply after burn, not the total supply.

Important: when analyzing holders, exclude exchange wallets (Binance, Coinbase, etc.), DEX pool addresses (PancakeSwap, Uniswap), and burn addresses. These are not individual concentration risks.

5. Is the Trading Volume Organic?

Scammers use bot armies to create fake trading volume. The goal is to push their token onto trending lists on DexScreener, DexTools, and other platforms, where real traders will see it and buy.

Signs of bot-driven trading

  • Identical transaction amounts appearing repeatedly — real traders buy random amounts
  • Same-second trades from multiple wallets — humans cannot coordinate to the millisecond
  • Buy/sell ratio above 10:1 — natural markets have balanced activity
  • Volume/liquidity ratio above 20x — more volume than makes physical sense
  • Uniform chart candles — organic trading produces irregular patterns

Every time the price goes up on the minute chart and there is an immediate, proportional sell — that is bots taking money from real buyers.

6. Does the Project Have an Identity?

Legitimate projects have websites, social media presence, documentation, and at least some form of community. Scam tokens typically have none of these. The absence of any online presence is itself a warning sign — it means the creator has no intention of building anything.

What to verify

  • Does the project have a working website? (Not just a link — actually visit it)
  • Are there active social accounts with real engagement? (Not bot followers)
  • Is there documentation explaining the project?
  • Is the token listed on CoinGecko? (CoinGecko listing requires some level of verification)
  • Is the metadata mutable? (Can the creator change the token name and image after you buy?)

See also: Crypto Influencer Scams: How They Profit From You

7. What Is the Deployer's History?

One of the most powerful checks available is examining the creator wallet's history. Serial scammers create dozens or hundreds of tokens — each one gets rugged after a few hours. If the deployer has created 50 previous tokens and 48 of them have zero liquidity, the pattern is clear.

On the other hand, if a deployer has created 2-3 tokens that are still alive with healthy trading, that is a positive signal.

ChainLens automatically scans the deployer's full history across DexScreener and GoPlus, checking for previous tokens, dead projects, and security flags on the creator's address.

8. What Are the Buy and Sell Taxes?

Many tokens implement buy and sell taxes — a percentage of every transaction goes to a specified wallet. Legitimate projects might have 1-3% taxes for development or marketing. Scam tokens set taxes at 20%, 50%, or even 99%.

The most dangerous variant is a dynamic tax: the contract launches with 0% tax (looks safe on scanners), then the owner changes it to 50% after people have bought in. Another variant is personal slippage — the owner can set different tax rates for different wallet addresses.

Tax red flags

  • Buy or sell tax above 10% — your trade loses significant value
  • Tax is modifiable (slippage modifiable flag) — owner can change it later
  • Personal slippage enabled — different wallets get different tax rates
  • Sell tax higher than buy tax — designed to trap you

Honeypot.is simulates actual trades to measure real tax rates, which is more accurate than reading contract code alone.

9. Is the Contract Source Code Verified?

A verified (open source) contract means the code is publicly readable on a block explorer like Etherscan or Solscan. An unverified contract means you have no idea what the code actually does — it could contain any of the backdoor functions described in our guides.

However, verified source code alone is not sufficient. Scammers can deploy verified contracts that contain obfuscated logic, proxy patterns that point to unverified implementation contracts, or functions with misleading names that do the opposite of what they suggest.

What matters is the combination: verified code PLUS no dangerous functions (no hidden owner, no proxy, no modifiable tax, no blacklist).

10. Is It Listed on Recognized Platforms?

Tokens listed on CoinGecko, CoinMarketCap, or centralized exchanges have undergone at least a basic vetting process. While listing does not guarantee safety, the absence of any listing for a token that claims to be established is suspicious.

GoPlus Security maintains a trust list of verified tokens. Tokens on this list have been reviewed and are considered legitimate by security researchers. ChainLens checks this automatically and displays a "Verified" badge for tokens on the GoPlus trust list.

How to Avoid Token Scams

No tool or checklist can guarantee 100% safety — but following these practices dramatically reduces your risk:

  1. Never buy based on hype alone. If someone is promoting a token aggressively, ask why. Check the token yourself before buying.
  2. Always scan before trading. Use ChainLens, RugCheck, Honeypot.is, or TokenSniffer to verify the token.
  3. Start small. If you decide to buy, start with a small amount you can afford to lose. Wait and observe before adding more.
  4. Never interact with unknown airdropped tokens. Tokens you did not buy that appear in your wallet are likely wallet drain scams.
  5. Audit your token approvals regularly. Use Revoke.cash to check and revoke dangerous unlimited approvals. Read our approval exploit guide.
  6. Use a separate wallet for trading. Keep your main holdings in a wallet that never interacts with new tokens or unknown contracts.
Scan Any Token with ChainLens 89 automated checks across 10 independent sources. All 10 points above checked automatically, for free.

Why Use ChainLens?

ChainLens is the only free tool that performs all 10 checks listed above in a single scan. While other tools focus on one aspect — RugCheck checks Solana contracts, Honeypot.is tests sell restrictions, TokenSniffer analyzes EVM code — ChainLens cross-references all of them simultaneously and scores tokens on a 0-100 scale with plain-language explanations.

Key advantages that make ChainLens unique:

  • 89 individual checks across 8 scoring categories
  • 7 scam pattern matchers — honeypot, rug pull, wash trading, pump & dump, insider concentration, copycat, and deployer history
  • 10 independent API sources — DexScreener, GeckoTerminal, RugCheck, Honeypot.is, GoPlus Security (6 endpoints), and CoinGecko
  • Cross-validation — when multiple sources agree on a finding, confidence is higher
  • Deployer history scanning — checks if the creator has launched other tokens and what happened to them
  • Exchange wallet filtering — recognizes 50+ exchange and DEX addresses to prevent false positives
  • Free, no signup, no wallet connection — paste an address and get results instantly

Frequently Asked Questions

How do I know if a crypto token is safe to buy?

Check these 10 things before buying: liquidity lock status, mint authority, freeze authority, holder concentration, organic trading activity, project identity (website and socials), deployer history, buy/sell taxes, contract verification, and exchange listings. Tools like ChainLens automate all 10 checks in one scan.

What is the most common crypto token scam?

Rug pulls are the most common, where creators remove liquidity after people buy in. Other frequent scams include honeypots (you can buy but cannot sell), bot-inflated volume (fake trending), and mint exploits (creating unlimited supply to drain pools). Most scams combine multiple techniques.

Can I trust a token with high trading volume?

Not necessarily. Scammers use bot armies to create fake volume and push tokens onto trending lists. Look for organic trading signs: diverse transaction sizes, balanced buy/sell ratio, and unique trader count close to total transaction count. A volume-to-liquidity ratio above 20x is highly suspicious.