Scam tokens are common in crypto, and they're designed to look legitimate. Phantom can't recover funds lost to scams, but understanding how they work is your best defense. This guide covers the most common patterns, how to spot warning signs, and what to do if you've already interacted with something suspicious.
What are scam tokens
Scam tokens are cryptocurrencies created to trick you into taking actions that put your funds at risk. They're designed to get you to buy the wrong token, connect your wallet to a fake site, or approve a malicious transaction.
Because wallet addresses are public, anyone can send tokens to your wallet. Receiving a token doesn't mean you bought it, and it doesn't harm your wallet on its own. Risk comes from approvals and signed requests.
Common types of token scams
Fake token airdrops
Scammers send tokens to your wallet that include instructions in the token name or metadata, such as a link to "claim" rewards. These links lead to phishing sites that ask you to connect your wallet and approve a malicious request. Scammers can also scrape onchain data to identify holders of a trending token, then mass-airdrop lookalike tokens to those addresses.
What they want you to do:
- Buy the fake token by mistake, which often happens when someone searches by name instead of verifying the contract address.
- Interact with the token. Attempting to swap, sell, or send it may trigger an approval request that puts your wallet at risk.
Pump-and-dump tokens
Scammers promote a token using hype and misleading claims, often on social media. Once enough people buy in and the price rises, they sell their holdings. The price drops quickly, leaving other holders with tokens that may be impossible to sell.
Honeypot tokens
A honeypot token lets you buy, but prevents you from selling. The contract is designed to trap buyers using restrictions like allowing only certain wallets to sell, blocking selling unless hidden conditions are met, or setting selling fees extremely high.
Rug pulls
Scammers create a token or project, attract buyers, then remove liquidity or abandon the project after taking funds. This is common with new tokens that promise high returns or promote limited-time opportunities.
Impersonation tokens
Impersonation tokens copy the name, logo, or branding of a real token or well-known project to get you to buy the wrong asset. It often happens when a token name is similar to a legitimate one, uses a familiar logo, or a fake site claims a partnership or endorsement.
How to identify scam tokens
You can't always spot scams from appearance alone, but these signs can help you assess risk before you interact.
Red flags in token details
- Unrealistic claims. "Guaranteed returns" or "risk-free rewards" are common scam language.
- Unclear team or ownership. Legitimate projects usually provide verifiable information about who is building them.
- Suspicious distribution. If one wallet holds a large share of the supply, the token may be vulnerable to manipulation.
- Minting risk. Some contracts allow unlimited token creation, which can damage value and signal malicious intent.
Fake community hype
Scammers manufacture credibility on X, Telegram, and Discord. Watch for new accounts with low engagement, repeated or copy-pasted comments, and offers that require you to connect your wallet to "verify" or "claim."
Low-quality websites or documentation
Poor formatting, vague language, and missing details are common in scam projects. Look for broken links or missing contact information, roadmaps with no technical detail, and a heavy focus on rewards with no clear product.
Use explorers and token analysis tools
Before you interact with a token, verify the contract or mint address using a trusted source such as CoinGecko or a blockchain explorer:
- Solana: Solscan
- Ethereum: Etherscan
- Monad: MonadVision
- Base: BaseScan
- Sui: SuiVision
- Polygon: PolygonScan
- Bitcoin: Mempool
- HyperEVM: HyperEVMScan
For a walkthrough, see Tools to help you avoid crypto scams.
How to avoid scam tokens
Verify contract addresses
- Use the official contract address from a trusted source such as a verified project page or CoinGecko.
- Avoid searching by token name alone, especially for trending tokens.
- Be cautious with links shared through token metadata, DMs, or replies on social media.
Ignore unsolicited tokens
If you receive a token you didn't expect, don't select any links in the token name or description, don't try to swap, sell, or send it, and hide and report it in Phantom.
Use a separate wallet for higher-risk activity
For new or unverified projects, use a separate wallet or account with limited funds. This protects your primary wallet if you approve something you didn't intend to.
If you interacted with a scam token
If you think you approved something suspicious, act quickly.
Step 1: Stop interacting
Don't approve additional requests, and avoid revisiting the site or app until you've verified it's safe.
Step 2: Revoke connections and approvals
Revoke any suspicious app connections and token allowances.
- In Phantom, disconnect apps you don't recognize.
- On Ethereum and EVM networks, use a revocation tool such as Revoke.cash.
- On Solana, use a tool such as Famous Fox's Revoker.
For more details, see Tools to help you avoid crypto scams.
Step 3: Move funds to a new wallet if needed
If you believe your wallet may be compromised:
- Create a new wallet in Phantom.
- Transfer your assets to the new wallet.
- Don't transfer the suspicious token. Some scam tokens are designed to trigger actions when you interact with them, including sending.
For more information, see Move funds to a new Phantom wallet when you need to start over.
Step 4: Review your security setup
- Keep your Phantom app updated.
- Use strong security protections on accounts tied to your crypto activity.
- Review your wallet activity for unfamiliar approvals or transactions.
Keep your recovery phrase secure
Your recovery phrase is the key to your wallet. If someone gets it, they own your wallet. Never share it with anyone, and never enter it into a site you don't fully trust.