RektRadar Blog

Claude Fable 5 was our coding model for a short window - June 10 to 13, 2026. In those four days the agent fleet that builds RektRadar merged 42 pull requests across 10 repositories: a stolen-funds pipeline shipped end to end, the 100+ risk-signal catalogue extracted into a shared package, a bilingual glossary, imminent-rug Telegram alerts, a UI refresh, and a lot of cleanup. This is the build log, with the real numbers.

Most scam detectors judge a token once, at launch. But a token can be perfectly sellable on day zero and trap you on day five (a timed blacklist), or look like a clean audited contract while its real logic lives in a swappable implementation behind a proxy. We shipped two detections this week that stop trusting the launch snapshot: a J7 honeypot re-simulation, and on-chain proxy implementation analysis.

Every swap, mint and burn on every Uniswap V2 pair we have watched since February 1st, aggregated pool by pool. Buyers collectively left 16,830 ETH inside scam pairs, and ruggers have already pulled 8,257 ETH of it out. Here is the full accounting.

Most scam checks tell you a token rugged after it happened. This week we shipped four new signals, and the headline one is different: it watches the mempool for the operator's rug transaction - pull liquidity, raise the sell tax, blacklist, pause, mint - and flags it before it is mined. Plus sybil-holder clustering, lock-quality nuance, and phishing-bait detection. Our signal catalogue went from 55 to 105.

After four months and 93,000 analyzed contracts we thought our funnel saw everything. An independent dev.to study showed us a structural blind spot: the fake-USDT family never creates a pool, so our DEX-triggered ingestion never saw it. We measured the gap at ~0.5% and closed it with deploy-time ingestion. The first two days flagged 77 fake stablecoins.

A token can call itself Tether USD with the symbol USDT and show up in your wallet as real money, while being worth nothing. That is a fake-USDT / proof-of-funds scam: the spoofed metadata is the whole con, and it plays out off-chain. The one check that saves you, plus how we flag it the second it deploys.

A proxy contract keeps your token's address fixed but lets the owner swap out the logic behind it. That is great for real protocols fixing bugs, and perfect for a clean-looking token that turns into a honeypot the day after you buy. The address never changes, the code does. How rug-by-upgrade works, and the checks that catch it.

Before your swap is mined it waits in the mempool, in plain sight. A bot can buy in front of you, let your trade climb the price, and sell right after - pocketing the difference. That's a sandwich attack, and the slippage tolerance you set is exactly how much it's allowed to steal. Worked example + how to stop being the filling.

Nobody sets a token's price on Uniswap. It falls out of one rule: x times y equals k. Once you can do the arithmetic, slippage, price impact, the importance of liquidity, and the illusion of market cap all stop being jargon and become obvious - and you can see a honeypot for what it is: this same machine with the exit bolted shut.

We scanned 15,959 new Ethereum tokens in 30 days and 6,968 came back high-risk. Here's what they had in common, ranked: the honeypot trap (54%), the disposable wallet (53%), the rug setup (54%), and the opaque contract (44%). One signal is rarely the whole story - scams stack them, and the stack is the tell.

A honeypot doesn't rug later - the exit is shut the moment it launches. Across 41,896 scam tokens we've scanned since February, 13,526 returned a failed sell simulation: buy works, sell reverts. 11,940 failed both. We walk through Patriotic Summer (PATRIOTIC), a textbook honeypot our scanner flagged 6 minutes after deployment, and show exactly which signals slam the door.

Second issue of the weekly rug roundup. May 25-31: 780 rugs flagged, 1,476 ETH ($3.7M) extracted by operators. Two outlier whales - OpenTrade (389 ETH) and Cycles (292 ETH) - ate 46% of the week. The other 778 contracts averaged 1.02 ETH each, with the top 20 clustered around the 7.5 ETH template we documented Wednesday.

Stripe Tempo is a standalone L1, not an ERC-20. 7 fake $TEMPO contracts already deployed on Ethereum, 5 of them in 3h41 on May 3. Two funder clusters share four of the five - same script, deployer-rotated. We walk through the wave and how to spot the pattern next time.

30+ rugs on Ethereum in 30 days followed the same numerical playbook: 10 ETH in, 17.5 ETH out, 7.5 ETH profit. Different names, different deployers, identical script. We walk through why the assembly line locked in on that exact number.

First issue of our weekly rug roundup. May 18-24: 1,469 tokens flagged as high-risk, 56 with a perfect 100/100 score. Headline names: zachxbt brand-jack, Matt Furie's thump, Rip Moodeng, Gay Altman, the American Reserve Modernization Act. Full table, dominant flags, mini case studies.

Every flag is visible on-chain before the buy. The median V2 rug pulls in 12 seconds. People still get rekt. Six measurable cognitive patterns + the only fix that scales.

Pulled the git log on every repo we've shipped since Feb. 7728 commits across 27 repos in 16 weeks. Four phases, two surprises, and the story of how the build actually went.

Gimbutis Coin is a real project - apps, stream, 3.5-year domain. But both their ERC-20 tokens (Silver GXAG and Gold GXAU) carry the same 7 risk flags: unrestricted_mint, upgradeable_proxy, hidden_owner. That is a systematic design choice, not a misconfiguration. PAXG and XAUT (the standard for backed tokens) are deliberately constrained against exactly these patterns.

944 Ethereum scams deployed at vanity addresses ending '1110' since April 6. 132 this week. One wallet ran 21 of them in the last 7 days. The 1110 pattern is the marketing signature of an active industrial scam factory.

How we score every new ERC-20 on Ethereum: 8 analyzers, 52 signals, the heuristics each one uses, and the false-positive / false-negative trade-offs we accept.

May 18, 2026: jury rules against Musk in the OpenAI lawsuit. Same day on Ethereum: 15 'Musk / Grok / OpenAI' tokens deployed (+114% vs the day before), 11 confirmed scam. The full list, with addresses and risk scores.

Search Console shows 242 impressions in 7 days where someone typed the GXAG contract address into Google with a `site:gimbutiscoin.com` filter. That is buying-intent at point-blank range. We rank position 7-8 and convert zero of them. Here is what the token actually is and what we are doing about the ranking gap.

On Ethereum, 'who deployed this scam token' is the wrong question - the deployer wallet is fresh every time, deployed once and abandoned. We re-mapped 9,520 scam-deploying wallets back to the wallet that funded them, and the picture changes completely: 98% of scams come from disposable wallets, but eleven funder-rooted clusters re-emerge as the actual factories.

Fake cryptocurrency is not a vibe - it is a measurable on-chain pattern. We ran 78,723 Ethereum tokens through a 9-dimension scanner, 36,263 came back as scams, and the same 9 signals kept showing up. Here is each one in plain English, with the exact rate it appears in confirmed scams from our dataset.

On the surface, De.fi Shield and RektRadar look alike: $10-20/month, both promise to keep you safe from rugs and honeypots. They are not the same product. Shield protects what's already in your wallet by tracking approvals. RektRadar protects you from buying scams in the first place. The pricing similarity is the only thing they share.

78,723 distinct ERC-20 contracts have been analyzed end-to-end through our 9-dimension pipeline. 36,263 of them - 46% - score 70 or above on the RektRadar risk scale. Here is what they have in common and which legitimate tickers they impersonate most.

Of 1,078 confirmed scam tokens scored by RektRadar, 927 share the exact same on-chain signature. The Sell Wall Honeypot is now the default scam architecture on Ethereum, and it's accelerating: 75% of confirmed honeypots all-time were deployed in the last 30 days.

Tesla's humanoid robot Optimus has been the trending Musk meme of the spring. On May 11, 17 fake $OPTIMUS contracts shipped on Ethereum in a single 9-hour window. Two scored a perfect 100/100. Same factory pattern as $CLAUDE, KEKIUS, MOODANG.

Elon Musk briefly renamed his X profile to 'Kekius Maximus' in late 2024. Within months, scammers had shipped nine ERC-20 contracts using the name on Ethereum. We just caught the latest one at 70/100 and walk through the full set.

24 deployer wallets. 24 rugged ERC-20s. 1 funder. 48 hours. A worked example of why scoring a contract alone is not enough - the network catches what the contract hides.

A few people asked what's actually under the hood of RektRadar. Here's the writeup. 14 microservices, 3 Ethereum nodes (1 archive on Hetzner + 2 mempool watchers on OVH), hexagonal architecture so I can plug Solana later, ~200ms parallel detection pipeline.

We mapped every Claude-branded rug pull on Ethereum mainnet over the last 180 days. Six confirmed liquidity pulls, ~$337K extracted total. One contract -- 0x43baa6 -- accounts for ~$314K alone, drained over six consecutive days starting March 26.

Fifteen $CLAUDE-branded contracts shipped on Ethereum in two weeks. Highest score: 100/100 (Claude Musk, full honeypot). The pattern is identical to MOODANG, UCAT, and the AI-trend brand-jack - but with one new twist.

Five Unicat-branded tokens shipped on Ethereum between April 26 and May 2. Three scored 70+ on RektRadar's risk scale. Zero have a DEX pair. Here is the data and the pattern.

Eleven MOODANG contracts shipped within 24 hours, eight in a single 4-hour window on May 1st. All honeypots. Same flag pattern across every single one. This is what a meme-driven scam factory looks like on Ethereum.

33,311 deployers. 10 million funding edges. 494 connected scam clusters. We built a 3D explorer to navigate the graph, and it changes how you read a contract on Ethereum.

27 contracts. 24 confirmed scams. One wallet. The serial scammer pattern is more boring and more obvious than retail thinks - and on-chain data exposes it before the next rug ships.

52 SEO pages were rendering server-side from our SaaS API. Wrong stack for the job. Here is what we moved, what broke (twice), and how the cache won 24 hours of stale canonicals.

Most rug pulls hit the chat 5 minutes before retail buys. A Discord bot that scans any contract in 10 seconds is the cheapest defense your community can install.

2,220 rug pulls. 4,157 ETH stolen from victims. $9.5M in 90 days -- and that is just what RektRadar tracks. Here are the real numbers from our on-chain analysis pipeline.

$xAI tokens on Ethereum: 100% scam rate. $SAM: 40%. $AGI: 42%. Scammers deploy honeypots within hours of any trending name -- here is our data from 69,000+ analyzed contracts.

If you are a wallet or dApp integrating scam protection, you probably want both. GoPlus brings API breadth across 30+ chains. RektRadar brings depth on Ethereum mempool and deployer signals. The integration patterns and the comparison.

TokenSniffer's audit-report API runs $99/month on the Pro plan. RektRadar's Ethereum scam checker is free, no signup. The price gap is one differentiator; the bigger one is that TokenSniffer audits the contract and RektRadar audits the deployer + mempool. Here is the honest side-by-side.

Etherscan tells you what happened on-chain. RektRadar tells you whether it is a scam. A side-by-side of what each tool actually does, with a comparison table and an honest verdict on when to use each.

Brave Search doesn't index RektRadar yet -- 0 results for site:rektradar.io. Here's what Brave Search is, why it matters for a crypto product, and how the IndexNow protocol gets us in the queue.

Real XRP runs on the XRP Ledger -- not Ethereum. Yet 37 contracts use the $XRP ticker on Ethereum mainnet, 31 of them (84%) are flagged as honeypots. Full breakdown + how to spot them.

Real numbers from 66,000+ analyzed contracts: $WAR, $XRP, $PEPE, $Shiba, $USDT and 5 more, with scam ratios up to 100%. The full ranking + how to protect yourself.

A practical 2026 guide to spotting honeypots, rug pulls, and brand-jacked tokens. Seven concrete on-chain checks anyone can run in five minutes, with the exact patterns to look for.

How we went from "another rug, another inbox of messages" to a real-time scam detector that ranked 12th on Google for "ethereum scam detector" in two months. The vision, the path, and what's next.