Data 2026-05-08

$CLAUDE rug pull factory: 15 fake tokens in 14 days as scammers ride the AI brand

Anatomy of the $CLAUDE scam wave on Ethereum: 15 contracts using the Claude name detected by RektRadar between April 24 and May 7. Top score 100/100, multiple confirmed honeypots, full pattern breakdown.

Between April 24 and May 7, fifteen smart contracts using the Claude name or some variant of it landed on Ethereum mainnet. The highest-risk one - Claude Musk (CM) - scores 100/100 on the RektRadar scale and has every honeypot flag in our catalog firing at once.

This is the third large-scale brand-jack we have walked through publicly in two weeks, after the MOODANG case study and the Unicat case study. The mechanics keep repeating. The trends rotate.

The scoreboard

The 15 contracts split cleanly into three risk tiers. Here are the seven highest-impact ones:

AddressSymbolNameScoreVerifiedDetected
0xdd92ee…d33fCMClaude Musk100Yes2026-05-07
0xd32175…1110XCLAUDEXCLAUDE80Yes2026-05-06
0xde5fb0…aeae7KellyClaudeKellyClaude80Yes2026-05-05
0xe57713…fd26CLAUDSTRClaude Strategy80Yes2026-05-02
0xd81a93…b95dCLAUDEClaude80Yes2026-04-25
0x69c492…20ffCLAUDECLAUDE80Yes2026-04-24
0x226f69…0615🙌PPCPeppy Claude70No2026-05-07

$CM - the perfect honeypot

Claude Musk (0xdd92ee...d33f, deployed May 7) is the most complete honeypot in the dataset. Its risk profile reads like a playbook:

  • buy_failed - RektRadar’s transaction simulation shows that buying the token from a DEX reverts.
  • sell_failed - selling reverts too. So the token cannot trade in either direction.
  • honeypot - the meta-flag confirming items 1 and 2 above are not transient.
  • blacklist_function - the contract has a function that lets the deployer freeze any wallet at will.
  • hidden_owner - ownership is not publicly callable; the address that controls the contract is hidden behind a proxy or storage slot.
  • conditional_transfer - transfers route through a check that the deployer can flip on or off.
  • creator_holds_all_lp - the deployer owns 100% of the liquidity pool tokens, so they can pull liquidity at any moment.
  • buy_only_pattern - historical trades show buyers but not sellers, the classic honeypot tell.

Twelve flags concurrent on a single contract is the worst we have seen on a CLAUDE-branded token this year. The contract is verified on Etherscan, which makes it slightly more credible to careless users - but reading the verified source confirms the trap.

Why “Claude” attracts scammers

Three reasons converge:

  1. AI brand recognition. The Claude name is associated with Anthropic, one of the most-searched AI labs on Google in 2025-2026. Anybody Googling “Claude crypto” or “Claude token” is statistically a buyer the deployer can intercept.
  2. No official Anthropic token exists. Unlike OpenAI which has been actively flagged by exchanges, Anthropic has zero on-chain footprint. Scammers know there is no canonical contract address to compete with - anybody searching “Claude token” finds whatever the SEO ranks first, and SEO can be bought.
  3. The “Musk” amplifier. Half the variants we found splice Claude with Musk (Claude Musk, KellyClaude, xClaude) - riding the dual celebrity-tech meta. Each splice adds a search term and a buyer pool.

This is the same exact pattern we documented in the AI brandjack post on $xAI and $SAM. The bait is the brand. The contract is just a delivery mechanism.

The variants matter - same name, different attack

The 15 contracts use seven different name shapes:

  • CLAUDE - the literal ticker (3 contracts)
  • Claudes - pluralized (4 contracts, all from the same April 27 batch)
  • Claude Musk / KellyClaude / xClaude / XCLAUDE - celebrity splice (4 contracts)
  • CLAUDSTR (Claude Strategy) - pseudo-strategy framing (2 contracts)
  • 🙌PPC (Peppy Claude) - emoji obfuscation
  • ClaudeFM (Lofi Claude) - sub-genre framing

Each shape targets a slightly different search query. A user typing “Claude crypto” finds different first results than one typing “Claude AI strategy”, and scammers know it. The factory pattern here is not “one wallet ships fifteen contracts” - it is fifteen distinct deployers, each picking a different angle on the same brand, racing to capture whichever search query Google ranks them on first.

That is harder to dismantle than a single-deployer factory. There is no single wallet to blacklist.

What victims actually see

The honeypot variants (CM, XCLAUDE, CLAUDSTR, CLAUDE) all share the same downstream UX for a victim:

  1. Buyer finds the contract via Twitter shill, Telegram group, or organic search.
  2. Buyer spends ETH to buy through Uniswap.
  3. Transaction succeeds. The wallet now shows a Claude token balance.
  4. Buyer waits, or tries to take profit by selling some.
  5. Sell transaction reverts with a generic “transfer failed” error. Some wallets present this as “insufficient gas” - buyers retry, lose more in gas, still cannot exit.
  6. The deployer eventually pulls the LP. The token is unrecoverable.

The crucial detail: step 3 (buy succeeds) makes the scam feel legitimate for the first hour. Most victims only realize what happened when they try to sell - by which point the deployer has already extracted all routable liquidity.

How to protect yourself

Three rules that catch the entire CLAUDE batch without any tooling:

  1. Anthropic does not have a token. Any ERC-20 named Claude on Ethereum mainnet is by definition not affiliated with the Anthropic team. If you remember nothing else, remember this for AI-brand tokens broadly: the AI lab itself is not the issuer.
  2. Always simulate the sell, not just the buy. Tools that only check that the buy works (a few cheap scanners do this) will pass honeypots. RektRadar runs both buy and sell simulations on every analysis - the buy_failed / sell_failed flags are the only reliable honeypot indicator at scale.
  3. Read the deployer’s history. A wallet that just shipped its first contract three days ago, holds 100% of the LP, and has no other recent transactions is a one-shot trap. The new_wallet + creator_holds_all_lp combination on its own is enough to walk away.

You can scan any of the 15 CLAUDE contracts above on the $CLAUDE scam tokens catalog on Ethereum - the data is fresh and free. If you bought one of these and want to understand what happened post-mortem, the per-token detail page also shows which Etherscan label, exchange, and on-chain heuristic flagged it first.

We will keep documenting these waves as they happen. The next ticker will trend, the next factory will spin up, and the same playbook will repeat - only the brand changes.