Fake volume, real victims: anatomy of a wash-traded token

We pulled this week's most-swapped Ethereum tokens. Almost all are scams, and the volume is largely faked. Two case studies: $CAP and $AI.

By Bryan Martin - founder of RektRadar. Ethereum scam-detection infrastructure since 2024.

A token with thousands of swaps in a week looks alive. On a tracker it is a green line going up and to the right, the kind of thing you screenshot and call “momentum.” The intuition is reasonable: real demand leaves a trail of trades, so a lot of trades should mean a lot of demand.

On Ethereum right now, that intuition is mostly wrong.

We pulled every token by swap count over the last seven days. With the obvious exception of the stablecoins (USDC, USDT), nearly every one of the most-swapped tokens of the week is flagged as a scam by our scanner (risk score 70 or higher). And when you look at who is doing the swapping, a lot of that “volume” turns out to be manufactured.

Here are two of them, taken apart.

Case study 1: $CAP, a honeypot in a volume costume

$CAP lives at the vanity address 0x99991fd6a4d396e6d51e7cb3d28aee6f9b8e9999 - the repeated 9s are a deliberate flex, mined to look legit. It did 8,435 swaps this week. By swap count alone it was one of the most active tokens on the chain.

It is also a hard honeypot. Our contract simulation flags sell_failed: the sell path reverts. You can buy $CAP, you cannot sell it. On top of that, more than 90% of supply sits in a single wallet (single_holder_above_90pct), and the contract carries scam_factory_name and multi_flag_confirmed_scam.

So where do 8,435 swaps come from on a token nobody can sell? From wash trading. We resolved the real senders behind the swaps and looked at the top five:

Buyer walletTimes it “bought” $CAPHistory elsewhere on-chain
0x7aaa2749…170none
0xa6f44e7f…169none
0x40f941b0…169none
0x3894a141…169none
0x35fc19b2…168none

Five wallets, each buying the same token roughly 170 times, and none of them has touched anything else on the chain. These are not traders. They are puppets: addresses spun up to pump the swap counter and the holder count so the token reads as busy on every tracker that ranks by volume. The manufactured activity is the lure. Real buyers see the green line, ape in, and discover the sell button is decorative.

Out of 150 distinct addresses that bought $CAP, every one is now holding a token it cannot exit.

Case study 2: $AI, volume laundered across four pools

$AI (0x4d7078ddd6ccfed2f85db5b7d3ff16828d378d48) is the same idea with better production values. It posted 91,688 swaps across four separate pools. Splitting the activity across multiple pools makes the volume look more organic than a single wash pool would, and it pads the numbers on aggregators that sum across venues.

The contract itself is the tell. Our analysis flags it as an upgradeable_proxy with unrestricted_mint, suspicious_assembly, and block_dependent_logic, deployed by a wallet we tag mass_deployer and deploys_scam_bytecode. In plain terms: the supply is uncapped, the logic can be swapped out after you buy, and the deployer is a repeat offender who ships this same bytecode again and again. There is no version of “$AI is going viral” that is good news for a buyer. It is inorganic volume in front of a contract built to be rugged on command.

How to read past the green line

Swap count and volume are the easiest on-chain metrics to fake, because anyone with a few wallets and some gas can generate them. They are not evidence of demand. When a token suddenly looks busy, the questions that actually matter are:

  • Who is buying? A handful of wallets doing hundreds of trades each, with no history anywhere else, is wash trading, not a crowd.
  • Can you sell? Run the contract through a honeypot simulation. If the sell path reverts, the volume is bait.
  • Where is the supply? One wallet holding 90%+ means the float is theatre.
  • Who deployed it, and what else have they shipped? A serial deployer of the same scam bytecode is not launching a community.

None of this requires trusting a tracker’s green line. It is all on-chain, and it is exactly what our scanner checks on every contract.

TL;DR

  • This week’s most-swapped Ethereum tokens are, stablecoins aside, almost all scams.
  • $CAP: 8,435 swaps, a hard honeypot, 90%+ in one wallet, and five puppet wallets each buying ~170 times with zero history elsewhere. 150 real buyers, all trapped.
  • $AI: 91,688 swaps spread across four pools, an upgradeable proxy with unrestricted mint from a serial scam deployer.
  • On-chain virality is gameable and routinely gamed. Volume is not legitimacy.

Before you ape the token everyone is suddenly trading, scan the contract. It takes one request: rektradar.io.