Data 2026-05-18

Google sent 242 due-diligence searches to a silver scam token

GXAG: 7 red flags, 0 buyer warnings converted. 242 GSC impressions in 7d on the contract address. Free scan, no signup.

By Bryan Martin, founder of RektRadar. Ethereum scam-detection infrastructure since 2024. GitHub and LinkedIn.

Search Console handed us a strange dataset this week. Across the last 7 days, Google logged 242 impressions for our pages indexing the token GXAG (“Gimbutis Silver”) at 0xea4bc384184a5ccb02a079ea76931c57732c5de4. Zero clicks. Position averaged 7-8.

When we pulled the actual query strings, every single one followed the same shape:

site:gimbutiscoin.com "0xea4bc384184a5ccb02a079ea76931c57732c5de4"

That is not a casual search. That is somebody pasting the contract address from a Telegram pitch, a Twitter shill, or their wallet, and asking Google whether the project’s own domain confirms it. They are seconds away from a buy. They scrolled past us.

This post walks through what GXAG actually is in our database, why the search pattern is interesting, and what the silver-backed-token scam landscape looks like in our 81,044-token dataset.

Dataset snapshot

Snapshot: 2026-05-18 UTC. Source: token_analysis on eth1 (PostgreSQL), Google Search Console for sc-domain:rektradar.io, and the rektradar-app SPA routes for /scam/<TICKER>.

  • Total tokens analyzed: 81,044
  • Tokens with “silver” in the name: 42
  • Of those, score >= 70: 21 (50%)
  • Of those, score >= 80: 14 (33%)
  • GXAG risk score: 70 / 100
  • GXAG flags: 7
  • GSC impressions on /scam/GXAG* over 7 days: 242
  • GSC clicks: 0

The signal: 242 due-diligence searches we did not convert

GSC anonymizes most query strings, but the ones it returned in clear all match a single template. People are using Google as a verification step. They have the contract address from somewhere off-platform, they know the project claims a website at gimbutiscoin.com, and they want Google to confirm whether the official site mentions the same address.

That is one of the highest-intent moments in any crypto purchase funnel:

  1. The buyer already trusts the brand enough to consider a buy.
  2. They are skeptical enough to look up the contract.
  3. They are choosing what they trust based on which results Google ranks first.

We score 7 to 8 on average for these queries. Either the project’s own site (which they explicitly asked for via site:) or random aggregators rank above us. The buyer never sees the RektRadar verdict.

The conversion math is brutal: 242 zero-cost impressions, against zero pageviews, on a query template that is essentially “is this contract safe”. This is a ranking problem, not a content problem. The content is the score and the flag list. We have those. We need them positioned ahead of the project’s own marketing.

The token: Gimbutis Silver (GXAG) at 70 / 100

Here is what token_analysis says about the contract, with timestamps and the raw flag list:

FieldValue
Address0xea4bc384184a5ccb02a079ea76931c57732c5de4
NameGimbutis Silver
SymbolGXAG
Risk score70 / 100
Statusdone (last analysed 2026-05-02 19:41 UTC)
Contract typeTransparentUpgradeableProxy
Verified on Etherscanyes
Compiler0.8.9
Total supply5,595 GXAG
Has Uniswap V2/V3 pairno
Deployer wallet0x81427f48...986a15
Contracts shipped by this deployer18
Funder wallet0x2a2ee92a...0602ff
Other deployers this funder bankrolled12
Implementation contract0x93cd61a6...f38ef4c

Two structural things matter here:

  1. The contract is a TransparentUpgradeableProxy. The Solidity at 0xea4bc384... is a thin shell that forwards every call to the implementation at 0x93cd61a6.... The owner of the proxy can replace that implementation at any time, with any logic, including a logic that drains balances or freezes transfers. This is the difference between “I bought a token” and “I bought a token whose code can change tomorrow.”
  2. There is no DEX pair. You cannot buy GXAG on Uniswap V2 or V3 today. The DD searches are not even targeting an open market. They are pre-launch, which is the single most expensive moment to be wrong about a token.

The flag chain: 7 red flags break a token in 7 ways

GXAG’s flag list, in order of severity:

  • hidden_owner (danger). The ownership address is not exposed by a standard owner() call. Either the project re-routed owner() through a proxy slot, or it renamed the accessor entirely. Either way, you cannot trivially verify who controls the contract.
  • unrestricted_mint (danger). The implementation exposes a mint function with no cap, no whitelist, no time-lock. Whoever owns the contract can multiply supply against your stake at any block.
  • upgradeable_proxy (warning). Already covered. The code can change.
  • suspicious_assembly (warning). The bytecode contains inline assembly blocks that touch storage slots outside the standard ERC-20 layout. Usually used for the proxy slot rewrite or for non-standard ownership.
  • no_dex_pair (info). No Uniswap V2 or V3 pair found at analysis time. Combined with unrestricted_mint, this is the textbook pre-rug state: deployer can pre-mint into their own wallet, then create the LP at launch with whatever ratio they choose.
  • mass_deployer (network). The deployer wallet has shipped 18 contracts. Sample any of them and the pattern repeats: thin shell, hidden control, no audit, no team. Serial deployers do not write one good contract.
  • mass_funder (network). The wallet that funded this deployer’s gas has bankrolled 12 other deployer wallets. That is a cluster signal. It does not name the human, but it does say “this is one ring shipping many factories.”

The two on-chain network flags are the ones the project’s own website cannot rebut. A scammer can claim renounced ownership in their docs. They cannot un-deploy the other 17 contracts their wallet already shipped, and they cannot detach themselves from the funder they share with 12 other scam wallets.

The silver scam landscape

Silver-backed crypto is a real category. Kinesis Money’s KAG tokenizes physical silver bullion. Ondo Finance has SLVon, a tokenized iShares Silver Trust position. A handful of other regulated issuers operate similar products. Real silver-backed tokens have known issuers, public audits, and contract addresses that match their official documentation.

Our dataset has 42 tokens with “silver” in the name. Their score distribution:

Silver-named tokens by risk score, GXAG highlighted at 70 / 100

Fourteen of the 42 (33%) score 80 or higher. Twenty-one (50%) score 70 or higher. The KAG ticker alone appears 5 times. SLVC (“SilverCanyon”) appears 8 times. The legit issuers (Kinesis, SilverCanyon when it actually is the canonical contract) are buried in a wave of look-alikes. The scammers know precious-metal-backed crypto buyers skew toward older, inflation-hedging audiences who are less practised at contract verification than DeFi natives.

GXAG itself sits at 70, mid-pack in the silver impostor distribution. It has not yet hit the 80-plus band, which usually only happens after a DEX pair is created and our buy/sell simulations confirm the trap. With no pair today, our network-layer flags carry most of the weight.

Why scammers target silver impersonation

Three pieces fit together:

  1. The category has high-trust legitimate issuers. Kinesis, Ondo, and others give scammers a coat of credibility to borrow. “Silver-backed” sounds responsible. The word “tokenized” sounds regulated.
  2. The audience is on-ramp friendly but contract-shy. Gold and silver bugs have been thinking about hard-asset stores of value for decades. A “tokenized silver” pitch lands. The same audience often has never read a Solidity contract.
  3. The keyword space is uncrowded. Searches for “silver-backed crypto” or “tokenized silver Ethereum” pull a handful of legitimate sites and not much else. A scam project that registers gimbutiscoin.com, copies the surface design of a legit issuer, and ships a contract can rank reasonably fast.

The pattern is the same as the Kekius brand-jack and the AI brand-jack waves we documented earlier, applied to a different niche. The bait swaps. The contract delivery is interchangeable.

Three rules that catch GXAG and the next one

You do not need RektRadar to avoid this specific contract. Three checks catch every variant of the pattern:

  1. Search the contract address with the project domain explicitly. The same site:<project-domain> "<contract>" query that 242 Google users ran this week is the right query. If the official site does not show the exact same contract address in cleartext, you are not buying what they are pitching. The fact that 242 buyers did this and still considered the trade suggests they were treating “no site mention” as “maybe my source was wrong” instead of “walk away”.
  2. Reject upgradeable proxies for anything you are not willing to redeposit weekly. A TransparentUpgradeableProxy means the underlying code can change. Real silver-backed issuers occasionally use proxies, but they pair them with public multisig admins, time-lock contracts on upgrades, and audit trails. GXAG ships a proxy with no public admin set and no time-lock visible in the source. Default to “no” unless the project produces a multisig address and a time-lock contract you can verify on Etherscan.
  3. Look at the deployer’s last 10 contracts. Etherscan exposes this for free. Click “Contract Creator” on the token page, then “Internal Transactions” or “Contract” on the deployer wallet. If the wallet has shipped 18 contracts in the last 90 days and none of them have a recognisable team or audit, you are buying from a token factory. The contract you are buying is the product the factory ships, not a project.

You can scan any silver-named ERC-20 (or anything else) on the free public catalog at /scam/GXAG and the broader hub at /scam. Data is fresh, free, and there is no signup.

Limits of our data

  1. GSC clear-text queries are a small fraction of total impressions. Google anonymizes most query strings to protect user privacy. The 4 queries we saw in cleartext returned 12 impressions total. The remaining 230 impressions on the GXAG pages followed similar patterns (we can see this from the impression-per-page rollup), but the exact query strings are hidden. The conclusion “all 242 are DD intent” is the most likely reading given the structure of the surfaced ones, not a certain one.
  2. Scorer-conditional percentages. The “33% of silver-named tokens score 80+” stat reflects “tokens our multi-flag scorer classified high-risk”, not “33% of silver tokens are scams in some absolute sense”. A token can pass our scorer and still be a scam (false negative). A token can fail and still be salvageable (false positive on rare designs). Treat scoring as evidence, not verdict.
  3. Sampling window. The 81,044-token snapshot covers tokens ingested via our mempool_watcher and factory_watcher since 2024. Tokens deployed before our watchers came online, deployed without typical factory patterns, or deployed via direct transactions we did not index, do not appear in the dataset. Silver-token scams from earlier eras are under-counted.

TL;DR

  • GXAG (Gimbutis Silver) at 0xea4bc384184a5ccb02a079ea76931c57732c5de4 scores 70 / 100 with 7 red flags.
  • Google Search Console logged 242 impressions in 7 days of buyers running site:gimbutiscoin.com "<contract>" due-diligence queries. We converted 0.
  • Of 42 silver-named tokens in our dataset, 14 (33%) score 80 or higher in the high-confidence scam band.
  • The trap structure is: TransparentUpgradeableProxy plus hidden_owner plus unrestricted_mint, with mass_deployer (18 contracts) and mass_funder (12 funded wallets) on the network side.
  • The ranking gap is the lesson. Buyers ask Google the right question. We need to be the first answer they see.

Try the free scan, no signup, no card on any contract address and you will get the score, the flag list, and the deployer history in under a second.