Most “scam token” warnings are about what might happen: the liquidity could get pulled, the owner could mint. A honeypot is different. It’s not a bet on the future - the trap is armed the second the token goes live. You buy. You try to sell. The contract reverts. Your money is in, and there is no path out.
We can prove this without waiting for anything to happen, because we don’t predict - we simulate the sell.
The number
Since February 12, 2026, RektRadar has analyzed and flagged 41,896 high-risk Ethereum tokens (risk score ≥ 70). Within that set:
| Signal | Tokens | What it means |
|---|---|---|
honeypot | 15,042 | Classified as a honeypot by the full signal set |
sell_failed | 13,526 | Live sell simulation reverted - you cannot sell |
buy_failed + sell_failed | 11,940 | Both sides gated - pure trap, often router-only |
13,526 tokens where the exit was already shut at the moment we scanned. Not “this looks risky.” Buy went through in the simulation, sell came back reverted. That’s the whole con: liquidity that only flows one way.
How we know - sell simulation, not guesswork
When RektRadar analyzes a token it runs an on-chain simulated trade against the live contract: a buy, then a sell, on a forked state. A normal token lets both through. A honeypot lets the buy land and makes the sell revert - via a transfer tax that rounds to 100%, a require that only passes for the deployer, balance access gated behind the router, or transfer logic that depends on the block. The label sell_failed is the result of that simulation, not an inference from the bytecode looking suspicious.
That’s why this isn’t a “3 days before the rug” story. There’s nothing to wait for. The door is closed on launch.
One dissected: Patriotic Summer (PATRIOTIC)
0xe9bee59643b5ac047ca432a3cb2e9cb585db3c85
A clean textbook case from this week.
- Deployed: 2026-06-06, 00:34 UTC
- Flagged by RektRadar: 00:40 UTC - 6 minutes later
- Risk score: 80/100
- 15 red flags
The flags fall into three stacks that together describe a deliberate trap, not a careless launch:
The honeypot mechanics (the door itself)
buy_failed / sell_failed | Simulated buy and sell both fail - money in, no way out |
conditional_transfer | Transfers only succeed under conditions the deployer controls |
router_gated_balance_access | Your balance is only readable/movable through the router path |
block_dependent_logic | Behaviour changes based on block - classic kill-switch surface |
approve_with_transfer | Approval silently moves tokens - drains on interaction |
reflection_token | Reflection math used to hide an effective 100% sell tax |
The liquidity setup (no escape for holders)
creator_holds_all_lp | The deployer holds 100% of the LP - can pull it at will |
lp_not_locked | No lock, no timelock - the LP can leave instantly |
low_liquidity | Thin pool - even a small exit moves price to zero |
The operator (anonymous and disposable)
hidden_owner | Real owner masked behind a proxy/obfuscation |
new_wallet | Fresh wallet, no history - built to be thrown away |
multi_flag_rug_setup | The combination itself matches a known rug template |
Any one of these is a reason to walk. Stacked, they’re not a coincidence - they’re a product. And we surfaced the whole picture 6 minutes after the contract existed, before it had a chance to find buyers.
See the full live breakdown: app.rektradar.io/scam/PATRIOTIC/0xe9bee59643b5ac047ca432a3cb2e9cb585db3c85
The takeaway
“It might be a scam” is a guess. “You cannot sell this - we just tried” is a measurement. Of the 41,896 high-risk tokens we’ve flagged since February, 13,526 were already un-sellable when we looked. The honeypot isn’t a risk that develops. It’s a door that was never open.
Paste any Ethereum token address into the free honeypot checker at app.rektradar.io and it runs the same simulated sell, in seconds, before you send anything in.