Data 2026-05-06

$MOODANG hype unleashed 11 honeypot contracts in 24 hours

Eleven MOODANG-themed scam tokens deployed within hours of the meme trending. Same playbook each time: honeypot, sell-failed, hidden owner. The on-chain forensics behind a meme-driven scam factory.

A baby hippopotamus from Khao Kheow Open Zoo in Thailand went viral in late 2024. Her name is Moo Deng. The market response a few months later, on Ethereum: eleven separate $MOODANG contracts flagged as scams by RektRadar. Eight of them were deployed inside a single four-hour window on May 1st, 2026. Every contract followed the same playbook.

This post is the on-chain forensics of that 24 hours: who shipped what, the exact flag pattern that repeats across every contract, and why “hype + new ticker” remains the most reliable rug signal on Ethereum.

Timeline - the deployment burst

All eleven contracts in our database, sorted by creation time:

AddressRisk scoreFlagsCreated (UTC)
0x6b079d73…06d63f70142026-04-26 23:16
0x32ed6da8…5708057092026-04-29 13:16
0x591aba01…d0979c70102026-05-01 00:34
0x86d8b6a6…7211108092026-05-01 04:32
0x0d0459d4…5211107062026-05-01 04:40
0xff614651…ea9673486132026-05-01 04:44
0x66051483…b793d80112026-05-01 04:58
0x2487645d…495e8270112026-05-01 05:09
0x27eb5436…cae177ec100172026-05-01 05:16
0x0659c3e8…ead3206052026-05-01 08:32
0xa2417a88…128524c6052026-05-01 08:32

Two outliers seeded the trend (April 26 and 29, both still flagged 70). Then nothing for two days. Then eight contracts in 240 minutes, with risk scores climbing from 70 to a perfect 100 as the deployers iterated. Three of the names are written in Thai - หมูแดง and น้องหมูแดง - the literal translation of “moo dang” (Thai red pork barbecue). Same meme, native-language deployer flavor.

The 04:32 → 05:16 cluster is the actual “factory hour”: six new contracts in 44 minutes, by what looks like at least two distinct deployers iterating on the same template.

The flag pattern is identical

Every honeypot in this set shares the same core mechanic: buy_failed + sell_failed + honeypot as the top three risk indicators. The contracts let the buyer’s transaction land but block the sell, draining the liquidity pool with one-sided trades.

The score-100 contract (0x27eb…177ec) carries 17 individual risk flags. The combination is what tipped it over the threshold:

  • Liquidity & trading: low_liquidity, buy_failed, sell_failed, honeypot, creator_holds_all_lp, buy_only_pattern
  • Control patterns: trading_control, hidden_owner, conditional_transfer, block_dependent_logic, approve_with_transfer
  • Bytecode signals: reflection_token, multi_flag_rug_setup, multi_flag_confirmed_scam, scam_factory_name
  • Wallet provenance: new_wallet, no_graph_data

scam_factory_name is the giveaway. RektRadar’s name-similarity classifier matches the contract name against known scam factory patterns - when this fires alongside the trading control flags, you get a contract that looks like the meme but is mechanically designed to one-way trade. Read more on the detection logic in the serial scammer wallet anatomy.

Why the hype is the signal

Honeypot deployers cannot generate organic interest. They need a meme they can ride. So the chronology is always:

  1. Real meme goes viral off-chain (Moo Deng the baby hippo, Doge, Pepe, Shiba, NEIRO, MOG, every cycle).
  2. Speculators start searching the ticker on Etherscan, DEX Screener, Telegram groups.
  3. Scam factories ship a contract within hours. Sometimes minutes.
  4. The contract is named after the meme. The bytecode is templated.
  5. Liquidity is added (often less than 1 ETH, sometimes locked-as-burned to look legit).
  6. First buyers land. Sells fail. Liquidity drains.

The eight-contract burst on May 1st maps cleanly to step 3. The previous two contracts (April 26 and 29) are step 1 and 2 of the same playbook - early opportunists testing the waters before the factories scaled up.

If you cannot type the ticker without seeing it on X first, you are step 4. Two minutes of verification before buying:

  1. Look up the contract address on a forensics tool that reports flag patterns. RektRadar exposes a public scam page per ticker - for example, /scam/MOODANG lists every flagged contract with that symbol, sorted by risk score.
  2. Check the deployer wallet history. A wallet that has shipped multiple flagged contracts in the same week is the signal - past behavior is the strongest predictor (see the serial-scammer dataset).
  3. Check liquidity. Less than 1 ETH locked, single-sided pool, or LP held entirely by the deployer = honeypot mechanics waiting to fire.
  4. If the ticker is meme-trending in the last 48 hours and the contract is fresh, default-assume scam until proven otherwise. The base rate is overwhelmingly against you.

The eleven MOODANG contracts cost their buyers some ETH each. The pattern that produced them is reusable forever. The next viral meme will get the same treatment within hours of trending - that’s the entire business model of a scam factory.

If you want the live list of every flagged token by ticker, it’s at app.rektradar.io/scam/SYMBOL - drop any ticker into the URL and you’ll see the same forensics view. The API is at /api/scam/SYMBOL for programmatic checks.