Most guides to spotting a crypto scam are written from intuition: “be careful of low liquidity,” “watch for anonymous teams.” Useful, but vague. We can do better, because we scan every new token on Ethereum and record exactly which signals each one trips.
So here’s the empirical version. Over the last 30 days RektRadar analyzed 15,959 new Ethereum tokens and flagged 6,968 as high-risk (risk score ≥ 70) - 43.7%, close to one in two. This is what those 6,968 scams had in common, ranked by how often each signal fired.
The ranking
Percentages are share of the 6,968 high-risk tokens that tripped each signal. A single scam usually trips several at once.
| Signal | Share of scams | What it means |
|---|---|---|
no_graph_data | 66.2% | No deployer/funder relationship graph - a wallet with no traceable on-chain web behind it |
honeypot | 54.4% | Classified as a honeypot by the full signal set |
multi_flag_rug_setup | 53.6% | The combination of signals matches a known rug template |
new_wallet | 53.5% | Fresh deployer wallet, no history - built to be discarded |
sell_failed | 44.8% | Live sell simulation reverted - you can buy but not sell |
unverified_bytecode_analyzed | 44.3% | Source not published; we analyzed the raw bytecode instead |
unverified_contract | 44.2% | No verified source code on the explorer |
liquidity_at_creation | 44.2% | Liquidity added in the same breath as deployment - a launch-and-dump shape |
creator_holds_all_lp | 43.3% | Deployer holds 100% of the LP tokens - can pull liquidity at will |
buy_failed | 41.5% | Buy simulation also reverted - both sides gated |
low_liquidity | 37.9% | Thin pool - a small exit moves price to zero |
no_dex_pair | 27.9% | No real DEX pair yet - nowhere to actually trade |
hidden_owner | 26.4% | Real owner masked behind a proxy or obfuscation |
possible_simulation_detection | 22.5% | Contract appears to detect and behave differently for simulators |
opcode_gasprice | 21.8% | Uses GASPRICE opcode - a common anti-bot / conditional-revert trick |
No single signal defines a scam. The story is in the clusters. Sorted into the four things a scam actually needs - a way to trap you, a way to look legitimate, a disposable identity, and an opaque contract - the list reads like a recipe.
1. The trap: honeypot mechanics (up to 54%)
The highest-confidence family, because it doesn’t predict anything - it tests. Before flagging, we simulate a buy and a sell against the live contract.
honeypotfired on 54.4% of scams.sell_failed(44.8%) is the core of it: the buy goes through in simulation, the sell reverts. You can put money in; you cannot take it out.buy_failed(41.5%) means both sides are gated - often a router-only contract where retail can’t even enter; the “buyers” are the operator’s own wallets.possible_simulation_detection(22.5%) andopcode_gasprice(21.8%) are the evasive layer: contracts that try to behave nicely when they think they’re being tested and bite in production.
If sell_failed is present, nothing else matters. The exit is already shut.
2. The rug setup: liquidity you don’t control (up to 54%)
A honeypot won’t let you sell. A rug lets you sell - then removes the pool from under you.
multi_flag_rug_setup(53.6%) is our composite: the specific combination of liquidity, ownership and LP signals lines up with templates we’ve seen rug before.liquidity_at_creation(44.2%) - liquidity added in the same transaction window as deployment is the launch-and-dump shape, no organic build-up.creator_holds_all_lp(43.3%) is the smoking gun: if the deployer holds 100% of the LP tokens and there’s no lock, the liquidity can leave in one transaction, whenever they choose.low_liquidity(37.9%) - a thin pool means even a modest exit collapses the price; you don’t need a “rug pull” event when the pool is paper-thin to begin with.
3. The disposable identity (up to 66%)
Scammers don’t reuse reputations. They mint a fresh wallet, deploy, drain, and walk.
no_graph_data(66.2%) - the most frequent signal of all - means there’s no deployer/funder relationship graph behind the wallet: nothing connecting it to a real, history-bearing on-chain identity. Honest projects almost always trail a web of prior activity. Scams come from nowhere.new_wallet(53.5%) is the direct version: the deployer wallet itself is freshly created with no meaningful history.
Read together: more than half of scams are launched by a wallet with no past and no connections - exactly what you’d build if you intended to throw it away.
4. The opaque contract (up to 44%)
Legitimacy is cheap to fake on the surface and expensive to fake in the code, so scams skip the code.
unverified_contract(44.2%) andunverified_bytecode_analyzed(44.3%) - no published source. We disassemble and analyze the raw bytecode anyway, but the absence of source on a token asking for your money is itself the signal.hidden_owner(26.4%) - the real owner is masked behind a proxy or obfuscation pattern, so the address that looks like “renounced ownership” isn’t the one in control.
What this means for you
The headline isn’t any single percentage. It’s that 43.7% of new Ethereum tokens last month were high-risk, and the ones that were rarely tripped just one wire. The median scam stacks a honeypot or rug setup on top of a disposable wallet and an unverified contract. Each layer alone might be explained away. Together they are not an accident - they are a product, assembled the same way every time.
That’s also why a checklist run by eye is hard: you’d have to verify ownership, simulate a sell, trace the deployer’s history, and read bytecode, in the sixty seconds before you ape in. So we run all 52 signals automatically.
Paste any Ethereum token address into the free rug pull detector at app.rektradar.io and it runs the same checks - simulated buy and sell, LP ownership, deployer graph, bytecode - in seconds, before you send anything in.