Data 2026-05-08

Unicat ($UCAT) honeypot factory: 5 fake tokens deployed in 7 days on Ethereum

On-chain analysis of every $UCAT and Unicat contract on Ethereum. 5 deployments in 7 days, 3 confirmed honeypots, 0 with a DEX pair. Pattern, flags, and what to do.

Between April 26 and May 2, five different smart contracts using the Unicat name or the $UCAT / $UNICAT ticker were deployed on Ethereum mainnet. Three of them score 70 or higher on the RektRadar risk scale. None have a Uniswap pair. None should ever be bought.

This is a small-scale brand-jack pattern we see almost daily on Ethereum. The Unicat case is interesting because it is fresh, it is short (one week of activity), and the data points are clean enough to walk through end to end.

The scoreboard

AddressSymbolNameScoreVerifiedAnalyzed
0xa18d42…e44auCATUnicat70No2026-05-02
0xb3f2cb…bf9fuCATUniCat70Yes2026-05-02
0x36608e…06a5UNICATUniCat70No2026-04-27
0x0dd040…c0deUnicatUnicat40Yes2026-04-26
0x623dc0…c0deuCATuni CAT23Yes2026-04-27

Three out of five score 70+, which is RektRadar’s “do not buy under any circumstance” threshold. The remaining two score in the 23-40 range, meaning they are not actively malicious as far as we can tell, but they are still impostor contracts riding on the same ticker.

The flags that matter

Across the five tokens, two flags appear on every single contract:

  • no_dex_pair - none of these tokens have ever been listed on Uniswap or any other major DEX. There is nowhere to buy or sell them at the protocol level. If somebody is trying to sell you Unicat tokens, they are not selling Uniswap-routed liquidity, they are selling something else (a wallet drainer pretext, a fake P2P deal, or worse).
  • name_mimics_known_token - RektRadar’s symbol-collision detector matched these contracts against our index of trending and high-popularity tickers. They are deliberately using a name that has visibility, not a name picked at random.

The three high-risk contracts add more on top:

  • unverified_contract (two of three) - the source code is not published on Etherscan, so a buyer cannot read what the token does before transacting. For tokens with no DEX pair, unverified source is borderline, but combined with the brand-jacking it tips the verdict.
  • opcode_create2 (two of three) - these contracts were deployed via the CREATE2 opcode rather than a standard transaction. CREATE2 lets the deployer pre-compute the contract address and lock it in advance. Legitimate projects use it for deterministic factories; scammers use it to deploy the same code under a vanity-prefixed address that looks more credible (0xUNICAT...). One of the contracts in our list (0x36608e...06a5) has neither a vanity prefix nor a public source - CREATE2 here is just bytecode obfuscation.
  • multi_flag_suspicious_profile (two of three) - this is RektRadar’s “more than three serious flags concurrent” meta-flag. It does not add new evidence, it just compresses the verdict.
  • scam_factory_funder (one) - for 0xa18d42…e44a only, the deploying wallet was previously funded by an address that has appeared as the funder of other RektRadar-flagged contracts. This is the strongest single signal in the set: the wallet is on a path that has already produced scams.

”no_dex_pair” is the whole point

It is worth pausing on the universal no_dex_pair flag. A token with no DEX pair is not really a token in the user-facing sense. You cannot swap ETH for it on Uniswap. It does not show up in dexscreener. It has zero observable trading activity.

So why deploy it?

Three common downstream uses:

  1. Airdrop bait. The deployer transfers a chunk of supply to thousands of wallets and adds the token to lists that scrape on-chain transfers. The recipient sees an unsolicited Unicat balance, Googles the ticker, lands on a phishing site that claims to be the official Unicat project, and connects their wallet to “claim” or “stake”. The wallet drainer takes over from there. The token itself never had to trade - it was just a vector to get the victim to a phishing UI.

  2. Fake P2P deals. A scammer in a Telegram group offers to sell “early Unicat” tokens at a discount, before the supposed launch. They send the buyer a contract address. The buyer pays, receives an ERC-20 balance from the actual Unicat-named contract, and feels reassured because Etherscan shows the symbol matches. The contract has no DEX pair so the buyer has no exit. The seller disappears.

  3. Wallet drainer redirector. The contract’s only public function is something innocuous like a fake claim(). Calling it triggers a deeper approval flow that the wallet UI minimizes, and the user signs a permit that drains their actual valuable holdings.

The common thread: the token is not the product. The brand confusion is the product.

Verdict per token

For users who want a one-line take:

  • 0xa18d42…e44a (Unicat, May 2): high risk - funder linked to other scams, unverified, no liquidity. Do not interact.
  • 0xb3f2cb…bf9f (UniCat, May 2): high risk - verified source but flags include hidden_owner and conditional_transfer, both honeypot-typical mechanics. Do not interact.
  • 0x36608e…06a5 (UniCat, April 27): high risk - unverified, CREATE2 deploy, multi-flag profile. Do not interact.
  • 0x0dd04098…c0de (Unicat, April 26): medium risk - verified, no flags beyond brand mimicry. Probably abandoned, not actively malicious, but not a real project either.
  • 0x623dc0…c0de (uni CAT, April 27): low risk - verified, only the brand-mimicry flag. Likely a fan token or a placeholder.

If you actually want to buy something called Unicat, none of these five contracts are the right answer. Verify the contract address against the project’s official channels before signing anything.

This is not unusual

We covered the same pattern in our $MOODANG case study two days before the Unicat batch. We covered it again in the AI-trend brandjack post for $xAI, $SAM, $MUSK, and friends. We covered the deployer-side view in the serial-scammer wallet anatomy, where one wallet shipped 24 rugs.

The mechanics are stable. The targets rotate.

How to protect yourself

Three habits that catch >95% of the brand-jack class without any tooling:

  1. Never trust a ticker, only a contract address. Get the address from the project’s official Twitter / Discord / website, then paste it into the swap UI yourself.
  2. If a token shows up unsolicited in your wallet, do not interact with it. Do not approve, do not “claim”, do not visit any URL the token’s metadata or transfer event suggests. Most airdrops you did not opt into are bait.
  3. Cross-check the contract on a scanner before any transaction. RektRadar covers honeypot detection, brand-jacking, deployer reputation, and DEX-pair sanity all in one pass. So does GoPlus, Tokensniffer, and a few others - pick one and use it consistently. We benchmarked the Ethereum scam scanners side-by-side: RektRadar vs Etherscan and RektRadar vs GoPlus on honeypot detection.

You can scan any token, including the five Unicat contracts above, on the $UCAT scam tokens catalog on Ethereum. The data is fresh and free.