On 2026-05-14 at 22:00 UTC, RektRadar’s token_analysis table holds 78,723 distinct Ethereum contracts that have been fully scored end-to-end through our 9-dimension pipeline (source-code patterns, bytecode opcodes, honeypot simulation, liquidity, distribution, deployer profiling, network graph, real-time events, sandwich detection).
36,263 of them - 46.1% - score 70 or above on the 0-100 risk scale. That number is the count we now surface as “scams detected” on the rektradar.io hero. Until today the same counter was rendering a proxy estimation that under-counted reality by roughly 8x; we fixed that in global-analytics#143 and rektradar-app#380 earlier this evening.
This post is the breakdown behind the number. No estimates, just SQL counts.
The score distribution
| Bucket | Count | Share | What it means |
|---|---|---|---|
| 90 - 100 (critical / near-certain scam) | 1,084 | 1.4% | Multiple independent signals agree. Almost always a honeypot or owner-controlled rug. |
| 70 - 89 (high-risk) | 35,179 | 44.7% | At least 3 strong red flags. Worth flagging in any DEX UI. |
| 30 - 69 (medium) | 32,925 | 41.8% | Some signals fire. Not safe to trust without manual review. |
| 0 - 29 (low / probably ok) | 9,535 | 12.1% | Verified contract, locked LP, reasonable distribution, established deployer. |
Average score across the full set: 57.2 / 100.
The 12% “probably ok” bucket is the one to remember. On a random sample of 78k Ethereum tokens with the bare minimum of liquidity to land in our analyzer queue, only one in eight clears the bar for “no red flags worth mentioning”. The default state of a new ERC-20 on Ethereum is suspicious.
The top 9 patterns we flag on high-risk tokens
Tokens with risk_score >= 70 carry these flags, in order of how often each one fires:
| Flag | Hits | Share of scams | What it detects |
|---|---|---|---|
honeypot | 11,145 | 30.7% | Our buy + sell simulation reverts on the sell side. Money flows in, never out. |
sell_failed | 10,269 | 28.3% | Same simulation but specifically the sell call reverts. Often paired with honeypot. |
buy_failed | 9,454 | 26.1% | The buy reverts. Usually means a strict allowlist on the token. |
approve_with_transfer | 8,890 | 24.5% | An approve() quietly transfers tokens elsewhere - a backdoor for the deployer. |
low_liquidity | 8,587 | 23.7% | Pool depth under thresholds that make any meaningful trade unviable. |
no_renounce_ownership | 8,156 | 22.5% | The owner can still call privileged functions (mint, blacklist, fee update). |
hidden_owner | 7,501 | 20.7% | The actual privileged address is masked behind a proxy or library call. |
suspicious_assembly | 7,145 | 19.7% | Inline assembly used to bypass standard ERC-20 expectations. |
unverified_contract | 12,403 | 34.2% | Source code never published on Etherscan. Caller has no way to read what the contract actually does. |
Three observations from the table:
- The “honeypot” / “sell_failed” / “buy_failed” triplet fires on roughly 3 out of every 10 scams. Honeypot detection done via real on-chain simulation, not heuristics, is the single best filter on Ethereum.
approve_with_transferat 24% is more common than people realise. It is the modern shape of the “infinite approve drains your wallet” exploit: the token’sapprove()itself does the transfer, so even legitimate-looking UIs that ask for an approve become a draining surface.unverified_contractat 34% is the silent killer. A third of scams in our database never published their source. If you only trust verified-on-Etherscan contracts, you would still need everything else to catch them.
Which tickers attract the most fakes
Top brand-jacked symbols on Ethereum, with the count of distinct contracts using each ticker in our database (excluding placeholder and test symbols):
| Ticker | Contracts | Scam (>=70) | Scam rate |
|---|---|---|---|
| USDT | 361 | 245 | 67.9% |
| USDC | 326 | 237 | 72.7% |
| ETH | 87 | 66 | 75.9% |
| WAR | 68 | 65 | 95.6% |
| ASTEROID | 61 | 44 | 72.1% |
| TRUMP | 64 | 43 | 67.2% |
Tether and Circle’s stablecoins are the most impersonated by raw count. Each one has hundreds of fake ERC-20s circulating on Ethereum mainnet, and roughly 7 in 10 of those copies are flagged as scams. The real USDT and USDC contracts are deployed at fixed, well-known addresses; everything else carrying the ticker is at best a wrapper, at worst a draining honeypot.
The smaller tickers (WAR, ASTEROID, TRUMP) are typical brand-jack patterns: a news event makes a name searchable, scam factories ship dozens of contracts using that name in the following days, retail buys one of them by mistake.
The weekly trend
The detection rate has actually been dropping over the last six weeks:
| Week starting | Scanned | Scams | Scam rate |
|---|---|---|---|
| 2026-03-23 | 2,544 | 1,884 | 74.1% |
| 2026-03-30 | 878 | 624 | 71.1% |
| 2026-04-06 | 854 | 632 | 74.0% |
| 2026-04-13 | 1,823 | 1,393 | 76.4% |
| 2026-04-20 | 7,491 | 4,553 | 60.8% |
| 2026-04-27 | 7,192 | 3,875 | 53.9% |
| 2026-05-04 | 4,419 | 2,334 | 52.8% |
| 2026-05-11 | 3,223 | 1,351 | 41.9% |
Two readings are plausible:
- Pipeline got broader. Starting late April we widened the analyzer queue beyond addresses with confirmed liquidity, so more contracts that look new-but-empty land in the dataset and pull the scam rate down.
- Scam factory output is actually slowing, possibly because gas prices are sitting in a more painful range for the cost economics of mass-deploying 100 contracts per day.
The first explanation is the one we have direct evidence for. We did widen the queue.
Why we wrote this
Two reasons.
One: until tonight, the hero on rektradar.io was showing 4,500 “scams detected” while the real number, accessible to every reader through the database, was 36,263. We had a metric that under-sold the product by a factor of 8x because the proxy formula was wrong. We fixed it. The honest version is more impactful and more honest at the same time, which is the kind of trade we like.
Two: nobody else is publishing this dataset. The bigger commercial services scan Ethereum tokens too, but their numbers stay behind a paywall and inside a chart on a dashboard you have to sign up to see. This is a public Ethereum scam detector - the data should be public.
Free, no signup: paste any 0x… address on rektradar.io and you get the same 9-dimension scan that produced this dataset.