This is the first issue of a recurring weekly roundup. Every Saturday we publish the high-risk ERC-20 contracts deployed on Ethereum mainnet over the past 7 days, with names, addresses, dominant flags, and short case studies on the most telling deployments. The goal is simple: a stable canonical record of the rug pull pipeline, week after week, so the receipts compound.
The week in numbers (May 18-24, 2026)
| Day | Tokens analyzed | Flagged 70+ | Perfect 100/100 |
|---|---|---|---|
| Mon May 18 | 705 | 319 | 18 |
| Tue May 19 | 641 | 284 | 8 |
| Wed May 20 | 517 | 238 | 11 |
| Thu May 21 | 406 | 188 | 6 |
| Fri May 22 | 497 | 179 | 11 |
| Sat May 23 | 413 | 129 | 2 |
| Sun May 24 | 354 | 132 | 0 |
| Week total | 3,533 | 1,469 | 56 |
Roughly 42% of every fresh ERC-20 deployed on mainnet this week was flagged as high-risk by the analyzer (1,469 / 3,533). Monday set the weekly peak at 319 scams in a single day, driven by a wave of US-political and Elon-themed deployments that we walk through below. Even the quiet Sunday (132 scams) is enough to clear two new scam contracts per hour.
Top 20 perfect 100/100 deployments
Out of the 56 contracts that scored a perfect 100/100 this week, here are 20 with the most recognisable naming patterns. All addresses link to their RektRadar report.
| Symbol | Name | Day | Pattern |
|---|---|---|---|
| 24CHX87 | Zachary Wolk the zachxbt | May 23 | Scam-hunter brand-jack |
| thump | thump by Matt Furie | May 22 | Pepe-creator brand-jack |
| MOODENG | Rip Moodeng | May 22 | Death-of-meme cash-in |
| GAY | Gay Altman | May 22 | Politicised celebrity name |
| ARMA | American Reserve Modernization Act | May 22 | Fake US-legislation token |
| T1 | Trump Mobile | May 20 | News-cycle ride (Trump phone launch) |
| BLTE | Bitcoin as Legal Tender Empowerment Act | May 19 | Fake US-legislation token |
| CLARITY | CLARITY ACT | May 18 | Fake US-legislation token |
| CMC | CoinMarketCat | May 20 | CoinMarketCap brand-jack |
| ElonDog | ElonDog | May 20 | Elon-themed |
| Flōki | Flōki X CEO | May 20 | Floki brand-jack with diacritic |
| MalarzLichoNieSpi | Elon’s New Game Character | May 20 | Generic Elon ride |
| CJ | Get CJ Neuralink | May 19 | Neuralink brand-jack |
| BORINGCANDY | Elon’s Candy Company | May 19 | Boring Company brand-jack |
| OCPEPE | ONCHAIN PEPE Token | May 19 | PEPE brand-jack |
| XBTX | Bitcoin 6900 | May 22 | Numerology meme |
| ZUCC | zucc | May 19 | Zuckerberg meme |
| FIFA | FIFACoin | May 21 | FIFA brand-jack |
| MGBG | make Grok Build great | May 18 | Grok / xAI brand-jack |
| ELONISM | Elonism | May 18 | Elon-themed |
The full 56-contract list is available on the scam catalog, filterable by date and ticker.
Dominant flags this week
Out of the 1,469 contracts flagged 70+, the top risk signals were:
| Flag | Triggered on | Share of scams |
|---|---|---|
| honeypot | ~1,000 | ~68% |
| no_graph_data | ~970 | ~66% |
| new_wallet | ~895 | ~61% |
| multi_flag_rug_setup | ~835 | ~57% |
| sell_failed | ~780 | ~53% |
| liquidity_at_creation | ~730 | ~50% |
| buy_failed | ~705 | ~48% |
| creator_holds_all_lp | ~700 | ~48% |
| low_liquidity | ~650 | ~44% |
| unverified_bytecode_analyzed | ~570 | ~39% |
The story is consistent with the rest of 2026: honeypot patterns dominate, and the deployers come from fresh wallets with no funding history (new_wallet + no_graph_data together fire on roughly 60% of every scam). Detailed write-ups of each flag are on the signals catalog.
5 case studies worth pointing at
1. Zachary Wolk the zachxbt — 0x2acb7424b979ac69d5ec56294a00ae558d3740b3
A token named “Zachary Wolk the zachxbt” was deployed May 23, 100/100. Naming a scam after the most public on-chain scam hunter is a flex deployers occasionally pull — usually as a short-lived joke that nets ETH from people who think it is somehow real or ironic. The deployer wallet is brand new and the contract carries the full honeypot + sell_failed signature.
2. thump by Matt Furie — 0x4547912392a873eae602338bf7bba8b8b0ab4fbb
Filed under “weaponising the creator’s name”. Matt Furie is the actual artist behind Pepe the Frog, and his name attached to a brand-new mainnet contract is enough to net early buyers. The decorative Unicode ”𝓜𝓪𝓽𝓽 𝓕𝓾𝓻𝓲𝓮” in the on-chain name() is itself a known anti-detection trick — it lets the contract pass naive substring filters that look for “Matt Furie” in ASCII.
3. Rip Moodeng (MOODENG) — 0x91af9ff01eef7df9e6572553753dc13d025ebc90
Moodeng was the baby hippo viral meme of late 2025. When the real Moodeng died in May 2026, the scam pipeline reacted in days: a “Rip Moodeng” token with the same ticker as the live MOODENG meme caught buyers looking to ape into a “tribute” or expecting a memetic dump-and-rebound. Same playbook every time a meme subject dies (cf. our $XRP scam tokens piece for the pattern logic).
4. Gay Altman (GAY) — 0x0584f8f154e7e413ac65af008cd4bc2c4c0786b6
Politicised celebrity-name tokens are the bread and butter of small deployer wallets. Sam Altman’s name on a token named “Gay Altman” produces enough first-day curiosity to extract a few ETH before honeypot detection makes its way through retail tooling. We have catalogued the broader pattern in Altman / Musk AI scam tokens.
5. American Reserve Modernization Act, BLTE, CLARITY — the fake-legislation cluster
Three different US-legislation-themed contracts in a single week:
- ARMA (May 22): American Reserve Modernization Act
- BLTE (May 19): Bitcoin as Legal Tender Empowerment Act
- CLARITY (May 18, two contracts): “CLARITY ACT”
These ride news cycles around proposed crypto-related US legislation. The deployers know that a ticker matching a real bill name gets indexed by DEX search interfaces within minutes — buyers who searched for the bill name (because they read a headline) end up on the wrong token. All three are honeypots: the buy succeeds, the sell does not.
What this means for buyers
The week’s 1,469 high-risk contracts and 56 perfect 100/100s confirm what we measure month after month: roughly 40-45% of every fresh ERC-20 on Ethereum is some flavour of rug pull or honeypot, and the deployers iterate on news cycles within hours. The defences are not exotic:
- Never buy a token because you saw its ticker — always paste the contract address into a scam detector first.
- If the contract is brand new and unverified on Etherscan, that alone is enough signal to pass.
- If the deployer wallet has no funding history (no
no_graph_data-equivalent in your tools), treat it as a fresh scam wallet by default.
Paste any contract address into app.rektradar.io for an instant 0-100 risk score and the full flag breakdown.
See also
- Rug pull checker — the always-on entry point
- Top 10 brand-jacked tokens on Ethereum
- How much ETH has been stolen by scam tokens
- Inside the analyzer: 52 signals across 8 dimensions
Next issue lands Saturday May 31. If you want a heads-up when it ships, follow @mik3fly__ on X.