Skip to main content
← Back to blog
SECURITY How to Spot a Honeypot Token on Solana Before You Buy MoonHydra · moonhydra.com/blog
Security Honeypot On-Chain Memecoins

How to Spot a Honeypot Token on Solana Before You Buy

· 10 min read · MoonHydra Research

A honeypot is the trap that hurts most because it feels like a win. You buy, the chart's green, you're up — and then your sell fails. Every time. The token let you in and won't let you out. On Solana, honeypots don't work the way they do on Ethereum, which is exactly why so many traders miss them. They come from a small, checkable set of on-chain flags — and once you know where to look, most are caught in under a minute, before you ever paste the contract address.

Honeypot vs rug pull — they're not the same

These get used interchangeably, but the mechanism is different and so is the defense.

A rug pull lets you sell — there's just nothing to sell into. The developer removes the liquidity pool (or dumps a hidden supply) and the price collapses to near-zero. You can exit; the exit is worthless. That's the trail we walk through in the anatomy of a Solana rug pull.

A honeypot is the opposite: the price might be fine, but the token's own rules block your sell. You're trapped inside the position holding tokens you physically cannot transfer or can only sell at a punitive tax. Scammers often combine the two, but if you can't tell which one you're looking at, you'll check the wrong things.

Why Solana honeypots work differently

On Ethereum, the classic honeypot is malicious code. An ERC-20 is its own smart contract, so a scammer can write sell-blocking logic — blacklists, owner-only sells, a tax that flips to 100% — directly into the token.

Standard Solana tokens can't do that. Every normal SPL token is issued by Solana's shared Token Program, whose logic is fixed and can't be modified per token. There's no custom sell function to hide malware in. So Solana honeypots come from somewhere else: the built-in authorities on a mint, the newer Token-2022 program's extensions, or the liquidity around the token. Three places — all checkable.

The freeze authority trap (the classic SPL vector)

Every SPL mint can carry a freeze authority — an address with the power to freeze any holder's token account. A frozen account can't transfer or sell anything; the tokens are locked until the authority chooses to unfreeze. The honeypot play writes itself: let buyers pile in, then freeze them out.

For an honest memecoin, the freeze authority should be revoked — on-chain it reads null / None. If there's still an address sitting in that field, the creator can freeze you at will. One nuance worth knowing so you don't over-react: freeze authority is legitimate and expected on regulated stablecoins (USDC keeps it for sanctions and fraud recovery). On a three-hour-old dog coin, it's a glaring red flag.

Closely related is the mint authority. If it isn't revoked, the creator can mint unlimited new tokens and dilute you to dust. That's not strictly a honeypot — you can still sell — but it's the second authority to check every single time, because it's an instant dump vector.

Token-2022 extension traps

Token-2022 (Token Extensions) is a separate, newer token program that does allow extra behavior on transfers. Most projects using it are legitimate, but a handful of its extensions are exactly what a honeypot needs. The dangerous ones:

  • Permanent Delegate. This grants an address the unconditional power to transfer or burn any holder's tokens — without that holder's signature. It is the single most dangerous extension, and it's the engine behind the largest automated-scam wave of 2026, where token factories burn or drain buyers' tokens seconds after purchase. By some estimates this pattern cost holders tens of millions in early 2026; even if you discount the exact figure, the mechanism is real and trivial to abuse. Wallets like Phantom now show an explicit warning for permanent-delegate tokens — take it seriously.
  • Transfer Fee. A fee charged on every transfer, in basis points, that can be set as high as 10,000 bps — 100%. Set near 100%, selling becomes pointless; everything you move is eaten. A configured authority can also change the fee after launch, though the change takes effect about two epochs later (~2–4 days) rather than instantly. The danger is usually a punitive fee set at launch, or a hike scheduled before you notice.
  • Default Account State = frozen. New holder accounts are frozen by default. The creator selectively unfreezes only their own whitelisted accounts — so they can trade, and you never can. Same result as the freeze trap, baked in at the token level.
  • Transfer Hook. Calls a creator-defined program on every transfer, which can condition or block the move. Powerful and abusable in theory; in practice, 2026's honeypot evidence points overwhelmingly at the permanent delegate, not transfer hooks. Still worth flagging if a scanner reports one.

Liquidity traps — the soft honeypot

Even with clean authorities, you can be effectively trapped by the pool itself:

  • LP not locked or burned. If the liquidity provider tokens aren't locked or burned, the developer can pull the pool whenever they like — the rug-pull half of the trap.
  • Tiny or single-sided liquidity. A pool with a few SOL in it means you can buy a little but can't exit at size without catastrophic slippage. You're not frozen — you just can't get out at any price worth taking. More on reading pool depth in how to read a Solana token chart.

How to spot a honeypot before you buy

A repeatable pre-buy routine catches almost all of them:

  1. Confirm both authorities are revoked. Open the token on Solscan and check the token info: Mint Authority and Freeze Authority should both read None / null. An address in either field is an active risk — don't rationalize it away on a memecoin.
  2. Run a Solana-native scanner. RugCheck.xyz (free, no login) grades tokens and flags freeze/mint authority, Token-2022 extensions, LP lock status, and holder concentration. Read the individual flags, not just the headline score — a "Good" summary with an active permanent delegate is still a trap.
  3. Look for Token-2022 extension flags specifically. Permanent delegate, a high transfer fee, or default-frozen state are the ones that block sells. Your wallet helps here too — Phantom warns on permanent-delegate tokens and shows transfer fees on the confirmation screen before you sign.
  4. Confirm a sell route exists. Simulation tools check whether a token can actually be sold via the Jupiter aggregator — no route, or an extreme sell-tax, flags a honeypot. The bluntest test is a micro-sell: buy a tiny amount, then immediately sell a fraction of it. If the sell won't go through, you've found your answer for under a dollar.
  5. Check the buy/sell ratio. On DexScreener or Birdeye, lots of buys and almost no sells is a honeypot signature — other people are stuck too.
  6. Check holders and LP. Concentrated supply in a few wallets plus unlocked liquidity is the setup for the rug half. Full routine in the 7-point due diligence checklist.

How MoonHydra helps you avoid them

MoonHydra has an optional RugCheck integration that runs these checks against a token before you trade it — surfacing freeze and mint authority status, Token-2022 extension flags, and liquidity/holder signals at the point of the buy, not after you're already in. It's a guardrail, not a guarantee: scammers iterate, and no automated check is infallible, so the manual routine above still matters. Because MoonHydra is non-custodial with documented key handling, the only thing exposed to any given trade is the burner wallet you used — compartmentalize with separate Hydra Head wallets and a honeypot can never reach more than the funds in one of them.

Bottom line

A honeypot lets you buy and blocks your sell — different from a rug pull, which lets you sell into nothing. On Solana the traps aren't hidden in code; they're in three checkable places: the mint's freeze and mint authorities (should both be revoked), Token-2022 extensions (watch the permanent delegate and transfer fee above all), and the liquidity (locked, and deep enough to exit). Run RugCheck, confirm a sell route, and when in doubt, micro-sell before you size in. A minute of checking beats a position you can never close.

Next: read the anatomy of a Solana rug pull for the liquidity-side trap, run the trading bot security checklist before funding anything, and start trading at t.me/moonhydrabot.


Ready to put this into practice?

MoonHydra is a multi-wallet Solana memecoin trading bot on Telegram. 1% per trade. AES-256-GCM encrypted. Non-custodial.

Open MoonHydra