Skip to main content
← Back to blog
TUTORIAL What Is Token-2022? Solana Token Extensions and the Trader Traps MoonHydra · moonhydra.com/blog
Tutorial Token-2022 Security Solana

What Is Token-2022? Solana Token Extensions and the Trader Traps

· 10 min read · MoonHydra Research

Most of the tokens you trade on Solana are minted by one shared program with fixed rules. Token-2022 is the newer one that breaks that mold: it lets a creator bake extra behavior straight into the mint — fees on every transfer, an authority that can move your tokens without asking, code that runs each time you sell. Plenty of legitimate projects use it. A growing number of memecoin scams use it too. Knowing the difference is now part of basic due diligence, so here's what Token-2022 actually is and which of its extensions you need to check before you buy.

SPL Token vs Token-2022 — why a second program

Almost every token on Solana is issued by a single on-chain program: the SPL Token Program. One shared program, identical logic for every token. That's why a standard Solana token can't hide malware the way an Ethereum ERC-20 can — there's no per-token code to write a sell-blocker into. The rules are the same for USDC and for a three-hour-old dog coin.

The trade-off is rigidity. If a project wanted a built-in transfer fee or on-chain metadata, the original program couldn't do it, and forking the whole token program for each new feature was a mess. So Solana shipped a superset called the Token Extensions Program, almost universally referred to as Token-2022. It keeps everything the old program does and adds a menu of optional features called extensions.

The critical detail for traders: extensions are opt-in and set when the mint is created, and most of them can't be added or removed afterward. So when you inspect a Token-2022 token, the extensions it carries were a deliberate choice by whoever launched it. That cuts both ways — it means a clean token is genuinely clean, and it means a trap was built on purpose.

The extensions, and what they're for

Token-2022 has well over a dozen extensions. Most are mundane or genuinely useful, and seeing one is not a reason to panic. A quick tour of the ones you'll actually encounter, with their intended purpose:

  • Metadata pointer / token metadata. Stores the token's name, symbol, and image on-chain in the mint itself, instead of relying on a separate metadata standard. Harmless and increasingly common.
  • Interest-bearing. The displayed balance grows over time at a set rate — handy for yield-bearing or bond-like assets. It changes the shown amount, not the real token count, which can mislead if you don't know it's on.
  • Mint close authority. Lets a designated authority close the mint account once supply is gone, reclaiming rent. Routine housekeeping.
  • Immutable owner / memo transfer / CPI guard. Account-level safety and bookkeeping features. These generally protect holders rather than threaten them.
  • Confidential transfers. Uses zero-knowledge proofs to hide balances and transfer amounts while keeping an auditor key for compliance. Aimed at private payments and business transactions; of all the extensions here, this one has rolled out the most gradually, so you will encounter it far less often than transfer fees or freeze.

None of those is inherently a red flag. The problem is a smaller group of extensions that are powerful by design — and that power is exactly what a scammer wants.

Permanent delegate — the seize switch

This is the one to fear most. The permanent delegate extension assigns a mint-level authority that can transfer or burn tokens from any holder's account, without that holder's signature. Worse, a holder cannot revoke it the way they can cancel an ordinary delegate. If a token has a permanent delegate, whoever controls that authority can reach into your wallet at will.

Legitimate use: regulated and enterprise assets sometimes need a clawback — to recover stolen funds, reverse a mistaken transfer, or comply with a court order. For a tokenized security or a corporate stablecoin, that's a feature, not a bug.

Trap use: on a memecoin it is a back door to your balance. A token can have its liquidity locked and its mint authority revoked — every surface check passing — and still be drained, because the permanent delegate sits outside all of that. This is the engine behind the largest automated-scam wave of 2026, where token factories burn or sweep buyers' tokens seconds after purchase while the chart still looks healthy. By some estimates the pattern cost holders tens of millions early in the year; even discounting the exact figure, the mechanism is real and trivial to weaponize. Wallets like Phantom now throw an explicit warning on permanent-delegate tokens — treat it as a hard stop on a coin with no compliance reason to carry one.

Transfer fee — the silent sell tax

The transfer fee extension skims a percentage off every transfer, expressed in basis points and configurable up to 10,000 bps — a full 100%. The fee is withheld on-chain and later swept by a fee authority.

Legitimate use: a protocol that wants automatic revenue, a treasury that funds buybacks, or a reflection-style token that recycles fees to holders. A modest, clearly disclosed fee is a normal design choice.

Trap use: set the fee near 100% and selling becomes pointless — almost everything you move is eaten before it reaches the pool. The subtler version is a fee authority that can raise the rate after launch. The change isn't instant — a fee update generally takes effect about two epochs later, roughly two to four days — so the play is usually a punitive fee set at launch, or a hike scheduled to land after early buyers are in. Always read the current fee and check whether a fee authority is still set; a token that can re-tax you later is a different risk than one that can't.

Transfer hook — code on every move

The transfer hook extension makes the mint call out to a creator-defined program on every transfer. That external program runs as part of the transfer and can impose conditions on it.

Legitimate use: enforcing NFT royalties on each sale, gating transfers behind an allowlist (KYC'd wallets only), or running custom compliance logic. For the use cases that need it, it's the cleanest way to attach rules to a token.

Trap use: because the hook program is arbitrary code chosen by the creator, it can be written to reject transfers under conditions that suit them — for instance, letting whitelisted wallets sell while reverting everyone else's sell. That is a textbook honeypot: you can buy, you can't exit. In practice, 2026's honeypot evidence points overwhelmingly at the permanent delegate rather than transfer hooks, but a hook on an unknown program is still worth flagging, because what it does depends entirely on code you can't see at a glance.

Default account state and freeze — locking your bag

Two related ways a Token-2022 mint can simply freeze you out. The default account state extension can set every new holder account to frozen by default — you receive the token but can't move it until someone unfreezes you. Separately, like any SPL mint, a Token-2022 mint can carry a freeze authority that freezes individual accounts on demand. A frozen account can't transfer or sell anything.

Legitimate use: regulated assets that must screen holders before allowing transfers, or staged rollouts where the issuer enables accounts in batches. Stablecoins like USDC keep a freeze authority on purpose, for sanctions and fraud recovery.

Trap use: the creator selectively unfreezes only their own wallets, trades freely, and leaves your account frozen — you're locked in holding tokens you physically cannot sell. On a brand-new memecoin, a live freeze authority or default-frozen state is a glaring red flag, even though the very same feature is expected and fine on a regulated stablecoin. Context is everything. A close cousin is the non-transferable ("soulbound") extension, which permanently blocks transfers for anyone — legitimate for achievement badges or tickets, but a guaranteed dead end if you were expecting to trade.

How to detect a Token-2022 token and read its extensions

The good news: every extension above is public on-chain, so you can check before you ever paste a contract address into a buy. The routine:

  1. Identify the program first. Open the token on Solscan and look at which program issued the mint. A standard token shows the SPL Token Program; a Token-2022 token shows the Token Extensions Program and exposes a Token Extensions section listing exactly which extensions are enabled. See how to use Solscan for where these fields live. Note that some explorers historically displayed Token-2022 extensions inconsistently, so don't assume "nothing shown" means "nothing there" — cross-check with a scanner.
  2. Run a Solana-native scanner. RugCheck and similar tools query mainnet directly and surface freeze and mint authority, transfer fee, permanent delegate, transfer hook, and default-frozen state in one view. Read the individual flags, not just the headline grade — a "good" summary with an active permanent delegate is still a trap.
  3. Read the dangerous fields specifically. Permanent delegate present? High or authority-mutable transfer fee? Transfer hook pointing at an unknown program? Default state frozen, or a live freeze authority? Any one of those on a young memecoin warrants walking away.
  4. Confirm a sell route exists. The bluntest test beats any scanner: simulate or perform a tiny micro-sell right after buying. If the sell won't route, or the tax devours it, you've found your answer for under a dollar. Watch real buy/sell flow on DexScreener too — lots of buys and almost no sells is a honeypot signature.

For the full pre-buy sequence, including holders, liquidity, and LP-lock checks, work through the Solana token due diligence checklist and the deeper teardown in how to spot a honeypot before you buy.

The trader takeaway — not a red flag, a checklist item

Token-2022 is legitimate infrastructure. Stablecoins, tokenized real-world assets, and serious projects rely on its extensions for fees, metadata, and compliance, and that ecosystem is growing. Seeing the Token Extensions Program on a mint does not mean the token is a scam.

What it means is that "the program's rules are fixed and safe" — the assumption that protects you on standard SPL tokens — no longer automatically holds. A Token-2022 token can do things a normal token can't, so it earns one extra step: open the extensions list and confirm none of the dangerous ones (permanent delegate, punitive or mutable transfer fee, unknown transfer hook, default-frozen state) are switched on. Clean list, proceed; dangerous extension with no honest reason to exist, pass. It's thirty seconds, and it's the difference between trading freely and buying a position you can never close. The same liquidity-side checks from how liquidity pools work still apply on top.

How MoonHydra fits

MoonHydra is a non-custodial Solana trading bot that routes your swaps through the Jupiter aggregator and deploys no custom contracts of its own — your keys stay encrypted with AES-256-GCM, and trading is a flat 1% per trade on buys and sells, with no subscription. Its optional RugCheck integration (off by default) runs token checks at the point of the buy, surfacing freeze and mint authority status, Token-2022 extension flags like permanent delegate and transfer fee, and liquidity signals before you commit rather than after. Treat it as a guardrail, not a guarantee — scammers iterate and no automated check is infallible, so the manual extension review above still earns its place. Because every trade is isolated to the wallet you used, pairing the scan with separate wallets keeps any single bad token contained.

Bottom line

Token-2022 is the newer Solana token standard that lets creators bake optional extensions into a mint at creation time. Most extensions — metadata, interest-bearing, mint-close — are benign infrastructure. A handful are dangerous when abused: the permanent delegate can seize or burn your tokens, a transfer fee can tax your sell to nothing, a transfer hook can block it outright, and default-frozen state or a freeze authority can lock your bag. Each has a legitimate purpose and a trap version; context decides which you're looking at. The defense is simple — identify the program on Solscan, read the extensions list, run a Solana-native scanner, and micro-sell when in doubt. Token-2022 itself isn't a warning sign. Skipping the extra check is.

Next: walk the due diligence checklist, study how honeypots work on Solana and the anatomy of a rug pull, then trade with the checks built in at t.me/moonhydrabot.


Ready to put this into practice?

MoonHydra is a multi-wallet Solana memecoin trading bot on Telegram. 1% per trade. AES-256-GCM encrypted. Non-custodial.

Open MoonHydra