Honeypot token checker: can you actually sell it?
Reviewed 2026-06-25
Answer: A honeypot token lets you buy but blocks you from selling. To check one, scan the token contract for trade locks, sell-tax traps, and ownership red flags before you buy — a scan returns a 0-100 risk score in seconds.
Who this is for
Active traders interact with dozens of new tokens every week. One missed check on a contract can mean a position you can never exit. This page covers the exact steps traders use to vet a token before committing capital.
The problem
You found a token moving fast. But some tokens are one-way doors: you can buy, never sell. The lock is written into the contract and invisible to the eye.
Most people only check after something goes wrong. A scan takes under a minute and surfaces the specific flags that matter — before you commit to any action.
Warning signs to watch for
- Buy simulations succeed but sell simulations fail
- Hidden or owner-adjustable sell tax above 10%
- Owner can pause trading or mint new supply freely
- Liquidity is not locked or was recently removed
- Contract has no verified source code
Any one of these is a reason to check before acting. Several at once is a reason to stop entirely.
How to protect yourself
Scan the token contract before buying. A quick check reveals trade locks, exit-pattern risk, and ownership flags so you never commit to a position you cannot exit.
- Open https://app.web3defender.tech and select the token scanner.
- Enter the address, token contract, or URL you want to check.
- Read the risk score and the specific flags returned.
- Revoke any approvals flagged as risky — revoke is a standard transaction.
- Re-scan after any new protocol connection or airdrop claim.
What the scanner checks
The token scanner runs against on-chain data and returns a 0–100 risk score with the specific flags that contributed to it. No off-chain assertions are trusted. No transaction is sent during a scan — it is entirely read-only.
For individuals, the free check covers the most common threats. For teams and funds, batch API access is available with structured output for compliance workflows and audit logs.
General habits that compound the protection
- Check before connecting — not after. A scan takes less time than it takes to regret skipping it.
- Revoke approvals to contracts you no longer use. Unlimited approvals that sit idle are the most common attack surface in DeFi.
- Open dApps from bookmarks or by typing the URL yourself — never from links in DMs, emails, or ads. The URL is the single most reliable signal you control.
- Treat urgency as a signal to slow down. Every social-engineering attempt creates false time pressure. If something feels rushed, that feeling is the warning sign.
- Verify independently. Legitimate services never DM you first or ask you to sign anything outside the official app.
Frequently asked questions
How accurate is a token risk check?
A contract scan runs buy and sell simulations and reads the actual bytecode for known trap patterns. False positives are rare on established chains. For very new tokens, treat any high risk score as a reason to wait, not a green light.
Can a trade lock be removed after I buy?
Only by the contract owner — which almost never happens in favour of buyers. Once you hold a token that blocks selling, the only realistic outcome is a total loss of that position. Check before you buy.
Does scanning use gas or broadcast a transaction?
No. A scan reads on-chain data and simulates trades off-chain. Nothing is signed or broadcast. It costs nothing.
Is the scanner free to use?
Yes. A free check is available at https://app.web3defender.tech. No account is required for individual checks.
How long does a scan take?
Most scans complete in under fifteen seconds. Results include a risk score and the specific flags that contributed to it.