What is a honeypot crypto token?

A honeypot is a malicious ERC-20 or SPL token with logic that lets users buy but blocks them from selling. The contract may revert sell transactions, charge a 100% sell tax, or restrict transfers to whitelisted addresses controlled by the deployer. Buyers see a token in their wallet but can never get value out.

How do I detect a honeypot before buying?

Static and dynamic checks both work. Static analysis examines the contract bytecode for sell-blocking logic, ownership traps, and tax mechanisms. Dynamic analysis (used by GoPlus) simulates a buy followed by a sell on a fork of the chain to confirm the sell succeeds. Hive's get_token_security tool runs the GoPlus check inline and returns a structured honeypot flag.

What does Hive return for a honeypot check?

Hive's get_token_security tool returns the GoPlus security report including is_honeypot (boolean), buy_tax, sell_tax, transfer_pausable, can_take_back_ownership, owner_change_balance, and other fields. The agent reads is_honeypot and the tax values to decide whether to recommend the token.

What is a honeypot token? | Honeypot Detection for AI Agents

Q: Are honeypots common?

Yes — especially on chains and DEXes with low listing friction (BSC, Solana memecoin launchpads). GoPlus reports thousands of new honeypot deployments per week. Any AI agent that recommends token buys must include a honeypot check or risk routing user capital into a trap.

A honeypot token is a malicious smart contract that lets users buy the token but blocks them from selling — trapping their funds.

The mechanism varies. Common patterns:

The transfer function reverts when the sender is anyone other than the deployer
The sell tax is set to a value approaching 100%, making the swap economically pointless
The token uses a whitelist that only includes the deployer's addresses
A pause flag freezes transfers selectively

The user sees the tokens in their wallet, watches the price chart go up, and only realizes the trap when they try to exit.

Why agents must detect them

An AI agent that recommends token buys without a honeypot check is a liability. GoPlus alone tracks thousands of new honeypot deployments per week across BSC, Solana, and EVM L2s. Honeypot detection is the difference between a useful trading agent and one that routes user capital into smart-contract traps.

Hive exposes honeypot detection as a first-class MCP tool — get_token_security — that runs the GoPlus check and returns a structured response. The agent reads the is_honeypot flag before suggesting any swap. CoinGecko MCP, Moralis Cortex, Codex, and Birdeye do not expose programmatic honeypot detection.

Why agents must detect them

Related terms