How Honeypot Tokens Work — And How to Detect Them on Solana

A token that lets you in but never lets you out

Of all the scam mechanisms in the Solana token ecosystem, the honeypot is arguably the most technically elegant — and the most psychologically devastating for victims. A honeypot is a token that appears entirely normal on the surface: it has a price, it shows up on DEX charts, it may even have active trading volume. The trap is invisible until you try to sell. At that point, your sell transaction fails — every time, for any amount, regardless of slippage settings. You own a token you can never exit.

By the time a buyer discovers they're holding a honeypot, the price has usually already peaked. The creator accumulated at low prices, watched retail buyers push the price up, and then disappeared — knowing the exit mechanism they built will prevent any meaningful selling pressure from their victims.

---

The technical mechanics on Solana

Solana's token architecture makes honeypots technically different from how they're typically built on Ethereum. On Ethereum, honeypot logic is usually embedded directly in the token's smart contract — a conditional that blocks transfers unless the sender is on an approved list. On Solana, the approach varies:

Transfer hook abuse: Solana's Token-2022 standard introduced transfer hooks — custom program logic that executes every time a token is transferred. A malicious transfer hook can be programmed to block all transfers originating from non-whitelisted addresses. Visually, the token looks like a standard Token-2022 asset. In practice, sell transactions route through the transfer hook and fail silently.

Freeze-based honeypot: Using freeze authority, the creator preemptively freezes wallets the moment tokens are purchased — before the buyer even realizes their account is locked. The buyer sees tokens in their wallet. The wallet is frozen. Every sell attempt fails.

Manipulated liquidity pool logic: In some cases, the liquidity pool itself is programmed with asymmetric rules — buys are permitted, sells are rejected or routed to a program that burns the tokens instead of completing the swap. This requires more technical sophistication but is undetectable by simple token-level checks.

---

What makes Solana honeypots especially dangerous

Three properties of the Solana ecosystem amplify honeypot risk compared to other chains:

Speed: A honeypot buy and the subsequent realization that you can't sell can happen within the same minute. Solana's 400ms block times mean you discover the trap almost immediately — but by then, your capital is already committed and unrecoverable.

Low creation cost: Building and deploying a honeypot on Solana costs a few dollars in transaction fees. There is essentially no financial barrier to creating them, which means they are created in large volumes with high turnover.

Wallet diversity: A skilled attacker can fund multiple wallets from a single source and create fake buy activity across all of them, making a honeypot token appear to have genuine organic trading. Volume charts look real. They aren't.

---

Five signals that may indicate a honeypot

There is no single check that definitively identifies a honeypot before purchase, but these five signals in combination create a high-confidence warning:

1. Token-2022 with active transfer hook: Check the token's program on Solscan. If it's a Token-2022 token with a transfer hook extension active and no verified hook program documentation, treat it with extreme suspicion. Hannisol explicitly flags Token-2022 tokens with unverified transfer hooks.

2. Active freeze authority: As discussed, freeze authority enables the most common form of Solana honeypot. Any token with active freeze authority has the infrastructure for a freeze-based trap in place.

3. Zero sell transactions in recent history: Look at the token's transaction history on Solscan or Birdeye. If you see dozens of buy transactions but virtually no corresponding sell transactions from different wallets — something is wrong. Legitimate markets have two-way flow.

4. Extreme buy/sell ratio: On platforms like Birdeye, you can see aggregated buy vs. sell counts. A ratio of 95% buys to 5% sells is not organic market behavior. It either means you're looking at the very early minutes of a launch — or something is preventing selling.

5. High slippage required just to execute a buy: If a token requires 50% or more slippage just to complete a purchase, this signals either extremely low liquidity or a program-level manipulation that's extracting value from every transaction. Either way, the exit risk is extreme.

---

Hannisol's exit ability score

Hannisol evaluates honeypot risk through its Exit Ability dimension — one of the eight core scoring factors. This score measures how easily and completely a holder can exit a position. Factors that reduce the Exit Ability score include:

• Active freeze authority (primary signal)
• Token-2022 transfer hook detected without verified documentation
• Liquidity pool depth below $5,000 (exit would cause >20% slippage on any meaningful position)
• Zero sell transactions observed in last 24 hours
• Extreme buy/sell ratio anomaly

A low Exit Ability score does not always mean a token is a honeypot — it may simply have very low liquidity. But it does mean you should simulate your exit before allocating any meaningful capital, by checking whether similar-sized trades have successfully completed as sells in the token's recent history.

---

Can you test for a honeypot without losing money?

The traditional advice for honeypot testing on Ethereum was to buy a tiny amount and immediately try to sell it. On Solana, this approach is less reliable because freeze-based honeypots may not be active until the team decides to trigger them — meaning a test sell could succeed while a larger position would later be frozen.

The more reliable approach is the pre-purchase checklist:

1. Check freeze authority on Solscan — must be "None"
2. Check Token-2022 extensions — any unverified transfer hook is a disqualifying flag
3. Review transaction history on Birdeye for two-way flow
4. Run the token through Hannisol and RugCheck before any purchase
5. Check liquidity depth — can you exit your intended position size with less than 10% slippage?

This process catches the majority of honeypot setups before you're exposed. It takes less than five minutes and is the minimum standard of care for any token purchase in the Solana ecosystem.

Check any token's Exit Ability score and full security analysis at Hannisol.