73% of new tokens fail basic safety checks. Here’s how to spot them before you lose money.
I spent the last few weeks doing something most crypto investors never bother to do before clicking “buy.”
I scanned every trending token I could find — on Solana, Ethereum, and Polygon — through a tool called MoonHunt, which analyzes both on-chain contract data and off-chain signals like team credibility, press coverage, and whitepaper quality.
What I found was disturbing.
Out of 50+ tokens scanned, the majority failed basic safety checks. Not edge cases. Not debatable red flags. Hard, verifiable facts — frozen wallets, zero liquidity, anonymous teams, fake branding, and 100% token concentration in a single wallet.
This article breaks down exactly what I found, how these scams work, and how you can protect yourself before losing money.
The Problem Nobody Talks About
Every week, thousands of new tokens launch. Most are promoted aggressively on Twitter, Telegram, and Reddit. They have slick websites, roadmaps, “partnerships,” and promises of 100x returns.
Most are traps.
The sad reality is that the tools to detect these scams exist. Block explorers like Etherscan and Polygonscan are public. On-chain data is transparent. Red flags are often hiding in plain sight.
But reading raw contract data requires technical knowledge most investors don’t have. And by the time a token is exposed as a scam, it’s already too late — the team has dumped their tokens and disappeared.
That’s the gap MoonHunt was built to close: take all the on-chain and off-chain data and turn it into a simple, actionable risk score before you invest.
Here’s what that score revealed across 50+ real tokens.
The Anatomy of a Crypto Scam
After scanning dozens of tokens, clear patterns emerged. Scams aren’t random — they follow predictable structures. Here are the five most dangerous patterns I found, with real examples.
Pattern #1: Freeze Authority — The Silent Kill Switch
Tokens caught: RISE ($Rise), ROCKET ($ROCKET), CoinMarketTok ($TOK), WhiteWolfWifHat ($WOLF), TROPTIONS.Unity ($TUNIT) MoonHunt Scores: 15/100
This is the single most dangerous red flag I found, and it’s almost never talked about in mainstream crypto media.
What is Freeze Authority?
On Solana, token contracts can include a “Freeze Authority” — a permission that allows the token creator to freeze any wallet holding their token. If your wallet is frozen, you cannot sell, transfer, or move those tokens. Ever. Until they unfreeze you — which they won’t.
This isn’t a bug. It isn’t a glitch. It is a deliberate mechanism that gives the team complete control over your funds while you hold their token.
Real example: RISE ($Rise) — “NASA Moon Mascot”
RISE marketed itself as a NASA-affiliated meme token. It had a professional website, active social media, and a growing community. MoonHunt scored it 15/100 for one primary reason: Freeze Authority was active.
The NASA branding was completely fake. The domain was 12 days old. The team was anonymous. And at any moment, they could freeze every wallet holding $RISE and walk away with the liquidity.
Real example: WhiteWolfWifHat ($WOLF)
Same pattern. Score: 15/100. Freeze Authority active. But with an added layer of danger: 185% staking APY. That’s not a reward — it’s a lure. High APY attracts investors who then get frozen and can’t exit.
How to spot it: Any Solana token with active Freeze Authority is a red flag. Full stop. There is no legitimate use case for a meme coin or presale token to have this enabled.
Pattern #2: Total Supply Concentration — The Pre-Rug Setup
Tokens caught: $APRZ, $LILPEPE (Little Pepe), $NOC (Noctura), $ALT (AltDeer) MoonHunt Scores: 10–52/100
What is supply concentration?
When a small number of wallets — or worse, a single wallet — holds the majority of a token’s supply, they have the power to dump the entire market at any moment. This is called a “rug pull” — the team sells their massive holdings, the price crashes to zero, and retail investors are left holding worthless tokens.
Real example: $LILPEPE (Little Pepe) — Score: 28/100
One wallet. 100% of the total supply. Not 60%. Not 80%. One hundred percent. There is no liquidity pool. There is no exit path for investors. The only person who can profit from this token is the person who holds all of it.
Real example: $APRZ — Score: 10/100
Same structure. One wallet holds all tokens. No liquidity pool. No KYC. No team verification. 63% staking APY to lure investors in. Classic pre-rug setup.
Real example: $NOC (Noctura) — Score: 10/100
The top 10 wallets hold 100% of the supply. Zero liquidity. Zero on-chain safeguards for presale funds. The majority of press coverage is paid promotions, not organic news. This token exists purely to extract money from investors.
Real example: $ALT (AltDeer) — Score: 52/100
This one is more subtle — a score of 52 might seem acceptable. But dig deeper: the top 5 wallets hold 99.6% of supply, the liquidity pool is not locked (meaning the team can withdraw it at any time), and the implied Fully Diluted Valuation is $271 million against just $12,000 in actual liquidity. That’s a $271M market cap with essentially no real market behind it.
Pattern #3: Zero Liquidity — The Presale Trap
Tokens caught: $VIN (VinuHub), $NOC, $LILPEPE, $APRZ MoonHunt Scores: 10–29/100
What does “no liquidity” actually mean?
When you buy a token in a presale, you’re sending real money (ETH, SOL, MATIC) to the team in exchange for tokens. But if there’s no liquidity pool — a pool of funds on a DEX that allows buying and selling — then there is no mechanism for you to ever sell those tokens.
You have tokens. You cannot convert them to anything. You are trapped.
Real example: $VIN (VinuHub) — Score: 29/100
MoonHunt flagged three critical issues: unverified contract (code is hidden, backdoors likely), zero liquidity, and a ghost team with no KYC, no audit, and no identifiable names. This is a textbook presale trap — collect the money, disappear.
Real example: $SLCT (SmartLeCo) — Score: 10/100
This token claimed to be “available on QuickSwap and Uniswap.” The reality? $604 in total liquidity. Not $604,000. $604 — enough to process roughly one small trade before the price collapses. CoinCarp, GeckoTerminal, and DexScreener showed zero active markets. Their own Medium blog was asking their community to add liquidity — because they had none.
When confronted with these facts publicly, the SmartLeCo team responded by mocking the person asking: “Maybe you don’t even have a dollar to check.” Classic deflection from a team that can’t dispute the data.
Pattern #4: Hidden Contracts — The Backdoor Risk
Tokens caught: $VIN (VinuHub) MoonHunt Score: 29/100
What is an unverified contract?
When a token’s smart contract is not verified on a block explorer (Etherscan, Polygonscan, Solscan), it means the source code is hidden. You cannot see what the contract actually does. It could contain:
- Functions that mint unlimited new tokens
- Backdoors that transfer funds to the owner
- Restrictions that prevent selling
- Honeypot mechanics that let you buy but never sell
This is a non-negotiable red flag. Any legitimate project verifies its contract. Hiding the code is almost always intentional.
Pattern #5: Unsustainable Staking APY — The Inflation Bomb
Tokens caught: $WOLF (185% APY), $APRZ (63% APY), $PEPENODE (200% APY)
How staking APY becomes a weapon:
High staking rewards sound attractive. But those rewards have to come from somewhere. In almost every case with new tokens, staking rewards are paid in newly minted tokens — which means every staker who receives rewards immediately adds sell pressure to the market.
A 200% APY means the token supply doubles every year. That constant selling pressure makes it almost mathematically impossible for the price to sustain.
Real example: $PEPENODE — Score: 59/100
This one is interesting because it’s not an obvious scam. The contract is audited twice, the LP is locked, and ownership is renounced. But the price is down 97% from its presale price. The top wallet holds 75.9% of supply. Daily volume is $3,000 — barely enough to move a meaningful position. And the 200% APY creates relentless sell pressure.
This is the “not a rug, but you’re still wrecked” category. The token survives, but presale investors have lost almost everything.
The Complete Red Flag Checklist
After scanning 50+ tokens, here are the warning signs MoonHunt consistently flagged:
On-Chain Red Flags
🔴 CRITICAL — Walk away immediately
Freeze Authority active Team can freeze your wallet. You cannot sell or transfer tokens. Ever.
Unverified contract Source code is hidden. Backdoors, hidden mint functions, or honeypot mechanics likely exist.
1 wallet holds 80%+ of supply One entity can dump the entire market at any moment. There is no real price discovery.
No liquidity pool No exit path for investors. You send real money, get tokens you can never sell.
Fake partnerships or branding Active deception — like claiming NASA affiliation. If they lie about this, they lie about everything.
🟠 HIGH RISK — Proceed with extreme caution
Unlocked liquidity Team can drain the DEX pool at any time. Even if liquidity exists today, it can vanish tonight.
Unlimited mint function Team can print infinite new tokens, diluting your holdings to near zero.
APY over 100% Rewards are paid in newly minted tokens = constant sell pressure = price collapse over time.
🟡 MEDIUM RISK — Verify before investing
Ownership not renounced Team retains full contract control. They can change rules after you’ve bought in.
Off-Chain Red Flags
🔴 CRITICAL — Walk away immediately
Fake partnerships or branding If a project falsely claims affiliation with NASA, a major exchange, or any well-known brand — this is active fraud, not a mistake.
🟠 HIGH RISK — Proceed with extreme caution
Anonymous team, no KYC If things go wrong, nobody is accountable. No name, no face, no consequences for the team.
Domain under 30 days old Project infrastructure is brand new. Likely created specifically for this launch and can disappear just as fast.
80%+ paid press coverage Every article you read about this token was purchased. There is no organic interest — just manufactured hype.
🟡 MEDIUM RISK — Verify before investing
No audit from a known firm Contract has not been independently reviewed. CertiK, SolidProof, and similar firms publish their audits publicly — always verify directly on their website.
Copy-paste whitepaper No original thinking or planning. Often signals the “project” is a template with a new name and logo.
Dead or bot-filled socials Fake community. High follower counts mean nothing — check engagement rates and whether replies look human.
This format works perfectly on Medium. Each risk level has its own visual section, the emojis act as color-coded headers, bold text draws the eye to the flag name, and the plain-text explanation underneath is readable on mobile too. Much better than a table that renders poorly on most screens.
When a High Score Still Isn’t Safe
One of the most important lessons from scanning these tokens: a passing score doesn’t mean it’s a good investment.
$MAXI (Maxi Doge) — Score: 34/100
MoonHunt’s initial scan missed some key facts: the token is audited twice, the contract is renounced, and there was no private sale or insider dump risk. After manual verification, the picture changed — this isn’t a scam. But it’s still pure speculation with high volatility.
More importantly: there is already $10 million lost to a fake MAXI copycat token. Even when the real token is legitimate, scammers create imitations to exploit its community.
$ALT (AltDeer) — Score: 52/100
A score above 50 might feel acceptable. But 99.6% supply concentration and a $271M implied FDV against $12K liquidity means the risk isn’t captured in the score alone. Always read the findings, not just the number.
The lesson: Use the score as a filter, not a final verdict. Scores below 30 are almost certainly dangerous. Scores between 30–60 require manual verification. Even scores above 60 need a second look.
How to Protect Yourself: A Practical Guide
Step 1: Scan before you buy
Before putting any money into a new token, run it through MoonHunt (moonhunt.pro). Takes 60 seconds. Can save you everything.
Step 2: Read the findings, not just the score
The score is a summary. The real value is in the detailed findings — which wallets hold what percentage, whether the contract is verified, whether there’s real liquidity, and whether the team is identifiable.
Step 3: Apply the hard rules
- Score below 30? Walk away. No exceptions.
- Freeze Authority active? Never buy. Not worth the risk.
- One wallet holds 80%+? Not a real market.
- No liquidity pool? There’s no exit. Don’t enter.
- Anonymous team + no audit? Proceed only with money you can afford to lose entirely.
Step 4: Verify the audit
If a project claims to be audited, verify it. Go directly to the auditor’s website (certik.com, solidproof.io, etc.) and search for the project by name. Many projects claim audits that don’t exist, or display outdated audits that don’t cover the current contract.
Step 5: Check liquidity depth
$10,000 in liquidity sounds reasonable until you realize that a $5,000 buy would move the price by 50%. Real projects have real liquidity. Check the actual dollar amount, not just whether a pool exists.
Step 6: Google the team
If a team member’s name doesn’t appear anywhere outside the project’s own website, be suspicious. Real people leave digital footprints — LinkedIn profiles, conference talks, GitHub contributions, previous projects. No footprint usually means a fake identity.
A Word on the Projects That Push Back
After posting MoonHunt scan results publicly, I’ve noticed a consistent pattern in how questionable projects respond to criticism.
They never dispute the data. Instead, they:
- Attack the messenger (“Maybe you don’t even have a dollar to check”)
- Deflect with technicalities (“We’re on QuickSwap!” — with $604 in liquidity)
- Appeal to authority (“We’re verified on Polygonscan!”) — as if a block explorer listing equals a safe investment
- Accuse critics of spreading FUD — a term that’s become a shield for projects that can’t handle legitimate scrutiny
If a project responds to factual, data-backed concerns by insulting you rather than correcting the data — that tells you everything you need to know.
The Bottom Line
Crypto doesn’t have to be a minefield.
The data is public. The tools exist. The red flags are visible to anyone willing to look.
The scammers are counting on you not checking. They’re counting on the excitement of potential gains overriding your judgment. They’re counting on you seeing a slick website and 200% APY and not asking questions.
Don’t give them that.
Before your next investment: scan, verify, and only then decide.
→ Scan any token free at moonhunt.pro
All scan results referenced in this article are based on publicly available on-chain data. Scores may change as projects evolve. This is not financial advice — always do your own research.
I Scanned 50+ Crypto Tokens for Scams. Here’s What MoonHunt Found. was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.
