So, you made your first smart contract on Ethereum. Congratulations! By default, every platform and wallet lists your contract as a honeypot or a scam, and nobody will interact with it.
I recently went through the process of getting “scam” and “honeypot” warnings for $JBX (the JuiceboxDAO governance token) removed from popular crypto platforms. Keep in mind that Juicebox has $182m in volume and an established brand, so this may be more difficult for you. Here’s what you’ll have to do:
How to not be a scam:
- Verify your contract on Etherscan. Make an Etherscan account and get an API key. You can easily verify through this portal if you only have one contract. If you have multiple, pray that your development toolchain is able to verify them correctly. If it doesn’t, spend a few hours/days debugging. If you can’t fix it, file a bug report and wait.
- To update any tags or labels on Etherscan, you have to verify contract ownership. Sign a message from the wallet which deployed the contract and fill out a form for each piece of information you want to change. Wait for Etherscan’s customer support to get back to you, which will take a few days. If you want a fast respone, pay for their “Paid Priority support” service.
- Your token is still listed as a scam on most exchanges because many of them source information from CoinGecko. Make a CoinGecko account and fill out their request form. Once you fill out this request form, you’ll get sent to another request form (a Google Sheet this time). Carefully fill out this sheet, then email it to CoinGecko’s customer support and wait.1
- Your token is still listed as a scam on many exchanges because many of them source information from CoinMarketCap. Fill out another request form and wait.2 If you’d like a fast response (within 24 hours), you can pay them $5,000.
- Ledger is among the most popular hardware wallets for Ethereum. Many Ledger users will think your contract/token is a scam if it cannot be “clear-signed” with the Ledger wallet. To enable clear-signing, write an embedded plugin in C or Rust which satisfies Ledger’s design, documentation, support, and security audit requirements. Then, fill out another request form and wait.3
- Unfortunately, many will still consider your token a scam if it’s missing information on DexTools. Join their Telegram, pay them ~$1,200, and hope that an admin gets the updates right.4 Be careful – each update costs $1,200.
- Your token may still be listed as a honeypot or a scam due to inaccurate audits from GoPlus, Hapi Labs, Quick Intel, and Token Sniffer. Join the Telegram channel for each one of these services, and periodically explain what needs to be updated until an admin responds to you.5 Both DexTools and DexScreener prominently display any warnings from these audits.
- You’ll also want to get your project accurately listed on DefiLlama. Submit pull requests to their adapters repository and their server repository. Ask for a review in their Discord server and wait.
- You should also get your project and token listed on DappRadar. Make an account, fill out separate forms for your protocol and for your token, and wait.
- There may be a scam warning for your token on Uniswap, which is the most popular decentralized exchange. You might be able to get this fixed by submitting a pull request to their extended token list repository.
- Your token is still likely listed as a scam on Trust Wallet. Message their customer support until you get someone who will fix it for you.
- Your app won’t be available in Safe, the most popular Ethereum multisignature wallet. Add a
manifest.jsonand CORS headers according to their requirements, fill out a form, and wait.
- Your contracts won’t have metadata in MetaMask, which is among the most popular Ethereum wallets. You’ll have to submit a pull request to their contract metadata repository. Unfortunately, the repository is “effectively frozen.”
- Your token will still be missing from websites like ICO Bench, CryptoSlate, and CoinCheckup, as well as exchanges like Binance, Coinbase, and Kraken. Fix that.
Congratulations! Your token is no longer a scam. We know this is true because scammers cannot fill out forms or create pull requests.
I had to make 2 requests before getting a response, which took a week or so. ↩︎
I had to make 3 requests before getting an answer, which took about a month. ↩︎
I still haven’t done this one. ↩︎
They missed a few things in our case, but maybe they won’t for you. ↩︎
I’ve been through several rounds of this for $JBX, and which is still inaccurately listed as having a “Buy Tax of 0.01%” and has a “owner can change balance” warning on GoPlus. I sent several requests to Token Sniffer and never heard back. ↩︎