Hidden functions within smart contracts continue to pose a major risk in the crypto space, as they can allow developers to restrict token sales or withdraw liquidity without any prior warning.
According to recent data from the on chain security firm Web3 Antivirus, rug pulls accounted for more than 54 percent of newly identified crypto scams. The report suggests that although scam methods are evolving, many attackers still rely on launching seemingly legitimate token projects before exploiting hidden contract privileges to trap investors or drain funds.
Rug Pulls Remain the Most Prevalent Scam Type
In a June 9 update shared on X, Web3 Antivirus reported that honeypot schemes ranked second at around 22 percent. Fake tokens made up roughly 12 percent of cases, while scam airdrops accounted for just under 12 percent.
The effectiveness of rug pulls lies in their ability to mimic normal market behavior in the early stages. Prices rise, trading activity increases, and online communities appear active and engaged, giving the impression of a healthy project.
The danger only becomes apparent when contract owners activate concealed permissions that can block users from selling, remove liquidity pools, or otherwise restrict access to funds.
Web3 Antivirus described the process by noting that a token may appear to be thriving, with rising charts and growing community hype, but a single action from the contract owner can instantly reverse the situation. Once these controls are triggered, users may find themselves unable to exit while liquidity disappears and the token collapses.
Honeypot scams operate in a similar way. Fraudsters launch fake tokens backed by aggressive marketing campaigns designed to create a sense of legitimacy and demand. In many cases, scammers even conduct artificial trading to inflate volume and attract investors.
Once victims buy in at elevated prices, the contract prevents them from selling, allowing the attackers to extract funds and exit.
Web3 Antivirus Scam Pulse data indicates more than 425,000 rug pulls have been detected, along with 172,000 honeypot cases and over 94,000 scam airdrops.
The platform also reported that out of more than 100 million smart contracts analyzed, nearly 4 million have been classified as malicious, with approximately 3.1 million identified within the past month alone.
Rising Fake Token and Impersonation Activity
Security researchers have also observed an increase in fake token impersonation attacks. In its weekly leaderboard, Web3 Antivirus noted that Ethereum was the most frequently impersonated asset with 291 fake token detections. Tether followed with 270 cases, while USDC recorded 225. Overall activity has increased across nearly all monitored assets compared to the previous week.
Scam Delivery Methods Are Becoming More Sophisticated
Beyond blockchain based exploits, Web3 Antivirus highlighted that artificial intelligence is now helping scammers make phishing attempts more convincing. AI tools are being used to create polished emails, fake customer support chats, and deceptive social media posts that can easily pass quick visual inspection.
Their data shows that email remains the most common delivery channel at 53 percent, followed by SMS at 10 percent, social media at 9 percent, and online advertising at 8 percent.
Recent incidents highlight the growing threat. In May, a fraudulent Uniswap website reportedly drained at least 400,000 dollars from unsuspecting users before being taken down. That same month, Ripple’s former Chief Technology Officer David Schwartz warned XRP holders about a fake airdrop campaign targeting users on the XRP Ledger.
More recently, Web3 Antivirus identified a phishing account impersonating the Canton Network, which used official branding and misleading announcements to redirect users to malicious websites.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
