LearnCoinsBuzzReviewsSecurityScam WatchGlossarySearchStart Here →
Intermediate · Learning Resource

How to Spot Fake Tokens on a DEX (Before You Buy the Wrong One)

On a centralised exchange, if you search 'USDC' you get USDC. On a decentralised exchange, you get a list — and several of the results may be impostors with the same name, the same logo, and a contract built to trap you. Nobody vets tokens on a DEX; the whole point is that anyone can list one in minutes. So the single most valuable DeFi skill is telling the real token from the fake before you swap. Here's exactly how.

💡

The 20-second version

A token's real identity is its contract address, never its name or logo. Get the address from the project's official site or a major tracker (CoinGecko/CoinMarketCap), paste *that* into the DEX, and confirm it matches. Then check it's not a honeypot — do a tiny test buy and sell — and glance at the liquidity before committing real money.

Advertisement

Why fakes are everywhere

A decentralised exchange like Uniswap or PulseX doesn't have a listings team — it reads whatever tokens exist on the blockchain and lets you trade any of them. Creating a token costs pennies and takes minutes, so scammers mass-produce copies of anything trending: same ticker, same picture, subtly different contract. When a hot new coin launches, dozens of impostors appear within the hour, betting that you'll search the name, click the top result, and never check the address underneath. It's the DEX equivalent of a market stall selling 'Rollex' watches — and the buyer, not the platform, carries the loss.

The one check that matters: the contract address

Every token is a smart contract, and its address (the long 0x… string) is the only thing about it that can't be copied. A scammer can clone the name 'PEPE' and the frog logo perfectly; they cannot clone the real contract's address. So the golden rule is simple: never select a token by name — select it by verified address.

  1. Find the token's official contract address from a source the scammer doesn't control: the project's official website, or a major tracker like CoinGecko or CoinMarketCap (every coin page lists the contract address, usually with a one-click copy button).
  2. Copy that address and paste it into the DEX's token search — don't type the name and pick from the list.
  3. Confirm the token the DEX shows matches the name and details you expect. If the address you pasted returns the right token, you have the real one.
  4. Double-check the first and last few characters visually — address-poisoning tricks rely on look-alike endings.
  5. Save verified addresses somewhere (a notes file) so you never have to re-source them.
⚠️

Beware 'trending' and search results

A token appearing high in a DEX's trending list or search results means it has activity — which scammers manufacture on purpose. Position and popularity are not verification. The address is.

The honeypot check: can you actually sell it?

The nastiest fakes aren't wrong tokens — they're real-looking tokens with malicious code that lets everyone *buy* and blocks everyone (except the creator) from *selling*. That's a honeypot, and it's designed so the chart only ever goes up until the creator drains the pool. Two defences:

  • Test with pocket change. Buy a tiny amount, then immediately try to sell a portion back. If the buy works but the sell fails or reverts, you've found a honeypot — and lost pennies, not your stack.
  • Read the contract signals. Free honeypot-checker tools and the token's page on a block explorer can flag high sell taxes, blacklist functions, or an owner who can pause transfers. Unusual, asymmetric buy-vs-sell taxes are a classic tell.

Liquidity and ownership: the quick sanity checks

  • Liquidity depth. A real token has a meaningful pool; a trap often has a thin one, so a small buy moves the price wildly and demands high slippage. If the DEX warns you the price impact is huge, that's information.
  • Locked or renounced? Many legitimate projects lock their liquidity (so the team can't yank it) or renounce contract ownership (so functions can't be changed). Neither is a guarantee — scammers fake these too — but their total absence on a token asking for real money is a caution.
  • Age and holders. A token created three hours ago with fifteen holders and a frenzy of marketing is a different risk from an established one. Explorers show both.
  • Where did the link come from? A token address dropped in your DMs, a Telegram 'alpha' group, or a reply-guy under a celebrity tweet is guilty until proven innocent.

Protecting the wallet itself

Even with the right token, the *act* of trading carries risk: approvals you grant, signatures you sign. Trade from a wallet that holds only what you're actively using, revoke approvals you no longer need, and read every wallet confirmation before signing — most DeFi losses are signatures nobody checked. The full routine lives in how to use Uniswap safely, and it applies to every DEX.

See what you're signing

An air-gapped hardware wallet like the Keystone displays the full transaction on its own screen before you approve — so even if a fake token's site tries to slip a malicious signature past you, you catch it on a display a scammer can't spoof.

Check price →Affiliate link — we may earn a commission at no cost to you.

Key takeaways

  • A token's identity is its contract address — names and logos are trivially copied
  • Source the real address from the official site or a major tracker, then paste it into the DEX
  • Test-buy a tiny amount and try to sell it back to rule out a honeypot
  • Thin liquidity, brand-new age and DM-sourced links are all cautions
  • Trade from a low-balance wallet, read every signature, and revoke stale approvals

Frequently asked questions

The token has the exact right name and logo — isn't that enough?

No — those are the easiest things to copy, and impostors copy them precisely to fool exactly this instinct. Only the contract address, sourced independently, confirms identity.

What's a honeypot token?

A token whose code lets you buy but blocks you (though not the creator) from selling. The price looks like it only rises, right up until the creator removes the liquidity. Always test a small sell before buying more — full detail in our honeypot guide.

Are honeypot-checker websites reliable?

They're a useful first filter and catch many obvious traps, but they're not infallible — some malicious contracts hide behaviour that only triggers later. Treat a clean result as one green light, not a guarantee, and still test with pocket change.

LC

The Latest Crypto Team

Independent crypto education · free for all

We built LatestCrypto because we were fed up with the scams, shilling and terrible advice that fill the crypto internet. Everything here is free, honest and made with love — no hype, no “trust me bro”, and we’ll never tell you what to buy. Spotted something we got wrong? Tell us, and we’ll fix it.

Advertisement