> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Fake Tokens

> Spot fake tokens and impersonator scams that copy legitimate project names and symbols on DEXs, and learn how to verify contract addresses safely.

## Overview

**Fake tokens** are malicious tokens designed to impersonate legitimate projects. Scammers create tokens with similar names, symbols, or branding to trick users into buying worthless counterfeits.

<Warning>
  Always verify the exact contract address of a token before trading. Similar names and symbols are easy to copy.
</Warning>

## How Fake Tokens Work

1. **Target Selection**: Scammer identifies a popular or trending token
2. **Impersonation**: Creates a new token with identical or similar name/symbol
3. **Distribution**: Fake token appears in wallets or DEX searches
4. **Deception**: Users mistake it for the real token and buy
5. **Exit**: Scammer sells or rugs, leaving victims with worthless tokens

## Types of Fake Tokens

### Name Squatting

* Exact or near-exact name copying
* Same symbol as legitimate token
* Different contract address (the key difference)

### Airdrop Scams

* Unsolicited tokens appear in your wallet
* Designed to lure you to malicious websites
* Often have enticing names or values

### Logo/Branding Copies

* Stolen logos and imagery
* Copied website designs
* Fake social media accounts

### Pre-Launch Fakes

* Created before official token launches
* Exploit hype around upcoming projects
* Users think they're getting early access

## Detection Indicators

| Tag                   | Severity | Description                               |
| --------------------- | -------- | ----------------------------------------- |
| `fake_token`          | Critical | Token identified as impersonating another |
| `airdrop_scam`        | High     | Unsolicited token likely part of scam     |
| `phishing_token`      | Critical | Token designed to steal funds             |
| `unverified_contract` | Medium   | Contract source code not verified         |

## API Example

<Note>
  Never share real API keys in screenshots, logs, or client-side code.
</Note>

```bash theme={null}
curl -X GET "https://api.webacy.com/tokens/{TOKEN_ADDRESS}?chain=eth" \
  -H "x-api-key: {API_KEY}"
```

Response indicating fake token:

```json theme={null}
{
  "overallRisk": 99.0,
  "issues": [
    {
      "tag": "fake_token",
      "severity": "critical",
      "description": "Token impersonates a legitimate project"
    },
    {
      "tag": "phishing_token",
      "severity": "critical",
      "description": "Token designed to lure users to malicious site"
    }
  ]
}
```

## Red Flags

* **Different contract address** - Always verify against official sources
* **No liquidity or minimal liquidity** - Real tokens have established pools
* **No transaction history** - Legitimate tokens have trading activity
* **Appeared in wallet unexpectedly** - You didn't buy or claim it
* **Links to suspicious websites** - Different from official project URLs
* **No social presence** - Not mentioned by official project accounts

## Verification Steps

1. **Check official sources**
   * Project's official website
   * Verified social media accounts
   * Major market-data aggregator listings

2. **Verify contract address**
   * Compare exact address character by character
   * Use official links, not search results

3. **Check on block explorer**
   * Verify contract is verified
   * Check creation date and transaction history
   * Look for legitimate trading activity

## Protection Strategies

1. **Bookmark official sites** - Don't use search engines to find DEXes
2. **Verify contract addresses** - Always check the exact address
3. **Ignore airdrops** - Don't interact with unsolicited tokens
4. **Use official links** - Get addresses from verified sources only
5. **Check token age** - New tokens impersonating old projects are suspicious
6. **Verify on multiple sources** - Cross-reference contract addresses

## Handling Fake Airdrops

<Warning>
  Never interact with suspicious airdropped tokens. Attempting to sell them may trigger wallet draining transactions.
</Warning>

If you receive unexpected tokens:

* **Don't try to sell them** - This can trigger malicious contracts
* **Don't visit linked websites** - These are often phishing sites
* **Hide the token** - Most wallets let you hide unwanted tokens
* **Report if possible** - Help protect others from the same scam

## Related Concepts

* [Phishing](./phishing) - Deceptive attacks to steal credentials
* [Drainers](./drainers) - Wallet-draining attacks
* [Address Poisoning](./address-poisoning) - Similar address scams
