Detecting Scam Tokens
In this guide, we'll teach you how to use our API to identify scam tokens that have been added to Pump AMM and Raydium CPMM pools.
This guide is specifically for tokens in Pump AMM and Raydium CPMM pools. For pump.fun and Bonk pools, this verification is not necessary because these launchpads are designed to ensure trust - you can be confident that no one will block your tokens or steal your money. The only risk on such launchpads is price volatility (you may lose money, but this is not a technical scam).
What is Technical Scam?
We're talking about technical scam - when you lose money not because of price fluctuations, but because of the technical capabilities built into Solana tokens. This is fundamentally different from market risk.
Understanding Token Programs
There are two token programs from Solana:
- spl-token - the older but still popular version
- spl-token-2022 - the newer version with extended capabilities
Every token you see on the Solana network belongs to one of these programs, and you can check this on Solscan. Older pump.fun tokens were issued on spl-token, and now there's a transition period to spl-token-2022.
Every memecoin belongs to one of these token programs. There can be no other option. (Technically, you can create your own program for token creation, but no one will recognize it - all pools only support SPL programs, and you cannot insert a token with custom code into a pool, meaning it cannot be traded).
Example Trade Event
Here's what a trading event from our Datastream looks like:
{
"signature": "Pkczfd1cLkq9rPL54ED1wAuKWcfUGrGeBvQB6WTYfbRd8ax9mEvPYgGiWmNEyndDubXgq9mgNyFvm9tEyZop8ds",
"mint": "44sHXMkPeciUpqhecfCysVs7RcaxeM24VPMauQouBREV",
"traderPublicKey": "26ooGGTHJwqr56cNg68oQge98LHw7Gq6HQw4grycFtEb",
"txType": "sell",
"tokenAmount": 1891.929271596,
"solAmount": 0.001437762,
"vTokensInBondingCurve": 47689214.30252432,
"vSolInBondingCurve": 36.330567072,
"price": 7.61819367405198e-7,
"marketCapSol": 761.7512257100611,
"pool": "raydium-cpmm",
"mintMethod": "custom",
"mintAuthority": None,
"freezeAuthority": None,
"tokenProgram": "spl-token-2022",
"tokenExtensions": [
{
"transferFeeConfig": {} <----- transferFeeConfig is VERY DANGEROUS, and probably the most common scam in the spl-token-2022
}
],
"block": 379519283,
"timestamp": 1762921101493
}
SPL-Token Security Checks
For spl-token, there are only 2 types of potential technical scams:
1. mintAuthority
A legitimate token, after minting tokens (for example, 1 billion new tokens), should disable mintAuthority by setting it to None (this is what launchpads do, and you can trust them).
⚠️ Warning: If the mintAuthority field contains an address instead of None, it means that more tokens can be minted at any time, diluting your holdings.
2. freezeAuthority
A legitimate token should NOT have freezeAuthority (value should be None). If there's an address in this field, the token is most likely a SCAM and can freeze your tokens at any moment.
This is normal only for stablecoins like USDC, USDT, and others, because regulators require them to have the ability to block funds in accounts. Therefore, theoretically, any of your USDC can be frozen at any moment.
For example, here's a frozen account transaction attempt we found from the USDC freeze authority. Open Program Logs and search the page for "account is frozen" and you'll see that the transaction fails not because of insufficient funds, but because the funds are blocked.
This is where the possibilities for abuse on spl-token end.
SPL-Token-2022 and Token Extensions
spl-token-2022 offers all the same features as spl-token, but adds token extensions on top. These extensions can bring both benefits and harm.
Below is a table ranking token extensions from safe and harmless to dangerous. If a token is not from a well-known company and has a dangerous extension, the probability of it being a scam is almost 100%.
Token Extensions Safety Reference
✅ Safe Extensions
These extensions are cosmetic or security-enhancing and do not affect your ability to trade:
| Extension | Description | Safety Level |
|---|---|---|
| metadataPointer | Points to token metadata | ✅ Safe |
| tokenMetadata | Contains token metadata information | ✅ Safe |
| groupPointer | Points to token group | ✅ Safe |
| groupMemberPointer | Points to group member | ✅ Safe |
| tokenGroup | Groups related tokens | ✅ Safe |
| tokenGroupMember | Member of a token group | ✅ Safe |
| scaledUiAmount | Changes UI display only | ✅ Safe |
| interestBearingConfig | Cosmetic interest rate display | ✅ Safe |
| mintCloseAuthority | Authority to close mint account (they can't close it if anybody still have token balance) | ✅ Safe |
🚨 Dangerous Extensions
These extensions can prevent you from selling or result in loss of funds:
| Extension | Description | Danger Level |
|---|---|---|
| memoTransfer | Requires memo for transfers | 🚨 High Risk |
| transferFeeConfig | Charges fees on transfers | 🚨 High Risk |
| transferHook | Custom code runs on transfers | 🚨 High Risk |
| permanentDelegate | Permanent control over tokens | 🚨 High Risk |
| defaultAccountState | Can set accounts to frozen by default | 🚨 High Risk |
| nonTransferable | Tokens cannot be transferred | 🚨 High Risk |
| confidentialTransferMint | Confidential transfers (incompatible with pools) | 🚨 High Risk |
| confidentialMintBurn | Confidential minting (incompatible with pools) | 🚨 High Risk |
| confidentialTransferFeeConfig | Confidential transfer fee (incompatible with pools) | 🚨 High Risk |
| pausableConfig | Can pause all transfers | 🚨 High Risk |
| cpiGuard | Your program will stop working | 🚨 High Risk |
Best Practices
When checking tokens through our API, always verify:
- ✅
mintAuthorityisNone - ✅
freezeAuthorityisNone(unless it's a known stablecoin) - ✅ If
spl-token-2022, checktokenExtensionsarray - ✅ Avoid tokens with dangerous extensions unless from trusted sources
Stay safe and always verify token before trading!