# The bad, worse, and the worst

Before the tokens were drained, they had some decent-looking price actions and statistics that might go unnoticed as a scam to an inexperienced token trader.

## First token: [$MEMEFI](https://blokiments.com/detailedView/base?pairAddress=0x4816b0c0c2cb46623cd8c1ad39ebd8069e16d120)

Before it was drained, it had 225k USD liquidity. Such liquidity could easily deceive you into thinking a project with such liquidity is legitimate. But there was no information about liquidity locks, so you might be cautious here. The price action was decent, with a potential to grow. But sadly, this was a scam.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXc8D_2h9n3IZ9_OLNPZY8Ueu4nzMK5MDDah07N2qldiLq7uOKqvL_DTIUeP2bbwUmMTt3tmpz5m_8xnjxH-yUcecF-heQz1h4rDvG-l-BA4kHzyaU4Y3vi5iqS65dfueNUPR8LJr1R1a_2tOBiBwTbpGZQ?key=0sa-S0UawLBKGKIHIYZBsA" alt=""><figcaption></figcaption></figure>

## Second token: [$CARV](https://blokiments.com/detailedView/base?pairAddress=0x470c6aa2a7c024c7485a95a4202ef65b7711be70)

But the following token, $CARV, was a bit more sneaky; it had 188k USD in the liquidity pool, and of that, 100% was burned. It would seem that it is pretty legit. Also, the price action looks very like an uptrend. But if you inspect it closely, there is something a bit off. Almost every buy candle has a sell candle following it. It looks very unnatural, and indeed it was unnatural. This coin is also a honeypot with a fake, inflated price. Ultimately, the scammer drained the pool by selling all the tokens using a hidden mint.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXef1i9x6eb_KEaBsFf7qsO5sK_i3MgizV1fkbLkmyVq-u0O1O6GWDxEYEE3uiHG2D1tVAJgV-KGDdXWLEMY0tXWM8hb3WQMFTDF0a74sUgrwLgD_OzElYMhVw-83p9pWwblmmOujmFyBAxBTuZKmVI3I1oT?key=0sa-S0UawLBKGKIHIYZBsA" alt=""><figcaption></figcaption></figure>

## Third token:  [$CATS](https://blokiments.com/detailedView/base?pairAddress=0x40b56dff75d2161c26ff3b612c7f93cdfb894713)

The same goes for the $CATS token, which had 293k liquidity and is 100% burned. Again, we have the uptrend graph with sell candles following buy candles. It looks just too good to be true. And sure enough, it was a honeypot. Again, the scammers ran away with traders' money.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXcUlldIfzu1lYgapHq4Wi45DJ8zvf7QPPMmPd5wHeAgA99AvJox8clK9JFqABnwqtfUUDqeDpp1jZnFdScL6bGLZR5yQk6FHIUp6jBDlAxWE9Y5r9rShwxsw7m-5BjpKWFyFCp5VwXJURDgxYdQY3aDWcrp?key=0sa-S0UawLBKGKIHIYZBsA" alt=""><figcaption></figcaption></figure>

We need to mention that All the coins had faked the social data. They had Twitter, Telegram, and website links to legit projects, while they were actually “knock-offs.” So that was another red flag.

{% hint style="info" %}
We are in the process of implementing a system to detect such projects.
{% endhint %}

## The scam

And the biggest red flag: In one of our previous posts, we warned you about the `_transfer()` function of the token's smart contract. We said to check the smart contract for any suspicious or unnecessary complicated code. Well, we could apply the same rule here for these three tokens. They ALL had similar-looking \_transfer() function codes.&#x20;

But the following part is from the CARV token, specifically [LINK TO CODE](https://basescan.org/token/0xcB8790de7edc9AC06674eF42dFF1A341f0dB82D9#code):<br>

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXff0kqPDqGzSyWVSYPb-p-uNuQgJU1fdFYqUrDlC6s8QZEgdlBuWBSjkHKTkazrOakgBuqqD35ZjtLxCHQM1d30sJBlOfJf579dvShJkJ2xuuWjXSmEX_-JlhyOCS6Qu2LoJTH8713KQvKoHmWG12NRlTeA?key=0sa-S0UawLBKGKIHIYZBsA" alt=""><figcaption></figcaption></figure>

This is a transfer function. What is even that “gibberish”? They intentionally used weird formatting and random variable names to confuse you into thinking, “Maybe it is legit.” We will not even go into the details here because no sane and legitimate contract would make such complicated, unformatted code. **IF YOU SEE THAT, RUN AWAY.**

Another thing that we noticed is that these three tokens might be linked together somehow because they all used the same tactics:

* Make a knock-off name of a real token.
* Deploy the token with unreadable and confusing smart contract code.
* Scam.

So maybe the same person deployed these contracts?