Security
Dec 16, 2025
Attacks on Threshold Schemes: Part 2
Deep dive into protocol-level vulnerabilities in threshold signature schemes: MtA oracle attacks, reshare synchronization flaws, determinist...
Token Risk Scanning for Traders: Glider Flags 20+ on-chain risks others miss.
Security
Aug 31, 2025
Table of contents
The explosion of decentralized finance (DeFi) and permissionless token creation has unlocked new financial primitives - but it has also introduced unprecedented risk for users. Every day, thousands of new tokens are deployed across EVM-compatible blockchains, many of which are designed not as innovative projects, but as vehicles for fraud.
According to the 2025 Chainalysis Crypto Crime Report, over $9.9 billion in on-chain value was lost to scams in 2024, with fraudulent tokens comprising one of the most pervasive vectors. These schemes target everyday traders through DEX listings, viral hype campaigns, and social engineering.
The data is alarming:
- Over 74,000 tokens launched in 2024 displayed clear signs of malicious intent, such as sudden liquidity removal, honeypot logic, and permissioned control.
- 94% of these scams were orchestrated directly by the token deployer, indicating a high level of premeditated exploitation.
- Thousands of individual users suffered complete losses, in many cases within minutes of purchase.
The token scam landscape has matured into a professionalized threat ecosystem, often powered by scam-as-a-service infrastructure, AI-generated deception, and increasingly complex smart contract obfuscation.
The Problem: Risks Hidden in Smart Contracts
Smart contracts define the behavior of tokens. Malicious actors routinely exploit this by embedding functionality into code that looks legitimate on the surface, but can be abused for illicit action. Some of the most common mechanisms include:
| Risk Type | Description |
|---|---|
| Honeypots | Preventing users from selling after purchase. |
| Mintable Tokens | Enabling unlimited supply inflation to dilute value. |
| Transfer Pausing | Allowing owners to arbitrarily freeze trading. |
| Blacklists | Selectively blocking addresses from transacting. |
| Ownership Retention | Centralized privileges to change token logic or execute backdoors. |
| External Calls in Transfers | Executing arbitrary external code during transfers. |
| Balance Manipulation | Altering token balances via non-standard or deceptive methods. |
These features are not always visible through public token explorers or simple scanners. Even experienced users may miss them without in-depth contract analysis.
| Category | Estimated Scam Risk | Description |
|---|---|---|
| All Token Launches | 35–40% | Average across all new tokens deployed, including memecoins, DeFi, utility tokens, and presales. Roughly 1 in 3 tokens turns out to be a scam. |
| Meme / Low-Cap Tokens | 80–95% | High-risk tokens with no real utility, often launched by anonymous teams. Most rely on hype, trend-jacking, and are short-lived. |
| Audited / Top 100 Tokens | <5% | Established tokens with public teams, strong liquidity, and security audits. Rarely malicious but still subject to market risk. |
| Tokens Launched via Presale (No Audit / Doxxing) | 90%+ | These tokens collect investor funds upfront without transparency or audit. Most vanish post-sale or rug-pull after launch. |
Introducing Token Risks API: Deep Token Risk Analysis in Seconds
Token Risks API is a real-time, on-chain token security scanner designed to detect 20+ critical threat vectors embedded in ERC20 token contracts. It enables traders, wallets, bots, and DeFi platforms to conduct comprehensive security assessments before interacting with a token.
Key Capabilities
- Fast: Executes full contract scans in <15 seconds.
- Deep: Analyzes standard and non-standard function logic.
- Accurate: Flags real-world attack vectors used in active scams.
- Multi-Chain: Currently supports 30+ EVM chains including Base and BNB.
Each risk is clearly labeled with severity and a contextual explanation, enabling safe decision-making even for non-technical users.
Benchmark: How Glider Compares to Other Solutions
In a recent comparative benchmark of 30 token contracts - including real-world scams - Glider was tested alongside common tools such as TokenSniffer, GoPlus, and QuickIntel.
Results:
- Glider identified 100% of critical threats embedded in the tested contracts.
- Competing tools missed between 40% and 75% of the same risks, often returning a false “Safe” status.
- Only Glider flagged non-standard manipulations and external call backdoors, which are commonly used in advanced exploits.
How to use Token Risks API
Check any token’s scam risk in seconds:
- Go to: Token Risks API
- Paste the token contract address.
- Select the correct blockchain.
- Click “Scan” to get a real-time risk score.
You’ll instantly see:
- Risk score
- Liquidity & ownership status
- Contract risks (e.g. honeypot, backdoors)
Perfect for traders, auditors, and anyone vetting tokens before investing.
Conclusion: Security Must Be Standard in Token Trading
If you trade without checking a token’s contract, it’s not a matter of if you’ll get scammed - it’s WHEN! With 74,000+ malicious tokens launched in 2024 and $9.9 billion lost to scams, the odds aren’t in your favor.
What makes Token Risks API different is that it isn’t built on surface-level patterns or guesswork. It’s a purpose-built system designed from the ground up to detect real, on-chain threats. It does the job others try to do, but with the depth and precision they were never built for.
In an environment where the cost of a single mistake is often total loss, real-time security analysis isn’t a luxury, it’s essential.
Try the API → Token Risks API
