Solana's speed and low fees make it one of the best blockchains for trading and DeFi. They also make it one of the best blockchains for scammers.
In 2025 alone, crypto users lost over $2 billion to phishing attacks, rug pulls, and wallet drainers across all chains — and Solana was disproportionately hit. The combination of cheap transactions (making scam token deployments nearly free), a massive memecoin market, and a constant stream of new users creates perfect hunting grounds.
The attacks are not sophisticated. Most scams rely on the same handful of tricks repeated thousands of times. Once you know the playbook, you can spot them before you lose a single lamport.
This guide covers every major scam type active on Solana in 2026, how each one works mechanically, and exactly what to do to protect yourself.
You open your wallet and see tokens you never bought. Maybe it is called "FREE $500 CLAIM" or "Jupiter Airdrop V2" or something with a legitimate project's name attached. The token's metadata includes a URL.
How it works:
- Scammers deploy a token for fractions of a penny on Solana
- They airdrop it to thousands of wallets by sending tiny amounts
- The token name or metadata contains a URL like
claim-jupiter-airdrop.com
- You visit the site, which looks like a real project's interface
- The site asks you to connect your wallet and "claim" your airdrop by signing a transaction
- That transaction is actually an approval or transfer that drains your real tokens and SOL
How to spot them:
- You never signed up for or qualified for the airdrop
- The token appeared in your wallet without any action on your part
- The token name contains a URL or instructions (legitimate tokens never do this)
- The "claim" site asks you to sign a transaction rather than just checking eligibility
- The URL is a slight misspelling of a real project's domain
What to do: Ignore them completely. Do not visit the URL. Do not try to sell the token (some are designed to fail on sell, wasting your SOL on fees). Do not interact with them at all. They will sit in your wallet harmlessly as long as you never interact. If they bother you visually, Phantom and Solflare both let you hide tokens from your portfolio view.
Drainer sites are the most dangerous active threat on Solana. They look identical to legitimate dApps — pixel-perfect clones of Jupiter, Raydium, Phantom's interface, or popular NFT marketplaces. The only difference is the URL and what happens when you sign.
How it works:
- Scammers clone a popular site's frontend (sometimes even scraping the live site in real time)
- They promote it via Google Ads, X posts, Discord messages, or SEO manipulation
- You connect your wallet, thinking you are on the real site
- The site presents a transaction that looks like a normal swap or approval
- The transaction actually transfers your tokens, SOL, and NFTs to the attacker's wallet
- Because you signed it with your private key, the blockchain considers it a valid, authorized transaction — there is no way to reverse it
How to spot them:
- Check the URL character by character.
jupiter-ag.com is not jup.ag. rayd1um.io is not raydium.io
- Bookmark the real URLs of every dApp you use and only access them via bookmarks
- Be suspicious of any dApp link shared in Discord, Telegram, or X replies
- Use Phantom's built-in transaction simulation — it will show you what a transaction actually does before you sign. If a "swap" transaction shows tokens leaving your wallet without receiving anything, reject it
- Never click "approve all" or sign transactions you do not fully understand
Key fact: Legitimate dApps will never ask you to sign a transaction during the connection step. The wallet connection itself should only request a signature to prove ownership (a message signature), not a transaction.
Honeypot Tokens
A honeypot token is one you can buy but cannot sell. The buying works perfectly — you swap SOL for the token on a DEX, the price chart looks normal, maybe it is even going up. But when you try to sell, the transaction fails every time.
How it works:
- The token contract includes code (or uses freeze authority) that blocks sell transactions from non-whitelisted wallets
- The developer's wallets are whitelisted, so they can sell whenever they want
- They buy from themselves to create fake volume and price action
- Other traders see the chart, buy in, and then discover they cannot sell
- The developer eventually sells their entire position, crashing the price on the trapped holders
How to check before buying:
- Paste the token's contract address into RugCheck before buying — it specifically flags active freeze authority
- Check Solsniffer for a safety score — honeypots typically score below 30
- Look at the transaction history on a block explorer. If there are many buys but zero sells from non-creator wallets, it is a honeypot
- Check if freeze authority is revoked. If it is active, the creator can freeze your tokens at any time
- Look at the token age. Honeypots are usually less than a few hours old
For a deeper comparison of scanning tools, read our guide to RugCheck, Solsniffer, and De.Fi.
Social Engineering Attacks
These scams do not require any smart contract tricks — they exploit trust, urgency, and impersonation.
Fake Support DMs
You post a question in a project's Discord or Telegram. Within minutes, someone DMs you claiming to be "support" or a "moderator." They offer to help you fix your issue. The "fix" involves:
- Visiting a link that turns out to be a drainer site
- Sharing your screen while your seed phrase is visible
- Entering your seed phrase into a "validation tool"
- Installing a "wallet repair" app that is malware
The rule: No legitimate project's support team will ever DM you first. Ever. Disable DMs from server members in Discord. Ignore all unsolicited Telegram messages.
Impersonation on X
Fake accounts copy a real project's profile picture, name, and bio, then reply to legitimate posts with phishing links. They will announce fake airdrops, fake migrations, or "limited time" minting events. The accounts often have purchased followers and look legitimate at first glance.
How to spot: Check the handle carefully (not just the display name). Check the account age. Check whether the real project follows them. Verify any announcements by going to the official account directly — never trust links in replies.
Fake Giveaways
"Send 1 SOL, get 2 SOL back" or "Connect your wallet to claim your reward." These prey on greed and FOMO. No one is giving away free money. Not Solana Foundation, not Phantom, not any project. If it sounds too good to be true, it is a scam without exception.
Rug Pulls
A rug pull happens when a token's developer removes all liquidity from the trading pool, making the token untradeable and worthless. It is the most common large-scale scam on Solana.
How it works:
- Developer creates a token and adds liquidity (SOL + token) to a DEX pool
- The token trades normally and the price rises as people buy in
- At peak hype, the developer withdraws all liquidity in one transaction
- The pool is empty — no one can sell, and the token price goes to zero
- The developer walks away with all the SOL that buyers put in
How to protect yourself:
- Check if LP tokens are burned or locked. Burned LP means the developer physically cannot withdraw liquidity. Use RugCheck or De.Fi to verify
- Look at the dev wallet holdings. If the creator holds more than 5-10% of the supply, the dump risk is high
- Check for bundle wallets — multiple wallets controlled by the same person, faking decentralized ownership. Solsniffer detects these
- Tokens launched via Pump.fun that have graduated to Raydium have their LP burned automatically, which eliminates the LP withdrawal vector (but not other rug vectors like dev dumping held tokens)
Red Flags Checklist
Before interacting with any new token, site, or project on Solana, run through this table:
| Red Flag | Risk Level | What It Means |
|---|
| Mint authority not revoked | Critical | Creator can print unlimited tokens and dump on you |
| Freeze authority active | Critical | Creator can freeze your tokens so you cannot sell (honeypot) |
| LP not locked or burned | High | Creator can drain liquidity at any time (rug pull) |
| Top 10 wallets hold 50%+ of supply | High | Coordinated dump can crash the price |
| Token appeared in your wallet unsolicited | High | Almost certainly a phishing airdrop scam |
| Site URL is slightly misspelled | Critical | Wallet drainer site |
| Someone DMs you first offering "help" | Critical | Social engineering / phishing attempt |
| No social media, no website, no team info | Medium | Could be a low-effort scam or pump-and-dump |
| Token is less than 1 hour old with 1000%+ gains | Medium | Extreme volatility, possible manufactured chart |
| "Send X to receive Y" mechanics | Critical | Always a scam, no exceptions |
| Transaction simulation shows unexpected token transfers | Critical | Drainer transaction — reject immediately |
Tools to Protect Yourself
You do not need to navigate Solana blind. These tools exist specifically to help you avoid scams:
Token Scanners (use before every buy):
- RugCheck — The most widely used Solana token scanner. Checks mint authority, freeze authority, LP status, top holders, and gives a risk rating. Free and fast
- Solsniffer — Provides a 0-100 safety score with detailed breakdown. Good at detecting bundle wallets and honeypots
- De.Fi — Cross-chain security scanner with a Solana-specific token audit tool and a revoke approvals feature
Read our full token scanner comparison for details on what each tool catches.
Wallet Security:
- Use Phantom or Solflare — both have built-in transaction simulation that warns you before you sign a malicious transaction
- Revoke old token approvals regularly. Stale approvals from dApps you no longer use are an attack surface. See our guide to revoking approvals
- Use a hardware wallet (Ledger) for any significant holdings
- Maintain a "burner" hot wallet with limited funds for interacting with new or unverified dApps. Never connect your main wallet to anything you are not 100% sure about
Habits:
- Bookmark every dApp you use — never follow links from social media or search ads
- Enable transaction simulation in your wallet settings
- Check URLs character by character before connecting your wallet
- Read our full wallet security checklist and make it part of your routine
What to Do If You Have Been Scammed
If you have already lost funds to a scam, act immediately:
- Revoke all approvals. Use De.Fi's revoke tool or Solflare's built-in approval manager to revoke every active approval on the compromised wallet. This stops ongoing drainage
- Move remaining funds. Transfer any remaining SOL, tokens, and NFTs from the compromised wallet to a new, clean wallet. Do this from a different device if possible, in case your current device has malware
- Do not reuse the compromised wallet. If you signed a malicious transaction, the wallet itself is still technically safe (the private key was not exposed). But if your seed phrase was exposed, every wallet derived from it is compromised — create an entirely new wallet
- Report the scam site. Report phishing URLs to PhishTank, Google Safe Browsing, and the community channels of the project that was impersonated. This helps get the site taken down faster
- Report the scam token or address. Flag the token on RugCheck or Solsniffer so other users are warned. Report the scammer's wallet address in community Discord servers
- Accept and learn. On-chain transactions are irreversible. There is no customer support that can reverse a blockchain transaction. Anyone claiming they can recover your funds is also a scammer. Use the experience to tighten your security habits going forward
Stay Ahead of the Scammers
Scammers are not clever — they are repetitive. The same fake airdrop trick that worked in 2023 still works in 2026 because new users keep falling for it. The moment you learn the patterns, you become nearly immune.
Make token scanning automatic. Make URL checking automatic. Make ignoring unsolicited DMs automatic. These are not burdens — they take seconds each and they are the difference between keeping your funds and losing them.
Browse security tools on MadeOnSol to find more tools that help you stay safe on Solana.
