TL;DR
Token metadata is the on-chain information attached to a Solana token including its name, symbol, logo, description, and links — defined using the Metaplex Token Metadata standard.
Every token’s metadata includes: name (display name), symbol (ticker), URI (link to JSON with logo, description, and details), and update authority (who can change the metadata). The URI typically points to a JSON file on IPFS or Arweave containing the token’s image, description, social links, and additional properties. This is what wallets and DEXs use to display token information.
An active update authority means someone can change the token’s name, symbol, and logo at any time. Scammers exploit this: launch a token with a legitimate-looking name, attract buyers, then change the metadata to reveal it was a scam — or rename it to impersonate another token. Check if the update authority is revoked for tokens you’re considering. Pump.fun tokens have metadata set at creation but the update authority varies.
Use block explorers to view a token’s raw metadata account. Check the update authority (revoked is safer). Verify the URI points to decentralized storage (IPFS/Arweave — can’t be changed) vs centralized hosting (can be swapped). Compare the token’s metadata claims (website, Twitter) with the actual project. Token Scanner checks metadata authority as part of its risk assessment.