Crypto Wallet Scam Checker
Been offered a deal that sounds too good to be true? Before you send a single token, paste the wallet address below. We'll check it against public scam databases, honeypot detectors, and on-chain data β instantly.
These community-driven tools show you instantly which contracts have their claws in your crypto β and let you revoke them.
revoke.cash β debank.com β unrekt.me βConnecting to a malicious site
Wallet drainers & phishing dApps
Scammers build near-perfect copies of legitimate dApps β fake NFT mints, fake token claims, fake airdrop pages. The site looks real. The URL is close but slightly off (blur-io.xyz instead of blur.io). When you connect your MetaMask and sign what looks like a routine transaction, you're actually handing over permission to drain every token from your wallet in one move.
These sites appear as links in Discord DMs, Twitter/X replies, Telegram groups, and even paid ads. The attacker pays for a Google ad to appear above the real site.
Investing in a known scam
Pig butchering, honeypots & rug pulls
Pig-butchering scams build trust over weeks or months β a new contact on a dating app or social media gradually introduces you to a "great investment opportunity." The wallet address they send has often already been reported. Honeypot tokens let you buy but block you from selling β the contract is coded to trap your funds while the developer drains the liquidity pool.
A rug pull looks like a legitimate token launch. Developers hype the project, liquidity pours in, then the team withdraws everything overnight and the token goes to zero.
Token approval theft
Unlimited approvals & silent drains
Every time you click "Approve" on a token swap or NFT mint, you sign a smart-contract message that says "this contract can spend my tokens." Most dApps default to unlimited approval β they can take your entire balance of that token, any time, forever, until you explicitly revoke it. These permissions survive long after you've forgotten the site existed.
A compromised dApp, a rug pull, or a zero-day exploit can trigger those approvals the moment it launches β no additional signature from you required.
What we check
π Wallet Address checker
Known scam databases
Cross-referenced against GoPlus Security's global blacklist of reported scam, phishing, and drainer wallets.
Honeypot detection
Checks whether tokens associated with this address can actually be sold β or if they're designed to trap your funds.
Dark web activity
Flags addresses with known connections to dark web marketplaces and illicit transaction patterns.
Mixer / Tornado Cash
Detects use of crypto mixers like Tornado Cash β a common way scammers launder funds before a rug pull.
Wallet age
New wallets (< 30 days old) are a major red flag. Scammers create fresh addresses for each operation.
Token holdings
Shows what's actually in the wallet. Scam wallets often hold worthless tokens designed to look valuable.
Sanctions check
Checks against OFAC and international sanctions lists for addresses involved in financial crime.
Multi-sig detection
Identifies if the address is a multi-sig contract. Legitimate investments never ask you to deposit into theirs.
π dApp / Website checker
MetaMask blocklist
Checks against MetaMask's own eth-phishing-detect list β over 198,000 crypto phishing domains maintained by the MetaMask security team.
ScamSniffer database
The largest web3 phishing domain list available, with over 345,000 reported sites. Updated daily by the ScamSniffer security team.
GoPlus Security
Real-time lookup against GoPlus's live web3 phishing API β the same engine used by MetaMask, Trust Wallet, and other major wallets.
URLScan.io
Searches prior security researcher scans of the domain to surface any malicious verdicts from the global security community.
OpenPhish feed
Cross-references against OpenPhish's actively-maintained list of live phishing URLs updated in real time.
Google Safe Browsing
When configured, queries Google's threat database β one of the largest phishing and malware URL repositories in the world.
VirusTotal
When configured, checks the URL against 70+ antivirus and security engines simultaneously for a comprehensive verdict.
Attribution, not verdict
We report what third-party databases say. We do not independently declare any site a scam. Always verify before connecting your wallet.
Is your wallet connected to something it shouldn't be?
Every time you connect MetaMask (or any wallet) to a dApp and approve a transaction, you're granting that contract permission to move tokens on your behalf β sometimes with no spending limit and no expiry date. These approvals stay active even after you stop using the site. A compromised or malicious dApp can drain your wallet months later using a permission you forgot you gave.
β οΈ What an approval actually means
When you click "Approve" on a token swap or NFT mint, you're signing a smart contract call that says "this contract can spend X amount of my tokens." Many dApps default to unlimited approval β meaning they can take everything you have of that token, any time, forever, until you revoke it.
If that dApp is later exploited, rug-pulled, or turns out to have been malicious from the start, the attacker can use your existing approval to empty your wallet β no second signature required.
π How to see and revoke your approvals
These free tools connect to your wallet (read-only) and show every active approval across all chains β then let you revoke the ones you don't recognize or no longer need.
- revoke.cash Most trusted The gold standard. Multi-chain, shows unlimited vs. limited approvals, one-click revoke. No account needed.
- debank.com Full portfolio view plus an approvals tab. Great if you also want to see your DeFi positions alongside your risk exposure.
- unrekt.me Simple and fast. Paste your address (no wallet connection required) to see approvals on Ethereum and EVM-compatible chains.
Best practices
Once you're done with a dApp, revoke its approval. There's no downside β you can re-approve the next time you use it.
When approving a swap, some wallets let you set a custom amount. Always approve only what you need for that transaction.
Run a revoke.cash check every few months β especially after any news of a DeFi exploit, since attackers often target old approvals.
Before clicking Confirm, expand the transaction details. If it says "Unlimited" next to a token amount β that's a red flag worth pausing on.
Common questions & scam patterns
What is the dApp / Website checker?
It's a free tool that takes any URL or domain and queries up to 7 independent security databases simultaneously β including MetaMask's own phishing blocklist, ScamSniffer, GoPlus, URLScan.io, and OpenPhish. It returns a red, yellow, or green result based on what those databases report. We do not make our own determination β we surface what the security community has already flagged.
What does a red result mean for a website?
It means one or more of the security databases we query has reported that domain. It does not mean we are calling it a scam β that determination comes from the third-party database. You should treat a red result as a serious warning, do your own additional research, and not connect your wallet until you are certain the site is legitimate.
What does a yellow result mean?
Yellow means the site is not in any blocklist, but it also has little or no security scan history β so there's not enough data to give a clean bill of health. New sites, obscure domains, or recently registered addresses often show yellow. Proceed with caution and verify the site through official channels before connecting.
Can I trust a site just because it shows green?
No. A green result means the site hasn't been reported to any of the databases we check β not that it's definitively safe. Brand-new phishing sites get a few hours before they're added to blocklists. Always double-check the exact URL in your browser bar, look for the official social media accounts, and never connect a wallet from a link sent in a DM or email.
How do wallet drainer sites work?
A wallet drainer is a website that mimics a legitimate dApp β a fake NFT mint, a fake token claim, or a fake airdrop. When you connect your MetaMask and sign a transaction, you're actually signing a permission that lets the attacker transfer every token out of your wallet in one move. The entire balance can be gone in seconds. The site often disappears within hours.
What is a honeypot scam?
A honeypot is a token you can buy but never sell. The scammer promotes it, you buy in, the price appears to rise β but when you try to sell, the contract blocks you. The scammer then drains the liquidity and disappears with your ETH.
What does "too good to be true" actually look like in crypto?
Guaranteed daily returns of 1β10%, "just stake your tokens in our wallet," airdrop claims that require sending tokens first, or someone in DMs offering to double your crypto. If the return sounds impossible in traditional finance, it's a scam in crypto.
Why would a wallet use Tornado Cash?
Tornado Cash is a mixer that breaks the on-chain link between wallet addresses. While some users value privacy, it's heavily used by scammers and hackers to hide the origin of stolen funds before cashing out.
Should I trust a wallet just because it has a large balance?
No. Scammers often seed wallets with worthless tokens or inflated "paper" balances to create the appearance of legitimacy. Always check if those tokens can actually be sold and what they're truly worth.
Is a new wallet always suspicious?
Not always β but in the context of someone pitching an investment, a wallet created in the last 30 days is a major red flag. Legitimate protocols and businesses have established on-chain history.
What should I do if this tool flags a wallet address?
Do not send funds. Screenshot the results. If someone is pressuring you to send crypto to a flagged address, that pressure itself is part of the scam. Report the address on chainabuse.com and walk away.
What should I do if the dApp checker flags a website?
Do not connect your wallet. Close the tab. Find the official project through a trusted source β their verified Twitter/X account or a well-known aggregator like DeFiLlama or CoinGecko. Report the site to MetaMask's phishing database at github.com/MetaMask/eth-phishing-detect.
Wallet check results are sourced from public databases including GoPlus Security, Etherscan, Alchemy, and honeypot.is.
dApp / website results are sourced from MetaMask eth-phishing-detect, ScamSniffer, GoPlus Security, URLScan.io, and OpenPhish.
All findings are reported from third-party databases and are not independently verified by Almstins.
This tool does not constitute financial or legal advice. Always do your own research.
A free tool by Almstins β crypto portfolio tracker & bookkeeping tool.