The blockchain is transparent — and that transparency can protect you. Here are the on-chain red flags that reveal phishing wallets, drainer contracts, and scam tokens.
One of the most powerful properties of public blockchains is that scam activity leaves a permanent, verifiable trail. Unlike traditional fraud — which often hides in private banking systems — crypto scams are executed on a public ledger. Every phishing transaction, every drainer contract, every spam token airdrop is recorded forever.
Learning to read these patterns gives you a significant advantage. Before interacting with any address, you can scan it and look for warning signs.
The most common form of on-chain phishing is the spam airdrop. Scammers send tokens with names like "claim-rewards.xyz", "visit-airdrop.io/claim", or "FREE ETH — go to [URL]" to thousands of wallets. The token itself is worthless — the goal is to get you to visit the URL and connect your wallet, at which point a drainer contract steals your funds.
On cryptoucan.xyz, we automatically filter out tokens whose names or symbols contain URLs, reward-related keywords, or suspicious patterns. If you see these tokens in a raw blockchain explorer and not in our tool, that's exactly why.
Phishing operations typically use fresh wallets to avoid being blacklisted. A wallet that was created days ago but has already processed hundreds of transactions is a major red flag. Legitimate high-volume wallets are almost always old — exchanges, protocols, and active traders have years of history.
Wallet drainers work by getting victims to sign a malicious approval transaction. This gives the drainer contract permission to move all tokens from the victim's wallet. If you scan a suspected drainer wallet, you'll see a consistent pattern: funds arrive from many different addresses in small amounts, then large outflows to a consolidation wallet.
Some scammers create addresses that look similar to legitimate ones — same first and last few characters. Always verify the full address, not just the abbreviated version. cryptoucan.xyz displays the full address prominently so you can verify it.
Immediately revoke any token approvals you've granted using a tool like revoke.cash. Move any remaining assets to a new wallet. Do not interact further with the suspicious address. Report the address to the Ethereum community via platforms like Etherscan's comment system.
Scan any suspicious address before interacting — see its full history in plain English.
Scan an Address →