How to check if a crypto token is a scam?

Paste the contract address into GhostScan. It checks for honeypots, rug-pull signals, dangerous contract permissions, holder concentration, and sanctions status. If you see CRITICAL or HIGH risk with signals like 'Honeypot detected' or 'Owner can modify balances', do not interact. For a comprehensive 100-point assessment across 35 chains, use the full GhostLabs deep audit at ghostlabs.asia.

Yes. GhostScan is completely free and open-source under the MIT license. No API key, no account, no cost. Self-host it or call the public instance at api.ghostlabs.asia/oss/scan/. For the full 100-point deep audit with PDF report and verified badge, visit ghostlabs.asia.

Open-Source · MIT License

The free detection layer anyone can build on.

Name: GhostScan
Author: GhostLabs

One endpoint. Paste a contract address. Get a structured risk verdict. Honeypot detection, rug-pull signals, holder concentration, sanctions screening. Returned as clean JSON you can build on.

No API key. No account. No cost. Self-host or call the public instance.

8 risk checks 17 EVM chains MIT License No API key

Try it now. Paste any contract address

Eight categories of risk analysis

What GhostScan checks.

Every scan runs eight categories of analysis. The free version. For the full 100-point assessment with 5 weighted pillars and amplifier mechanics, there’s the deep audit.

Honeypot detection

Can you actually sell this token? Checks buy/sell tax and whether the contract blocks transfers out.

Contract permissions

Can the owner mint new tokens, pause trading, blacklist wallets, or modify balances? Each permission is flagged with severity.

Holder concentration

Are the top 10 wallets holding a dangerous percentage of supply? Above 60% triggers a danger signal.

Liquidity analysis

Is there a liquidity pool? Is it locked? Unlocked LP is the number one rug-pull vector.

Sanctions screening

Is this address on the OFAC sanctions list or associated with known exploits?

Address reputation

Has this address been flagged by blockchain security providers as malicious or phishing-related?

Rug-pull signals

Has this specific token been confirmed as a rug pull by security databases?

Source verification

Is the contract source code published and verified on the block explorer?

Developer documentation

Three lines of code. That’s it.

No SDK. No auth. No setup. A single GET request returns everything you need.

Quick start

# Install (or just call the public API)
pip install fastapi uvicorn httpx
python ghostscan.py
# → Open http://localhost:7575

# Or with Docker
docker build -t ghostscan .
docker run -p 7575:7575 ghostscan

The endpoint

# Scan any token on any supported chain
GET /scan/{chain}/{address}

# Example: Scan USDT on Ethereum
curl https://api.ghostlabs.asia/oss/scan/eth/0xdac17f958d2ee523a2206206994597c13d831ec7

# List supported chains
GET /chains

# Health check
GET /health

Response shape

{
  "address": "0xdac17f...1ec7",
  "chain": "eth",
  "chain_name": "Ethereum",
  "token_name": "Tether USD",
  "token_symbol": "USDT",
  "risk_level": "MEDIUM",
  "risk_score": 24,
  "signals": [
    {
      "signal": "honeypot_clear",
      "severity": "clear",
      "label": "No honeypot detected",
      "detail": "Buy: 0%, Sell: 0%"
    },
    // ... more signals
  ],
  "summary": "Some risk signals...",
  "powered_by": "GhostLabs",
  "full_audit_url": "https://..."
}

Risk levels

Level	Score	Meaning
LOW	0 to14	No major risk signals.
MEDIUM	15 to34	Some signals. Review before proceeding.
HIGH	35 to59	Multiple signals. Extreme caution.
CRITICAL	60 to100	Critical risks. Avoid interaction.

Frequently asked questions

Everything you need to know.

How do I check if a crypto token is a scam?

Paste the contract address into the scanner above or call the API directly. GhostScan checks for honeypots, rug-pull signals, dangerous contract permissions, holder concentration, and sanctions status. If you see CRITICAL or HIGH risk, do not interact. For a comprehensive 100-point assessment across 35 chains, use the full GhostLabs deep audit.

Is GhostScan free?

Completely. No API key, no account, no cost. MIT license. Self-host it or call the public instance. The full GhostLabs deep audit with PDF report and verified badge is $98.

How is GhostScan different from the full GhostLabs audit?

GhostScan is the free detection layer: 8 risk signal categories, 17 EVM chains, simple risk score. The full GhostLabs deep audit runs a 100-point assessment across 5 weighted pillars with 20 questions per pillar, amplifier mechanics for critical failures, covers 35 chains including Solana, TRON, TON, Sui, Aptos, and Stacks, and delivers a PDF report with a verified badge. GhostScan is the stethoscope. The full audit is the diagnosis.

Can I use GhostScan in my product?

Yes. MIT license. Use it in your wallet, DEX, portfolio tracker, Telegram bot, or whatever you’re building. Self-host or call the public API. Attribution appreciated but not required.

What chains does GhostScan support?

17 EVM chains: Ethereum, BNB Smart Chain, Polygon, Base, Arbitrum, Optimism, Avalanche, Fantom, Cronos, Linea, zkSync Era, Scroll, Mantle, Blast, Celo, Gnosis, and Moonbeam. For non-EVM chains and 18 more EVM chains, use the full GhostLabs platform.

What is a smart contract audit?

A systematic review of a blockchain contract’s code and behaviour to identify security vulnerabilities, backdoors, and economic risks. GhostScan performs automated detection of the most common risk signals. For a full audit with static analysis, economic modelling, and expert interpretation, see the GhostLabs Smart Contract Audit service.

Can I self-host this?

Yes. GhostScan is a single Python file with three dependencies. Clone the repo, install requirements, and run. Docker image included. No API keys needed. It uses the free GoPlus API for data. View the source on GitHub.

The free layer

GhostScan is the stethoscope. The full audit is the diagnosis.

The free scan tells you the code looks safe. The deep audit tells the world you’re not a liability.

Get the full audit View on GitHub