1. Help Center
  2. Protect Yourself from Fraud and Scams!
  3. Watch Out for Crypto Scams!

Fake tokens: How to spot them and verify the official smart contract of stablecoins like USDC and USDT

Modified on:

Unfortunately, crypto scams involving fake tokens are a reality in the ecosystem and are becoming more and more common. In this type of crypto fraud, scammers create unauthorized versions of popular tokens and stablecoins, such as USDC or USDT, with the goal of deceiving users and stealing their funds.

In order to better understand why this can happen, it’s worth clarifying something important. Tokens are crypto assets that do not have their own native network, unlike coins, and are instead created and deployed on blockchains through smart contracts. These contracts define how they work: how many tokens are there, who issues them, which network they run on, and so on. In this sense, practically all stablecoins are a type of token.

Because anyone can create a smart contract on a blockchain, scammers launch fake copies of tokens to try to scam users. The best way to protect your digital assets against this kind of threat is to learn how to tell a fake token from a genuine one.

In this article, we’ll walk you through:

  1. How to verify the official smart contracts of USDC (Circle) and USDT (Tether).
  2. How to find the contract address of a transaction and identify whether it belongs to an official token smart contract or not.
  3. How to spot fraudulent tokens so you can avoid crypto scams involving this type of cryptocurrency.

If you already know how to use a blockchain explorer and how to find the smart contract address of a transaction, you can skip straight to the “Summary” section, where you’ll find a comparison table and a checklist to help you identify a fake token more easily.

The scammer’s first move

In crypto scams involving fake tokens, it’s very common for scammers to try to contact you. They may reach out via email or through social media platforms like WhatsApp or Telegram, either through a direct message or within groups. They use various tactics, from pretending to be exchange support staff warning you about a fake token that appeared in your wallet, to claiming they sent you tokens by mistake, including you in a new project airdrop, telling you that you won a prize, or simply giving away free tokens.

Be careful: If someone offers you free tokens, it is most likely a scam. If they also ask you to pay gas fees or any other commission upfront, it almost certainly is. Whatever the case, it is crucial to always verify whether the token in question is real or fake.

Finally, if you happen to be selling a product and accepting payment in tokens, always make sure the tokens are legitimate before you complete the sale.

The ultimate way to verify a token is its official smart contract 

In crypto, the smart contract is the official and immutable identifier of a token. A fake token can use a name that looks very similar to the real one to try to trick you, but it will always have a different smart contract address than the official one.

To verify the smart contracts of tokens and stablecoins like USDC and USDT, the only fully reliable sources of information are the websites of their issuers:

USD Coin (USDC): Issued by Circle

Like many stablecoins, USDC operates on multiple networks. Circle, its issuer, maintains a centralized and easy-to-access list with the smart contract addresses of USDC for each of the blockchains where this token runs.

How to verify an official contract using Circle’s information:

  1. Click on Circle’s link to the list of official USDC contract addresses. 
  2. Find the blockchain network your token is on (e.g., Avalanche, Ethereum, Polygon, or Solana).
  3. Compare the contract address of the token you received with the one shown on Circle's website. 
    It has to match exactly. It doesn’t matter if it appears in uppercase or lowercase; as long as every single character matches in the same order, it’s the same address.
  4. If the addresses don’t match, it’s a fake token. Do not try to send it or interact with it, because it’s almost certainly part of a crypto scam attempt.

USDT (Tether): Issued by Tether

Tether, a pioneer in the stablecoin market, also operates on multiple networks and provides an official resource to verify each of its smart contracts.

How to use Tether’s information:

  1. Click on Tether’s official Transparency page. 
  2. On this page, you’ll find a section for each of the stablecoins issued by Tether. In the tab for USDT, you’ll see a list of the blockchains where this stablecoin operates. To find the official contract for a specific network, click the “Details” button for the blockchain you want to verify.
  3. Finding the contract on Tether’s page can feel less intuitive than on Circle’s. What appears as the contract address is actually the web address (URL) that takes you to the token’s official contract page inside a blockchain explorer*. The last part of that URL is the smart contract address.

Example of a contract URL provided for USDT on Avalanche:

https://snowtrace.io/token/0x9702230a8ea53601f5cd2dc00fdbc13d4df4a8c7

The smart contract address is: 0x9702230a8ea53601f5cd2dc00fdbc13d4df4a8c7

  1. Compare your token’s contract address with the official one. Remember: It doesn’t matter if the address appears in uppercase or lowercase; as long as all the characters match in the same order, it’s the same address. If they don’t match, it’s a fake token

How to find a token’s contract address from a specific transaction

Another very useful tool is blockchain explorers such as SnowScan, Etherscan, Arbiscan, and others. On these sites you can look up transaction and address data you want to verify, and compare it against the official contracts. Note: each blockchain explorer focuses on a specific network; for example, Etherscan for Ethereum and SnowScan or Snowtrace for Avalanche.

Example of a real token vs. a fake one

Let’s say one day you receive what appears to be a USDC token in your wallet. How can you check whether it’s a fake token or a real one?

The first thing you need to do is go to your wallet’s Activity/Transactions section and find the transaction for this token. Copy the transaction hash and paste it into the search bar of the blockchain explorer for the network where the transaction took place (e.g., SnowScan for Avalanche or Etherscan for Ethereum).
Note: some wallets let you open the blockchain explorer directly from the transaction details screen.

As we mentioned earlier, some tokens move across many networks. In this case, we’ll look at examples of USDC transactions on Avalanche’s C-Chain.

REAL TOKEN 

Below is an example of the results for the transaction hash of a real USDC token on the Avalanche network: https://snowscan.xyz/tx/0x9fc5cefa70afe6aa88bf9c16e893c190e0dc14ed01f5ad786ddbffd52dca7674

To verify that it’s a real token, the most important part to check is the Interacted With (To) section. This section shows the contract address of the token that was sent to you. After the contract address, you will see the contract creator + ticker + the word 'Token' inside parentheses: (Circle: USDC Token)

In the ERC-20 Tokens Transferred section, you will see the logo, the official token name, and the ticker displayed at the end of the line, which in this case is USD Coin (USDC). 

 

 

If you click on the contract address, it takes you to the following page: https://snowscan.xyz/address/0xb97ef9ef8734c71904d8002f8b6bc66dd9c48a6e 

This page displays information regarding the USDC smart contract on Avalanche. In the top-left corner, you can see the Circle contract address. 

Additionally, under More Info, you can view the contract creator's details (Circle) and when it was created (3 years and 359 days ago). Under Token Tracker, you will find the full token name (USD Coin) and its ticker (USDC), as well as the unit value ($0.9998) which, for stablecoins pegged to the US dollar, should be around $1. 

Another key point is transaction frequency, which you will see in the Age (or Time) column. A legitimate token has very high volume, meaning there is always constant, recent activity. Here, we can see that multiple operations occurred at the same time (just 7 seconds ago).


 

If we compare the smart contract address shown on the SnowScan page we just saw with the USDC smart contract on Avalanche published on Circle’s official website (the creators of USDC), shown below, we’ll see that they match:

 

 

FAKE TOKEN

Now, let’s look at the same screens but for the transaction hash of a fake USDC token:
https://snowscan.xyz/tx/0xc8c2544057a4047adfb436dbe4e95a16d3c7d6d642a3c603aa12faab9f03db6d 

In the Interacted With (To) section, you can see the contract address, but there’s no indication that it corresponds to the USDC token. In this specific case, the contract creator is named “Fake-Phishing1311869,” but that does not mean the scam attempt will always be this obvious. 

You can also see that in the ERC-20 Tokens Transferred section, the token name appears as “ERC-20: USDC (USDC),” unlike the real token in the first image, which shows “USD Coin (USDC)” along with the logo.   


 

If you click on the contract address, it takes you to the following page:

In the top-left corner, we can see the smart contract address for the transaction we saw on the previous screen.

In the More Info section, the Contract Creator is not Circle, but “Fake_Phishing1311870”. The token details do not include a logo or a price and, although the ticker appears the same as the real token (“USDC”), the token name is incorrect. It should be USD Coin, not ERC-20: USDC. 

Regarding the transaction frequency shown in the Age (or Time) column, we can see that many days have passed since the last transaction, and there are even gaps of days between them. As we saw earlier, real tokens show frequent activity, which is not the case here. 

 

If we compare this contract with the contract published by Circle for USDC on Avalanche, we can see that the address does not match. Blockchain explorers are not guaranteed to have flagged addresses used in scams, as in this case. That’s why you must always verify that the addresses match.

What to do if you receive a fake token

Good news: If someone sends a fake token to your Bitso wallet, it will not appear in your account. Bitso detects fake tokens and isolates them so that you’re not exposed to any risk. Fake tokens sent to Bitso accounts are never returned to senders or credited to recipients’ accounts.

However, if someone you do not fully trust tells you they sent you a token but you never received it, it was most likely a crypto scam attempt.

If you suspect you have received a fake token (in a self-custody wallet), follow these safety guidelines:

  • NEVER attempt to sell or transfer a fake token. The scam often relies on convincing you that the token has value. If you try to interact with it, you’ll probably be asked to pay a fee in the network's native token (e.g., ETH on Ethereum), which will go directly to the scammers.
  • IGNORE and, if possible, HIDE the token in your wallet. Treat it like spam. You cannot lose your funds unless you interact with the fake token's smart contract.
  • NEVER accept or respond to calls, direct messages, or emails from "support" claiming to "help" you recover or sell your tokens. These are likely the scammers attempting a second attack. 
    The Bitso team will never ask for your private keys or request that you send funds to an address in order to "release" a token. 

Remember: If the smart contract is not the official one, the token is NOT legitimate and is NOT backed by the issuer.

Here you can see a summary of this article and the checklist to identify this type of situation:



 

Was this useful?

Related articles