Skip to main content
All CollectionsTransactions / TagsCommon scenarios
Spam tokens, worthless NFTs, rug pulls
Spam tokens, worthless NFTs, rug pulls
R
Written by Robin Singh
Updated over a week ago

In your wallet, you will sometimes find tokens you didn't know you own. These may be harmless airdrops, but in most cases, these will be malicious tokens that were sent to you to steal your funds. These tokens are completely worthless and cannot be traded (any action taken involving those tokens may lead to the loss of all your funds - aka wallet draining).

Sometimes you also own tokens that are now worthless because the project closed, went bankrupt, or was a malicious project started with the intent to steal the money people invested in it (aka rug pull).

The article below provides some guidance on how to deal with such tokens in Koinly - note that we present different options and do not know which ones are possible/allowed in your country - contacting a crypto tax accountant is highly recommended in such cases.

Spam/Scam tokens and NFTs

πŸ”΄ Warning: Do not interact with those tokens "in reality" - do not send them to a different wallet, do not try to trade them, etc. Those tokens often have malicious code inside their contract and "transfer" can do something else than it says it does.

These are worthless tokens sent to your wallet, equivalent to spam emails in your inbox selling cheap drugs or insurance. The symbol of the token is sometimes a link instead of the usual ETH, BTC, etc.

🟒 Solution: Mark as spam

  1. Locate the token you want to tag as Spam on the "Transactions" page

  2. Click the 3-dot menu next to the transaction with this token

  3. Choose "Mark as Spam

  4. In the dialog box that appears, you can create additional automation to mark all previous/future transactions that fulfill the criteria as spam as well. The options are:

    • Mark currency as spam
      We recommend selecting this option in most cases. It will make sure that all transactions involving the same currency get automatically marked as spam

    • Mark source as spam (advanced)
      All deposits that were sent from this specific sender will be marked as spam. Only select this option if you are sure that the sending address is a spammer

    • Mark contract as spam (advanced)
      All deposits/withdrawals involving the specific contract will be marked as spam. Only select this option if you are sure that the contract is malicious


See the video presenting the steps mentioned above on how to tag a token as Spam:

Removing a spam rule

In some cases, you may want to remove a spam rule that you added in error or unmark all spam that you previously marked.

This can be done simply by unmarking one of the affected transactions. Once you select Unmark Spam from the 3-dot menu, you will again be prompted with a dialog box to confirm. If you want to remove the spam rules that were added previously, then you should not check any of the boxes. After confirming the action, all transactions that had previously been marked by this spam rule will no longer be marked as spam.
​

Managing spam rules

You can now view and remove all spam rules created by going to your Settings > Rules. There's a tab for "Spam rules" and "Currency Rules":

Rug pulls, NFTs that are completely worthless and illiquid (cannot be sold anymore)

Sometimes assets that you bought have depreciated in value to the point when they are worth essentially $0. Not all countries allow you to write off failed investments as losses - it depends on the guidelines published by your tax office.

🟒 Solution A: If you just want to remove this asset from your holdings, without realizing losses:

  • Send the token to a burner address* or create a manual withdrawal in Koinly

  • Tag the withdrawal as Lost

🟒 Solution B: If you want to realize losses on this asset equal to the cost of acquisition of this asset:

  • Send the token to a burner address* or create a manual withdrawal in Koinly

  • Edit the worth of the withdrawal and set it to $0

  • Do not add any tags

🟑 Note: There are websites that allow you to "sell" your illiquid assets for some dust amount. Those 3rd party websites are not affiliated with Koinly and we cannot guarantee they are safe, but due to this being a common inquiry, we provide an example of a service like that: https://harvest.art/

Known spam techniques: address poisoning

A very common technique used by scammers is "address poisoning". A scammer deploys a malicious smart contract that mimics a real token (ie. ETH).

This smart contract later posts transactions on the blockchain as if you were transferring this token (it doesn't require you to actually do it, the contract is designed to create transfers without you actually confirming them!). Scammers use this contract to "poison" your transaction history. It looks something like this:

  • Right after you made a legit transfer of ETH (9:14) scammers post a transaction with a fake ETH to the blockchain (9:17)

  • This transaction looks almost the same as the real one, but it has a slightly different "Receive" address - one that belongs to the scammer

  • The scammer is hoping that, the next time you make a transfer, you go and copy the last address you used - not knowing that you're copying a "poisoned" address

  • In the example above, the victim fell for this and one hour later unknowingly sent 1155 WBTC (68m USD) to the scammer's address

Did this answer your question?