In your wallet, you will sometimes find tokens you didn't know you own. These may be harmless airdrops, but in most cases, these will be malicious tokens that were sent to you to steal your funds. These tokens are completely worthless and cannot be traded (any action taken involving those tokens may lead to the loss of all your funds - aka wallet draining).
Sometimes you also own tokens that are now worthless because the project closed, went bankrupt, or was a malicious project started with the intent to steal the money people invested in it (aka rug pull).
The article below provides some guidance on how to deal with such tokens in Koinly - note that we present different options and do not know which ones are possible/allowed in your country - contacting a crypto tax accountant is highly recommended in such cases.
Spam/Scam tokens and NFTs
π΄ Warning: Do not interact with those tokens "in reality" - do not send them to a different wallet, do not try to trade them, etc. Those tokens often have malicious code inside their contract and "transfer" can do something else than it says it does.
These are worthless tokens sent to your wallet, equivalent to spam emails in your inbox selling cheap drugs or insurance. The symbol of the token is sometimes a link instead of the usual ETH, BTC, etc.
π’ Solution: Mark as spam
Locate the token you want to tag as Spam on the "Transactions" page
Click the 3-dot menu next to the transaction with this token
Choose "Mark as Spam
In the dialog box that appears, you can create additional automation to mark all previous/future transactions that fulfill the criteria as spam as well. The options are:
Mark currency as spam
We recommend selecting this option in most cases. It will make sure that all transactions involving the same currency get automatically marked as spamMark source as spam (advanced)
All deposits that were sent from this specific sender will be marked as spam. Only select this option if you are sure that the sending address is a spammerMark contract as spam (advanced)
All deposits/withdrawals involving the specific contract will be marked as spam. Only select this option if you are sure that the contract is malicious
See the video presenting the steps mentioned above on how to tag a token as Spam:
Removing a spam rule
In some cases, you may want to remove a spam rule that you added in error or unmark all spam that you previously marked.
This can be done simply by unmarking one of the affected transactions. Once you select Unmark Spam from the 3-dot menu, you will again be prompted with a dialog box to confirm. If you want to remove the spam rules that were added previously, then you should not check any of the boxes. After confirming the action, all transactions that had previously been marked by this spam rule will no longer be marked as spam.
β
Managing spam rules
You can now view and remove all spam rules created by going to your Settings > Rules. There's a tab for "Spam rules" and "Currency Rules":
Rug pulls, NFTs that are completely worthless and illiquid (cannot be sold anymore)
Sometimes assets that you bought have depreciated in value to the point when they are worth essentially $0. Not all countries allow you to write off failed investments as losses - it depends on the guidelines published by your tax office.
π’ Solution A: If you just want to remove this asset from your holdings, without realizing losses:
Send the token to a burner address* or create a manual withdrawal in Koinly
Tag the withdrawal as Lost
π’ Solution B: If you want to realize losses on this asset equal to the cost of acquisition of this asset:
Send the token to a burner address* or create a manual withdrawal in Koinly
Edit the worth of the withdrawal and set it to $0
Do not add any tags
π‘ Note: There are websites that allow you to "sell" your illiquid assets for some dust amount. Those 3rd party websites are not affiliated with Koinly and we cannot guarantee they are safe, but due to this being a common inquiry, we provide an example of a service like that: https://harvest.art/
Known spam techniques: address poisoning
A very common technique used by scammers is "address poisoning". A scammer deploys a malicious smart contract that mimics a real token (ie. ETH).
This smart contract later posts transactions on the blockchain as if you were transferring this token (it doesn't require you to actually do it, the contract is designed to create transfers without you actually confirming them!). Scammers use this contract to "poison" your transaction history. It looks something like this:
Right after you made a legit transfer of ETH (9:14) scammers post a transaction with a fake ETH to the blockchain (9:17)
This transaction looks almost the same as the real one, but it has a slightly different "Receive" address - one that belongs to the scammer
The scammer is hoping that, the next time you make a transfer, you go and copy the last address you used - not knowing that you're copying a "poisoned" address
In the example above, the victim fell for this and one hour later unknowingly sent 1155 WBTC (68m USD) to the scammer's address