In your wallet, you will sometimes find tokens you didn't know you own. These may be harmless airdrops, but in most cases, these will be malicious tokens that were sent to you to steal your funds. These tokens are completely worthless and cannot be traded (any action taken involving those tokens may lead to a loss of funds - aka wallet draining).
The article below provides some guidance on how to deal with such tokens in Koinly - note that we present different options and do not know which ones are possible/allowed in your country - contacting a crypto tax accountant is highly recommended in such cases.
Marking spam transactions
Spam tokens are worthless tokens sent to your wallet, equivalent to spam emails in your email inbox. The symbol or the name of the token is sometimes a link instead of the usual symbol like ETH, BTC, etc.
It's best not to interact with those tokens "in reality" - do not send them to a different wallet, do not try to trade them, etc. Those tokens often have malicious code inside their contract and "transfer" can do something else than it says it does.
π’ Solution A: Mark transaction as spam
Locate the token you want to tag as Spam on the "Transactions" page
Click the 3-dot menu next to the transaction with this token
Choose "Mark as Spam"
Koinly will automatically create a rule to mark all transactions with this token as spam if it's an unknown token that wasn't transacted (only deposited)
π’ Solution B: Mark token as spam
Locate the token you want to tag as Spam on the "Transactions" page
Click on the token's icon
In the dialog that appears, clisk "Mark as Spam"
All transactions with this token will now be marked as spam (deleted), including transactions imported in the future
When to mark a token as spam
If the token appeared in your wallet unsolicited, without any action on your part
If you never interacted with the token and never will (e.g. you didn't trade it)
If the token is worthless (illiquid, unsellable)
βοΈ Do not mark tokens you traded as spam
What marking a token as spam does
All transactions with the token are deleted
Balances (reported balances) for the token are hidden
Removing a spam mark
In some cases, you may want to remove a spam mark that you added by mistake.
Find this transaction on the "Transactions" page and use the 3-dot menu to "Unmark as spam":
βοΈUnmarking a transaction only unmarks this one transaction
Other transactions with this token will not be restored and a spam rule will not be deleted if it exists - for that, you'll need to delete the rule from Settings
β
Managing spam rules
You can now view and remove any and all spam rules created by going to your Settings > Rules. There's a separate tab for "Spam":
βοΈ Deleting a spam rule will unmark (restore) all transactions with this token
βΉοΈ Global spam rules
Only tokens you yourself marked as spam will be visible in this section. In addition to this, Koinly also uses a set of 'Global' spam rules that are tracked on our servers and applied universally to all users to help filter out most spam transactions. If you believe a token you traded is incorrectly marked as spam, please contact support via our in-app.
Known spam techniques
π Address poisoning
A very common technique used by scammers is "address poisoning". A scammer deploys a malicious smart contract that mimics a real token (ie. ETH).
This smart contract later posts transactions on the blockchain as if you were transferring this token (it doesn't require you to actually do it, the contract is designed to create transfers without you actually confirming them!). Scammers use this contract to "poison" your transaction history. It looks something like this:
Right after you made a legit transfer of ETH (9:14) scammers post a transaction with a fake ETH to the blockchain (9:17)
This transaction looks almost the same as the real one, but it has a slightly different "Receive" address - one that belongs to the scammer
The scammer is hoping that, the next time you make a transfer, you go and copy the last address you used - not knowing that you're copying a "poisoned" address
In the example above, the victim fell for this and one hour later unknowingly sent 1155 WBTC (68m USD) to the scammer's address
π’ Solution:
Mark the fake tokens as spam
β¨ Dust attack
Unlike address poisoning, dust attack is often done using a "legit" token (ETH, SOL, etc.). Scammer sends hundreds of thousands of small deposits (amount is 0.00000000001 SOL, for example - hence "dust") to active wallets.
The purpose is the same - scammer is hoping that, next time you make a transaction, you copy their address from your transaction history by mistake and send them funds.
The amount of dust received may be so small that it appears as zero in Koinly:
π’ Solution:
Don't mark the token as spam
Tag it as "Airdrop" or "Reward" instead
If you receive a lot of dust deposits daily, you can aggregate them
Changelog
2025-12-31: Removed section about rug pulls
Rug pull section was removed in favor of the new article How to write off lost, stolen or worthless assets
2025-08-26: Redesign of spam rules
Spam rules have been redesigned and the article now reflects current functionality
Only currencies (assets) can be marked as spam now
Spam rules based on TxSrc and Contract have been removed - if needed, a delete rule can be created in their place - What are rules?