How can fake tokens appear in wallets?

Fake tokens may show up as spam. Stay safe by not interacting.

Fake tokens can appear in wallets through on-chain spam, and the real risk starts only if they’re interacted with.

Fake tokens can show up in a wallet even when nothing was bought, claimed or imported. It can feel personal, but in most cases it is simply on-chain spam.

Sometimes a wallet is opened and a random token is sitting there, maybe with a familiar name like “USDT” or “SHIB” or a strange website embedded in the title. It may look like someone “sent” it, and often that is exactly what happened. If a token appears out of nowhere, it usually means it was transferred to the address like spam. Many wallets display it automatically once it is detected onchain.

Why tokens can show up without permission

A wallet address works like a mailbox with a public label. Anyone can send tokens to it. The wallet does not accept or reject incoming tokens in advance. It simply reads the blockchain and displays the balances it finds for that address.

1inch Wallet offers token autodetection, which automatically shows tokens with a balance.This can be helpful because custom tokens do not always need to be imported manually. The same feature also explains why tokens can appear even if nothing was done in the wallet. Token autodetection can be switched off in Settings at any time.

What is the most common way fake tokens show up?

The most common route is airdrops. There are two broad types.

Legit airdrops

Projects airdrop tokens to many addresses for marketing, rewarding users or distributing a new asset.

Scam airdrops

Scammers use the same mechanics for a different goal: triggering an action. A token is minted, named to resemble a popular asset, and then airdropped to thousands of addresses.

Common tricks include:

• Lookalike names and symbols: scammers copy names like “USDT” or “SHIB”. Always verify the contract address (EVM chains) or mint address (Solana).
• Links in token names or NFT metadata: designed to pull people into phishing sites.
• Fake “value” bait: some scam tokens appear to have a price due to thin or manipulated liquidity or unreliable price sources. The point is temptation, not accuracy.

What is a dusting attack?

A dusting attack is when someone sends tiny amounts of crypto or tokens to many addresses. The goal is usually not to steal funds directly. Instead, it can be used to:

• track wallet activity
• link addresses together
• build a target list for more convincing scams

Can a fake token steal funds just by sitting in the wallet?

A token sitting in a wallet is usually harmless spam. The danger starts when an action is taken, such as signing an approval, swapping on an unknown site, or connecting a wallet to a suspicious page.

What do scammers want people to do?

Usually one of these:

Approve somethingMany apps require token approvals to swap or use tokens. A malicious approval can give a scam contract permission to move real assets later.

Click a linkSome tokens include a website in the token name or description. Those links often lead to phishing pages or wallet draining flows.

Chase a “claim”A fake token may suggest there is a reward to unlock. The “claim” step is often where the trap is.

Why does a fake token sometimes show a price or big value?

Because the display can be misleading. Scammers may create thin liquidity, manipulate pricing or rely on wallets pulling incomplete data. The goal is curiosity and urgency, not accurate pricing.

What should be done when a suspicious token appears?

The safest default is simple:

• Ignore it
• Enable the Hide small balances option in 1inch Wallet
• Do not interact with it: no swapping, no sending, no approvals, no links

Treat it like a spam email. It can be seen, but it should not be opened.

Is hiding the token safe?

Yes. Hiding is an interface action. It does not require signing anything and it does not touch funds.

What are quick red flags?

A token is likely spam if:

• It arrived without any known reason
• It includes a website, “claim”, “support” or “verification” in the name
• It promises free money, refunds, or urgent actions
• It pushes a wallet connection outside trusted apps

What if an approval was already signed by mistake?

• Review token approvals and connected dApps
• Revoke anything unfamiliar or unnecessary
• Move funds to a fresh wallet if there is a strong suspicion of compromise

Fake tokens appear because crypto is open by design. Anyone can airdrop tokens to any address, and wallets may display them automatically. The token itself is rarely the threat. The threat is the follow up action, usually a link, a claim or an approval.

Stay tuned for more guidance as we continue answering key questions about Web3!