We thought we caught every scam token. A dev.to post showed us a blind spot.

We run a real-time scam-token detector for Ethereum. It analyzes new ERC-20s, simulates buys and sells to catch honeypots, clusters deployers and funders, and scores everything live. After four months and ~93,000 analyzed contracts, we were fairly sure our funnel saw everything that mattered.

Then @sanjeevkkansal published evm-deploy-watch, an MIT-licensed week-long study of every new contract on Ethereum. It is a genuinely good piece of work, and it did two things for us. First, it independently validated our core thesis. Second, it pointed a flashlight straight at a blind spot we did not know we had.

This is the gap, measured, and how we closed it.

The thesis we already shared

The deploy-watch author's central finding is that deploy-time heuristics beat lagging public blacklists. Reading source code, deployer history, and bytecode the moment a contract is created catches scams days before they show up on a blocklist. The study reported essentially zero overlap with ScamSniffer's feed - the contracts it flagged were not (yet) on anyone's list.