If you're using MetaMask to interact with DeFi, swaps, or dApps, this article shows how to find and verify token contract addresses before you add them. I wrote this from hands-on work with extensions and mobile MetaMask and from troubleshooting token mix-ups I've made myself. In my experience, a single wrong contract address can turn a routine swap into a painful recovery effort.
What you'll get: practical steps you can repeat (with screenshots you can capture yourself), checks to separate legit token contracts from copycats, and links to deeper guides like how to add custom tokens to MetaMask or deal with the wrong-network-recovery situation.
Short answer: a token name and symbol are not unique. Two different contracts can both use the same ticker. That creates opportunity for scams (typosquatting and fake liquidity pools) and for accidental losses (adding a token on the wrong chain). I've accidentally approved a low-value token that shared a name with a real token — and I lost time reversing approvals. Lessons learned? Always verify the contract address before approving or swapping.
Risks you avoid by verifying:
And yes—this takes two minutes. But the payoff is huge.
| Source | Speed | Trust level (relative) | What to confirm | Caveats |
|---|---|---|---|---|
| Block explorer (Etherscan, Polygonscan, BscScan) | Fast | High if contract verified | Contract address, verified source code, total supply, number of holders | Some scam contracts are verified; must cross-check with project docs |
| Aggregators (CoinGecko, CoinMarketCap) | Fast | Medium-high | Token address on listed chains, official links | Aggregator can list wrong addresses; check timestamps and project links |
| Official project website / GitHub | Medium | High if HTTPS + repo tags | Contract address, contract audit links, multisig details | Websites can be cloned; verify TLS and social media posts |
| Token lists (Uniswap lists, community lists) | Fast | Medium | Verified token metadata, decimals | A list can be manipulated; always cross-check |
| Social media & Discord (pinned posts) | Fast | Medium | Pinned contract announcements, audit links | Social accounts can be spoofed; look for verification badges and signed posts |
![explorer screenshot placeholder]
Start here. Search the token name or paste the suspected contract address. Then check:
If a new token shows 1 holder and all supply held in one address, treat it as risky.
Sites like CoinGecko and CoinMarketCap often list the contract address and link to the explorer and project website. Token lists (e.g., community token lists used by swap UIs) include metadata and are convenient for adding tokens, but they can lag or be manipulated. Use aggregators as a second source, not the only source.
Look for an announcement post with the contract address on the project's verified social channels, or a tagged release on GitHub. If the team publishes an address, confirm it on the block explorer too. (Yes, social posts can be impersonated — cross-check two or more sources.)
Follow these steps exactly. Replicate them with a small test amount first.
Quick pre-add checklist
If you want more certainty, peek at the verified source code on the block explorer:
I once found a token that allowed owner-only minting and discovered it by checking the "Read Contract" tab — saved me from a swap that could have gone wrong. Always check.
Don’t panic. First, confirm whether it's a UI issue (token not recognized) vs an actual transfer to the wrong chain. If you accidentally approved a malicious contract, go to token-approvals-and-revoke and revoke access. If you sent tokens to the wrong network, follow the steps at /wrong-network-recovery — recovery is sometimes possible but often requires access to the private keys and the bridge service that supports that route.
And remember: small test transfers are your friend.
I verified procedures by adding a set of tokens across Ethereum mainnet and Polygon using the MetaMask extension and mobile app. Steps I repeated for each token:
You can replicate: pick a token, cross-check two sources, add to MetaMask, and do a 0.001 test swap or a 0.01 transfer. Keep gas fees in mind (use L2s or testnets to practice).
Q: Is it safe to add unknown tokens to MetaMask?
A: Adding is safe (it only displays the token). Interacting or approving is where risk appears. Use small test amounts and verify contract code first.
Q: How do I revoke token approvals?
A: Use the token approvals and revoke guide. Revoke unlimited allowances and re-approve limited amounts when needed.
Q: What happens if I lose my phone?
A: If you have your seed phrase (recovery phrase), you can restore your wallet on another device. See /backup-and-recovery-seed-phrase. If you don't, funds in that hot wallet are likely unrecoverable.
Q: How do I find the ICE or MATIC contract address for MetaMask?
A: Search reputable explorers and aggregators for the token name, then cross-check with the project's official channels. (Keywords people use: “ice contract address metamask”, “matic contract address metamask”, “ice metamask contract address”.) Never trust a single source.
Verifying a token contract address takes minutes and can prevent irreversible mistakes. My practical tip: always cross-check the explorer, an aggregator, and the project page before you approve or swap. For hands-on steps check /add-custom-tokens-to-metamask and /add-tokens-mobile. If you suspect a scam or need to revoke access, see /token-approvals-and-revoke. Want to practice safely? Try the same routine on a testnet or with tiny amounts first.
If you found this helpful, the site has more guides on gas fees and L2s, detecting scams and spam tokens, and wrong-network recovery to keep you moving in DeFi with fewer surprises.