Data 2026-05-13

$KEKIUS factory: 9 brand-jacked tokens riding Elon's X handle

Nine $KEKIUS-branded contracts shipped on Ethereum across three months. Top score 90/100. Multiple confirmed honeypots with hidden_owner + conditional_transfer + trading_control. Full breakdown.

Between February 26 and May 13, nine smart contracts using the Kekius name landed on Ethereum mainnet. The highest-risk one scores 90/100 on the RektRadar scale and combines unrestricted_mint with buy_only_pattern - a textbook honeypot. The most recent one, deployed at 0x26e550AC11B26f78A04489d5F20f24E3559f7Dd9, surfaced today via a Twitter reply asking whether the contract was safe. It is not.

Screenshot of the RektRadar result page for the KEKIUS contract at 0x26e550AC11B26f78A04489d5F20f24E3559f7Dd9. Token name Kekius Maximus, symbol KEKIUS, deployed 13 mai 2026. Risk score 70 out of 100 displayed in orange RISK badge with the note Multiple risk indicators detected. The visible risk flags are Owner Controlled Trading, Hidden Owner, Conditional Transfer, Block Dependent Logic, Approve With Transfer, plus 6 more flags. Below the flags, a deployer network 3D graph is rendered showing the contract connected to its deployer wallet and several sibling green node siblings inside the same funder cluster.

This is the fourth large-scale brand-jack we have walked through publicly, after the MOODANG case study, the Unicat case study, and the $CLAUDE rug pull factory. Same mechanics, different ticker.

The scoreboard

AddressSymbolNameScoreContractDetected
0x6dc377…d452ETH6900AsteroidPepeNeiroKekiusFloki42090Token (factory)2026-04-17
0x3eb6f3…a93eKEKIUSKekius Maximus88MintBurnTeamToken (factory)2026-05-03
0x92eee1…718aETH6900AsteroidPepeNeiroKekiusFloki42085Token (factory)2026-04-17
0xae1eda…7f78KEKIUSKekius Maximus80Kekius_Maximus2026-05-02
0x26e550…7dd9KEKIUSKekius Maximus70KEKIUS2026-05-13
0x91bf06…3f12KEKIUSEmperor Kekius Maximus40(unverified)2026-03-16
0xf6138e…91bKEKIUSEmperor Kekius Maximus40(unverified)2026-03-16
0xac30fd…8f15KEKIUSEmperor Kekius Maximus39Token (factory)2026-02-26
0x82c76b…f044KEKIUSKekiusMaximus29Token (factory)2026-04-20

Score timeline

04070100risk score394040298590808870Feb 26Mar 16Mar 16Apr 20Apr 17Apr 17May 2May 3May 1380+ honeypot70 risky

The pattern is sawtooth. Each new attention spike on the Elon “Kekius Maximus” meme triggers a fresh batch of contracts. The dormant period in late March and early April matches a quiet period on the meme, then April 17 sees two contracts shipped on the same day, then May 2-3 produces the highest-scoring pair to date.

Anatomy of the latest one - KEKIUS at 0x26e550

The contract that surfaced today scores 70/100. The flag set is a textbook trap:

  • hidden_owner - the ownership address is not exposed by a standard owner() call. The deployer hid it behind a proxy slot or a renamed accessor.
  • conditional_transfer - the internal _transfer function routes through a block-number or gas-price check. Translates to “this token only transfers under conditions the deployer controls.”
  • trading_control - the contract exposes a function to enable/disable trading at will. After the rug, no exit.
  • block_dependent_logic - separate from conditional_transfer: the contract reads block.number or block.timestamp in its core flow. Usually used to deny bot snipers at launch and then to deny everyone forever.
  • approve_with_transfer - the approve() function silently triggers a transfer. Approving the router can drain your wallet.
  • reflection_token - implements _rTotal / _rOwned reflection accounting, often used to fake a tax distribution that actually accumulates to the deployer.
  • mass_deployer - the wallet that shipped this contract has deployed > 5 other contracts already.
  • mass_funder - the wallet that funded this deployer has funded > 10 other deployer wallets. Cluster signal.

Eight flags concurrent. The contract is verified on Etherscan, but reading the verified source confirms every signal above.

Why Kekius attracts scammers

Three reasons converge:

  1. Elon’s X persona. In late 2024, Elon Musk briefly renamed his X profile to “Kekius Maximus”, spawning a meme cycle that crypto Twitter ran with. Anybody Googling “kekius crypto” or “kekius token” today is statistically a buyer the deployer can intercept.
  2. No official Musk-affiliated token. Musk has zero on-chain footprint despite years of speculation about it. Scammers know there is no canonical contract to compete with - whoever ranks first on Google for “kekius token” wins the buyer flow.
  3. Latin-meme hybrid bonus. “Kekius Maximus” sounds plausibly official (the Latin suffix imitates how some real protocols name themselves) while staying in meme-coin territory. Buyers who would not buy a generic dog-coin will buy a “respected” Latin-styled meme without realizing both are the same trap.

This is the same pattern we documented in the AI brandjack post on $xAI and $SAM. The bait is the brand. The contract is just a delivery mechanism.

The variants - same name, different attack

The nine contracts use four distinct name shapes:

  • Kekius Maximus (the literal) - 4 contracts, all named with the space, scoring 70-88
  • KekiusMaximus (no space) - 1 contract, scored only 29 because it had no liquidity pair yet (would have lifted higher once trading went live)
  • Emperor Kekius Maximus - 3 contracts in February and March, the early wave, lower flags counts
  • AsteroidPepeNeiroKekiusFloki420 with symbol ETH6900 - 2 contracts using a word-soup ticker combining six trending meme tags (Pepe, Neiro, Floki, ETH, “6900” = a Squid Game reference) - score 85 and 90

Each shape targets a slightly different search query. The “Emperor Kekius Maximus” framing captures users who remember the title from the original meme; the word-soup ETH6900 captures any of six unrelated trending tags simultaneously.

That last shape is the more interesting evolution. It is not one factory shipping one brand. It is a factory shipping one contract under six brand aliases at once - whatever ranks for whichever ticker first.

What a victim actually sees

The high-score variants (0x6dc377, 0x3eb6f3, 0x92eee1, 0xae1eda) all share the same downstream UX:

  1. Buyer finds the contract via Twitter shill, Telegram group, or organic Google search for “kekius token”.
  2. Buyer spends ETH to buy via Uniswap.
  3. Transaction succeeds, wallet shows a KEKIUS balance.
  4. Buyer waits for “the next pump”, or tries to sell partial.
  5. Sell transaction reverts. Some wallets present this as “insufficient gas” - buyers retry, lose more in gas, still cannot exit.
  6. Deployer pulls the LP. Token is unrecoverable.

The crucial detail is step 3: the buy succeeds. That makes the scam feel legitimate for the first hour. Most victims only realize what happened when they try to take profit - by which point the deployer has already drained all routable liquidity.

Three rules that catch every Kekius variant

You do not need RektRadar to avoid these specific contracts. Three checks catch the entire batch:

  1. Elon does not have a token. Any ERC-20 named after him or his X handles, including Kekius, is by definition not affiliated with him or X. Same rule applies to Trump, Musk-branded AI, and any celebrity-handle splice.
  2. Always simulate the sell, not just the buy. Scanners that only check the buy works will pass these honeypots. RektRadar runs both buy and sell simulations on every analysis. The buy_failed / sell_failed flag pair is the only reliable honeypot indicator at scale.
  3. Check the deployer history. A wallet that just shipped its first contract three days ago, holds 100% of the LP, and has no other recent transactions is a one-shot trap. The new_wallet + creator_holds_all_lp combination is enough to walk away.

You can scan any KEKIUS variant on the $KEKIUS scam tokens catalog on Ethereum - the data is fresh and free.

Screenshot of the public /scam/KEKIUS catalog page on app.rektradar.io. The header reads 5 KEKIUS scam reports, with the subtitle Every contract using the KEKIUS ticker that RektRadar has flagged as scam. The page lists five contracts: Kekius Maximus at score 70 with an orange RISK badge, Kekius Maximus at score 80 with a red RISK badge, Kekius Maximus at score 88 red, Emperor Kekius Maximus at score 40 yellow, Emperor Kekius Maximus at score 39 yellow. The hub groups by symbol so the two ETH6900 contracts under the AsteroidPepeNeiroKekiusFloki420 name are not displayed here even though they also reuse the Kekius name.

Note that the hub above groups by symbol (KEKIUS), so the two AsteroidPepeNeiroKekiusFloki420 contracts (symbol ETH6900) and the KekiusMaximus (no space) variant deploy to different symbol buckets. The full set of nine appears in the scoreboard at the top of this post.

We will keep documenting these waves as they happen. The next ticker will trend, the next factory will spin up, and the same playbook will repeat - only the brand changes.

A footnote on this post: the 0x26e550 contract at the top of the article was caught at 70 only because we shipped a scoring-engine patch this morning that re-applies the flag-count floor when post-analysis alerts accumulate flags. Before the patch, the contract showed score 18 (SAFE) in the public UI despite carrying eight red flags. A user pinged us on Twitter, we investigated, found the floor was bypassed in the monitor path, fixed it, re-scored 46 327 affected tokens, and walked back to publish this post. The full engineering writeup will follow.