Warning signs include anonymous teams, unlocked liquidity, concentrated token holdings, and unsustainable yield promises.
Researching a project's tokenomics, team transparency, and smart contract audits can reduce your exposure to this type of scam.
A rug pull is a crypto exit scam in which a development team deliberately abandons a project and removes all its liquidity, leaving token holders with assets they can't sell. The term comes from the phrase "to pull the rug out from under someone," meaning to withdraw support suddenly and without warning.
Rug pulls are one of the most prevalent forms of fraud in crypto. According to CertiK, rug pulls and similar exit scams accounted for $85.4 million in losses in 2024 alone. Memecoin-specific rug pulls and scams caused over $500 million in losses during the same period, underscoring how widespread the problem has become.
The team then uses social media, influencer promotions, and community channels to build hype and drive up the token price. Once the price has risen and the project has access to its liquidity, the rug pullers typically choose between two options:
Sell off tokens: the team sells its large pre-allocated token holdings at a high price, crashing the value for everyone else.
Drain the liquidity pool: developers withdraw all liquidity from the DEX, making it impossible for other holders to sell.
In some cases, the team exploits backdoors coded into the smart contract to drain investor funds directly, without needing to sell tokens on the market. This is sometimes referred to as a "hard rug pull."
In a hard rug pull, malicious code is built directly into the smart contract. This can include mechanisms that prevent investors from selling, allow the developer to mint unlimited tokens, or let the team withdraw funds directly from the contract. The SQUID token (2021) is a well-known historical example: a built-in mechanism prevented buyers from selling at all, while the developers were able to exit freely.
Soft rug pulls involve no malicious code. Instead, the team simply sells off a large portion of their token allocation rapidly, which tanks the price and drives away investors. While technically legal in many cases, this behavior is widely considered deceptive and harmful.
Anonymous or unverifiable team: roughly 80% of documented rug pulls involve teams with no verifiable real-world identity. An anonymous team isn't automatically a scam, but it raises the stakes for due diligence.
Unlocked or short-term liquidity locks: legitimate projects typically lock liquidity for six months or more. If developers can remove liquidity immediately or within days of launch, the opportunity for a rug pull is always present.
Honeypot contracts: some tokens allow anyone to buy but restrict selling to the developer's wallet only. This is often undetectable from the front end and requires inspecting the smart contract code or using a token analysis tool.
Concentrated token holdings: if a small number of wallets control a large percentage of the circulating supply, those holders can dump their tokens at any time, effectively pulling the rug through market selling.
Unsustainable yield promises: extremely high annual percentage yields (APYs) with no clear source of yield are a warning sign. If the mechanics behind the returns aren't clearly explained and audited, the project may be structured to collapse.
Aggressive social media hype: rapid promotion across X, Telegram, and other platforms, especially from paid influencers or anonymous accounts, is often coordinated to bring in buyers before the exit.
A rug pull is intentional fraud committed by the project's own developers. A hack is an external attack on a protocol or wallet by a third party. In a rug pull, the team is the threat; in a hack, the team may also be a victim. The outcome can look similar (drained funds, collapsed token price), but the cause and accountability are different.
Traditional rug pulls, where a dev drains a DEX liquidity pool, are specific to DeFi. However, similar exit scam dynamics can occur with centralized projects that raise funds through token sales and then disappear. DEX-based rug pulls are more common because tokens can be created and listed with far less oversight than on a centralized exchange (CEX).
In most jurisdictions, deliberately deceiving investors and absconding with their funds constitutes fraud. However, enforcement is difficult because many rug pull teams are anonymous, operate across borders, and exploit legal gray areas in the classification of crypto tokens. Soft rug pulls, where the team simply sells tokens they legally owned, are even harder to prosecute.
Token analysis tools can help. Tools like TokenSniffer and RugCheck (for Solana) automatically scan smart contract code for common rug pull mechanics like restricted selling, excessive minting authority, or hidden withdrawal functions. Checking holder distribution on a blockchain explorer and verifying the liquidity lock status are also quick first steps before investing in any new token.
Rug pulls remain one of the most common and costly scams in the crypto space. While DeFi offers real utility and innovation, its permissionless nature also makes it easier for bad actors to set up convincing-looking projects that are designed from the start to fail.
The tools and knowledge to protect yourself are increasingly available. Token analysis platforms, on-chain data, and community-driven due diligence have all improved significantly. Treating anonymous teams, unaudited contracts, and unlocked liquidity as default risk factors, rather than minor concerns, is a practical starting point.
As the space matures, regulatory frameworks are also evolving to address these scams more systematically. In the meantime, the strongest protection remains an informed approach: verify before you invest, keep position sizes reasonable, and stay skeptical of hype that outpaces fundamentals.