What Is a Rug Pull in Crypto?
A rug pull is a crypto scam in which developers build apparent momentum around a project, attract investor funds, and then abruptly drain the liquidity pool or treasury and disappear, leaving token holders with worthless assets. It is one of the most common forms of fraud in decentralised finance and has cost investors billions of dollars since DeFi went mainstream. This article explains exactly how rug pulls are engineered, the different variants you will encounter, real-world examples that illustrate the pattern, and the red flags that can help you avoid becoming a victim.
How a Rug Pull Works
At its core, a rug pull exploits the permissionless nature of blockchain. Anyone can deploy a smart contract, create a token, seed a liquidity pool on a decentralised exchange (DEX), and begin marketing to retail investors with zero gatekeeping. That openness is powerful, but it also removes the barriers that traditionally slow down fraud.
The typical lifecycle looks like this:
- Token creation. Developers mint a new token, often on Ethereum, BNB Chain, or Solana, usually keeping a large percentage of the supply for themselves through a pre-mine or allocation hidden in contract code.
- Liquidity seeding. They deposit some capital into a DEX liquidity pool, pairing their token with ETH, BNB, or a stablecoin. This makes the token tradable immediately.
- Hype generation. Marketing ramps up across Twitter/X, Telegram, Discord, and TikTok. Influencers may be paid to promote the token. Fake partnership announcements, celebrity name-drops, and manufactured trading volume create an illusion of legitimacy.
- Price pump. As retail buyers pour in, the token price rises sharply. Early investors appear to be sitting on massive gains, encouraging more buying.
- The pull. Developers either remove liquidity from the pool instantly, dump their pre-mined allocation, or trigger a hidden contract function that mints unlimited tokens or blocks all sells. The price collapses to near zero within seconds or minutes.
- Disappearance. The website goes dark, Telegram groups are deleted, and anonymous developers vanish with the proceeds.
The Role of Smart Contract Code
Most rug pulls rely on deliberately malicious or poorly audited smart contracts. Common backdoors include:
- Mint functions with no access controls, allowing the deployer to create unlimited new tokens at any time.
- Blacklist or whitelist functions that block all wallets except the developer's from selling.
- Hidden ownership transfers that allow a new wallet to take control of the contract after launch.
- Proxy upgrade patterns that let developers swap in new logic after users have audited the original code.
Without a third-party audit, most retail investors have no practical way to inspect these risks themselves.
---
The Three Main Types of Rug Pull
Not every rug pull is the same. Security researchers generally classify them into three categories.
1. Liquidity Pulls
The developer removes all assets from the DEX liquidity pool in a single transaction. Because the pool is the only market for the token, every holder is instantly unable to sell at any price. This is the fastest and most dramatic variant. The entire event can play out in one block.
2. Dump Rug Pulls (Slow Rugs)
Here the developer gradually sells their pre-mined allocation over days or weeks. The price bleeds downward, but because the decline is gradual, many holders rationalise it as a normal correction. By the time the sell pressure is obvious, the developers have exited with the bulk of their profit. This variant is harder to identify in real time.
3. Disabled Sell Orders (Hard Rugs)
A contract function is coded to prevent any wallet except the deployer's from executing a sell transaction. Buyers can purchase freely, driving the price up, but they discover they cannot sell when they try. The developer eventually dumps the entire supply they hold and walks away. This is particularly insidious because standard token approval scans may not catch the restriction without a line-by-line code review.
---
Notable Real-World Examples
Studying documented cases reveals the patterns that repeat across every market cycle.
Squid Game Token (SQUID) — November 2021
Capitalising on the global popularity of the Netflix series, developers launched SQUID with a novel "play-to-earn" marketing angle. The token surged more than 45,000% in a matter of days, attracting mainstream media coverage. Sell functions were disabled from the start. On 1 November 2021, developers drained approximately $3.38 million from the liquidity pool in a single transaction and disappeared. The token dropped from over $2,800 to fractions of a cent in minutes.
Anubis DAO — October 2021
Anubis DAO raised approximately $60 million in ETH over a 20-hour fundraising window by mimicking the legitimate OlympusDAO model. Less than 24 hours after the raise ended, all funds were transferred out of the project wallet in a single transaction. No audited smart contract existed. The anonymous team vanished entirely.
Meerkat Finance — March 2021
Launched on BNB Chain, Meerkat Finance attracted $31 million in its first day. The next day, developers claimed the protocol had been "hacked." On-chain analysis by multiple researchers showed the movement of funds was consistent with a deliberate internal theft rather than an external exploit. The project was abandoned immediately after.
Luna Yield — August 2021
A yield aggregator on Solana that raised around $6.7 million before disappearing without warning. The project deleted all social media accounts and its website overnight. It is notable because it occurred on Solana, demonstrating that rug pulls are not confined to EVM-compatible chains.
---
Rug Pull vs. Exit Scam vs. Hack: Key Differences
These three terms are often conflated but describe meaningfully different events.
| Event Type | Who Is Responsible | Speed | Recourse Possible? |
|---|---|---|---|
| Rug Pull | Project insiders (developers, team) | Minutes to weeks | Rarely — funds usually untraceable |
| Exit Scam | Project insiders (often after months of operation) | Days to weeks | Rarely — similar to rug pull |
| Hack / Exploit | External attacker | Minutes | Sometimes — white-hat recovery, insurance |
| Slow Rug | Project insiders | Weeks to months | Very rarely |
The practical distinction matters because exchanges, on-chain investigators, and law enforcement treat insider fraud differently from external exploits. In a genuine hack, the project team may cooperate with recovery efforts. In a rug pull, the team is the perpetrator.
---
Red Flags to Check Before Investing
No checklist eliminates all risk, but the following signals have appeared repeatedly in documented rug pulls.
Contract and Code Risks
- No smart contract audit from a reputable firm (CertiK, Hacken, Trail of Bits, PeckShield).
- Audit exists but was completed by an unknown or paid-for entity with no track record.
- Liquidity pool tokens are not locked. Check lock status on Team.Finance, Unicrypt, or Mudra.
- Minting functions, blacklisting capabilities, or ownership controls are present and not renounced.
- Token contract was deployed very recently with no prior on-chain history.
Tokenomics Risks
- Developers or insiders hold more than 15-20% of total supply in identifiable wallets.
- Vesting schedules are absent or very short (under six months) for team allocations.
- Token was distributed primarily via a private pre-mine with no public record.
Project and Community Risks
- Anonymous team with no verifiable professional history or LinkedIn presence.
- Whitepaper is generic, vague, or plagiarised from another project.
- Roadmap milestones have no dates, specifics, or accountability mechanisms.
- Social media engagement is disproportionately high relative to organic community size (bot indicators include round follower numbers, accounts created within days of the project launch, and generic praise comments).
- Urgency marketing: "presale ends in 24 hours," "last chance," artificial countdown timers.
Liquidity and Trading Risks
- Very thin liquidity pool relative to market cap. A $500,000 pool backing a $50 million "market cap" is an immediate warning sign.
- Concentrated trading: on-chain data shows a handful of wallets driving the majority of volume.
- No CEX listing or any pathway to decentralised, permissionless liquidity removal protection.
---
How to Protect Yourself
Do On-Chain Due Diligence
Tools like Token Sniffer, GoPlus Security, and DEXTools contract analysis tabs will surface many common red flags automatically. Running any new token through these before investing takes under two minutes.
Verify Liquidity Locks
If developers have genuinely locked liquidity, you can verify the lock address, the amount locked, and the lock expiry on-chain. A locked pool does not make a project safe, but an unlocked pool in a brand-new project is an immediate disqualifier.
Assess the Team
Pseudonymous teams are not automatically scammers, but a verifiable team with professional history, prior projects, and on-chain reputation reduces insider-exit risk substantially. Check whether team wallets are publicly disclosed and whether they have interacted with other legitimate protocols.
Diversify Exposure
Position sizing is an underrated protection. Limiting any single speculative DeFi or presale position to a small percentage of total portfolio value means a complete loss on one project does not constitute a catastrophic outcome.
Monitor After Entry
Rug pulls are an ongoing risk even in projects that appear legitimate at launch. Tracking liquidity pool depth, developer wallet movements, and on-chain activity via Nansen, Arkham Intelligence, or Etherscan wallet alerts can give advance warning of a slow rug before the full exit occurs.
---
The Regulatory Picture
Rug pulls occupy a grey zone legally. In jurisdictions where tokens are classified as securities, a deliberate rug pull may constitute securities fraud, wire fraud, or theft. The U.S. Department of Justice has prosecuted several cases, including the developers behind the Frosties NFT project in 2022, who were arrested and charged with wire fraud and money laundering. South Korean authorities pursued developers involved in the Luna Yield and other Klaytn-based rug pulls.
However, enforcement remains patchy globally. The anonymous or pseudonymous nature of most development teams, combined with cross-chain fund movement through mixers like Tornado Cash, makes tracing and prosecuting perpetrators genuinely difficult. Investors should not rely on regulatory recourse as a backstop. Prevention is the only practical defence.
As the industry matures, some newer projects prioritise verifiable security architecture as a genuine differentiator. For example, BMIC.ai has positioned itself around post-quantum cryptography as a core technical commitment, a structural approach that contrasts with projects that launch with unaudited contracts and anonymous teams.
---
Summary
Rug pulls are a structural risk in permissionless blockchain ecosystems. They range from instant liquidity drains to slow, weeks-long token dumps, and they have claimed billions of dollars from retail investors across every market cycle. The warning signs are consistent and identifiable with publicly available tools. Verifying contract audits, checking liquidity locks, assessing team transparency, and monitoring on-chain activity before and after entry are not optional steps for speculative positions. They are the minimum standard of due diligence in a market where fraud is industrialised.
Frequently Asked Questions
What is a rug pull in simple terms?
A rug pull is a crypto scam where the creators of a project attract investor money and then steal it by draining the liquidity pool, dumping their token allocation, or activating a hidden contract function that blocks everyone else from selling. The developers then disappear with the proceeds.
Is a rug pull illegal?
In many jurisdictions, yes. Deliberately defrauding investors through a token project can constitute securities fraud, wire fraud, or theft depending on local law. Several developers have been arrested and prosecuted in the United States and South Korea. However, enforcement is difficult because most teams are anonymous and funds are often laundered through cross-chain bridges and mixers.
How can I tell if a crypto project is going to rug pull?
No method guarantees certainty, but key warning signs include: no smart contract audit, unlocked liquidity, anonymous teams with no verifiable history, developer wallets holding large token allocations, thin liquidity relative to market cap, and aggressive urgency-based marketing. Tools like Token Sniffer and GoPlus Security can automate much of the initial check.
What is the difference between a rug pull and a hack?
In a rug pull, the project's own developers steal the funds. In a hack, an external attacker exploits a vulnerability in the contract. The distinction matters because hacked projects often cooperate with on-chain investigators and exchanges to freeze or recover funds, whereas rug pull perpetrators are the criminals themselves and have no incentive to assist recovery.
Can a rug pull happen on a locked liquidity project?
A locked liquidity pool does reduce one specific attack vector, but it does not make a project immune. Developers can still dump a large pre-mined token allocation (a dump rug pull), use contract functions to block retail sells, or execute a governance attack after the lock expires. Locked liquidity is one positive signal among many, not a complete safety guarantee.
What should I do if I have been rug pulled?
First, document all transaction hashes and wallet addresses involved. Report the incident to your country's financial regulator and, in the US, to the FBI's Internet Crime Complaint Center (IC3). Share evidence with on-chain investigation communities on Twitter/X and platforms like ZachXBT, which have successfully traced and pressured developers in past cases. Recovery of funds is rare, but public documentation can assist law enforcement and warn other investors.