How to Spot a Rug Pull Before It Happens
Let's get something out of the way. If you've been in crypto for more than a year and haven't been rugged at least once, you're either lying or you've never bought anything outside the top 50. Rug pulls are everywhere. In 2025 alone, over $2.8 billion was lost to them across all chains. And that's just the ones we know about.
The good news? Most rug pulls follow the same playbook. Once you know what to look for, they become pretty easy to spot before you put any money in.
What Actually Is a Rug Pull?
A rug pull happens when the creators of a crypto project drain the liquidity pool or dump their token holdings, crashing the price to zero and leaving investors holding worthless tokens. The name comes from the idea of pulling the rug out from under someone.
There are two main types:
Hard rug pulls. The developers literally code a backdoor into the smart contract that lets them drain funds. These are outright theft and usually illegal even in crypto's gray regulatory area.
Soft rug pulls. The team dumps their tokens slowly over time while hyping the project. There's no malicious code involved. They just sell everything and disappear. This is way more common and harder to prove as fraud.
Both end the same way for you. Your investment goes to zero.
Red Flag #1: Anonymous Team With No Track Record
I'm not saying every anon team is a scam. Bitcoin's creator is anonymous. But there's a difference between pseudonymous founders with years of public contributions and a team of anime avatars that appeared three weeks ago.
Check LinkedIn profiles. Do they have history? Google the names. Do they show up anywhere before this project? If the team popped into existence at the same time as the token launch, that's a problem.
Real builders have GitHub histories, conference talks, previous projects. They leave traces. Scammers don't.
Red Flag #2: Locked Liquidity That Isn't Actually Locked
Every scam project's website says "liquidity locked." But locked where? For how long? By what mechanism?
Go check it yourself. Use tools like Team Finance, Unicrypt, or just read the smart contract on Etherscan. If the liquidity is locked for 30 days, that's basically nothing. A real project locks liquidity for at least a year, usually longer.
Also check the percentage. If only 20% of the liquidity is locked and the team controls the other 80%, the lock is meaningless. They can still drain most of the pool whenever they want.
Red Flag #3: The Smart Contract Has Sketchy Functions
You don't need to be a Solidity developer to do a basic contract check. Here's what to look for:
Mint functions. Can the owner mint unlimited new tokens? If yes, they can inflate the supply to zero out your holdings.
Blacklist functions. Some contracts let the owner prevent specific addresses from selling. This means they can lock you in while they sell.
Hidden fee modifications. The buy tax is 5% now, but can the owner change it to 99%? Check the contract for functions like setFee, updateTax, or similar.
Use Token Sniffer or RugDoc to get automated audits. They're not perfect but they catch the obvious stuff. If Token Sniffer gives it a score below 50, walk away.
Red Flag #4: Too Much Hype, Not Enough Product
Here's a pattern I've seen maybe 200 times now. A project launches with incredible marketing. Paid influencers everywhere. Twitter spaces every night. A beautiful website with a roadmap that promises everything from an exchange to a metaverse to world peace.
But there's no working product. No testnet. No GitHub commits. No beta. Nothing.
If the marketing budget seems bigger than the development budget, you're probably looking at the product. And the product is selling you tokens.
Red Flag #5: Wallet Distribution Is Terrible
Go to the token's holder page on the block explorer. If the top 10 wallets hold 80%+ of the supply, that's a massive red flag. It means a small group can crash the price at any time.
But here's the sneaky part. Smart scammers split their holdings across dozens of wallets to make the distribution look healthy. Check if multiple top wallets were funded from the same source. Arkham Intelligence is great for this kind of analysis.
Also watch for wallets that received tokens at the same block or within minutes of each other during launch. That usually means one entity using multiple wallets.
Red Flag #6: Unrealistic APY and Tokenomics
If a project promises 10,000% APY on staking, ask yourself where the yield comes from. There are exactly three places yield can come from: fees from real users, inflation (printing new tokens), or other people's deposits (Ponzi mechanics).
If the project has 500 users and promises 10,000% APY, that yield is coming from inflation. Your 10,000% returns are paid in a token that's losing 99% of its value. You end up with more tokens worth less than what you started with.
Sustainable DeFi yields in early 2026 are roughly 3% to 15% depending on the risk level. Anything dramatically above that needs a very clear explanation of where the money comes from.
Red Flag #7: Pressure to Buy NOW
"Presale ends in 2 hours!" "Only 100 whitelist spots left!" "Price doubles at launch!"
Legitimate projects don't need to create panic. If a project is actually good, it'll still be good tomorrow. This urgency is designed to stop you from doing research. That's the whole point.
Any time you feel rushed to invest, slow down. That feeling is exactly what scammers are engineering.
How to Protect Yourself: The 15 Minute Checklist
Before putting money into any new project, spend 15 minutes on this:
- Run the contract through Token Sniffer. Score below 50? Leave.
- Check liquidity lock on Team Finance or the actual contract. Less than a year? Leave.
- Look at holder distribution. Top 10 wallets holding 70%+? Leave.
- Google the team. No history before this project? Be very cautious.
- Check the GitHub. No code or just a forked repo with no changes? Leave.
- Look at the Telegram or Discord. Is it all hype and price talk? No technical discussion? Leave.
This won't catch every scam. But it'll catch 90% of them. And avoiding 90% of rug pulls will save you more money than any winning trade will ever make you.
The Uncomfortable Truth
Here's what nobody wants to hear. Most of the tokens people get excited about on Twitter are either outright scams or projects that will fail within months. That's not pessimism. That's the data. CoinGecko has listed over 15,000 tokens. The vast majority are dead or dying.
Your job isn't to find the next 100x. Your job is to not lose money on the 95% of projects that go to zero. If you can do that, the occasional winners take care of themselves.
Stop chasing. Start checking. Fifteen minutes of research is the difference between being the investor and being the exit liquidity.
Related Articles
An AI Wrote the Code That Just Drained $1.8 Million From a DeFi Protocol
A pricing glitch that lasted only minutes left DeFi lender Moonwell with $1.8 million in bad debt. The faulty code was co-authored by Claude Opus 4.6, an AI coding assistant. We've officially entered the era of AI-generated exploits.
What Is a Flash Loan Attack in Crypto?
Flash loan attacks have stolen hundreds of millions from DeFi protocols. Here's how they work, famous examples, and why they keep happening.
Solana Memecoins Crashed but the Ecosystem Is Stronger Than Ever
The memecoin mania on Solana burned billions. But underneath the wreckage, the chain's infrastructure, DeFi, and developer ecosystem are in the best shape they've ever been.