What is a rug pull?

A rug pull is the canonical crypto scam. A team launches a token or protocol, attracts enough users to pool meaningful liquidity into it, and then exits with the funds — either by draining liquidity pools directly, minting vast quantities of new tokens and dumping them, or disabling withdrawals while walking off with the treasury. The mechanics vary; the outcome is always the same. Users are left holding a worthless token and the team vanishes, sometimes to repeat the process under a new name.

The classic liquidity pull

The simplest rug pull works like this. A team deploys a new ERC-20 token and creates a Uniswap pool by pairing it with ETH. They market the token on social media — Twitter, Telegram, Discord — with the usual mix of memes, airdrops, and influencer shoutouts. Users buy in, sending ETH into the pool in exchange for the new token. The pool fills up with real ETH.

At a moment of their choosing, the team uses their control of the liquidity position (or a backdoor in the token contract) to withdraw all the ETH from the pool, leaving users holding tokens they can no longer sell. The pool's price collapses to effectively zero in one block. The team wallet, now full of ETH, is mixed and off to an exchange.

Total time elapsed: sometimes months, sometimes days, sometimes hours.

Honeypots

A honeypot is a variant where the token contract is designed so that users can buy but cannot sell. The contract might have an is-whitelist function that only allows the team's address to transfer, or a hidden tax that makes sells fail, or a fee that consumes the entire transfer. The pool looks active — trades are happening — but only the deployer can actually extract value.

Honeypot scams are common among fresh token deployments on chains with low friction (BNB Chain, Base, sometimes Solana). They are easy to detect if users look — simulators like Token Sniffer, Honeypot.is, and GoPlus Security flag most of them automatically. Users who skip the check get drained.

Slow rugs

Some rug pulls play out over months. A "slow rug" typically involves a project that raises a treasury, pays an outsized salary to the team, drags out development, sells its own token gradually into retail demand, and eventually just stops shipping. There is no single moment of theft, but by the time the project dies, the team has extracted most of the funds while delivering little.

This pattern is harder to distinguish from a project that simply fails. The difference is usually in the token economics — was the team paying itself unreasonable amounts? — and in whether the team ever genuinely tried.

Large historical examples

Squid Game Token (2021) pumped to over 2,800 dollars before the team removed liquidity and vanished, a textbook rug. AnubisDAO (2021) raised 60 million dollars of ETH in a fair-launch-style sale; the funds disappeared hours later and were never recovered. Meerkat Finance on BNB Chain drained 31 million dollars in one transaction shortly after launch. OneCoin, while not strictly a rug pull in the DeFi sense, was one of the largest crypto scams in history — a centralized Ponzi that collapsed with billions in losses.

Larger-scale scams shade into outright fraud. The distinction between rug pull, Ponzi, and exit scam is largely one of technical mechanism; the economic effect on users is identical.

Red flags

Several patterns recur across rug pulls. Anonymous teams with no verifiable track record. Token contracts that are unverified on the block explorer, or verified but contain suspicious functions like mint, pause, or blacklist with no timelocks. Liquidity that is not locked or vested — the team can withdraw it at any time. Concentrated holdings — a handful of wallets hold most of the supply. Outlandish promised yields that are not backed by any observable revenue. Aggressive influencer marketing out of proportion to the underlying product.

None of these is conclusive. Honest projects sometimes have anonymous teams. Bad token contracts can be fixed. Aggressive marketing can be amateur rather than malicious. But a project checking several red flags simultaneously is worth stepping away from.

Tools like DeFiSafety, Token Sniffer, and De.Fi Scanner automate much of the checking. For any meaningful position, using them takes a minute and can save the whole position.

Code audits and timelocks

Reputable projects pay for independent code audits from firms like Trail of Bits, OpenZeppelin, Spearbit, Code4rena, and Cantina. Audits are not guarantees — plenty of audited projects have been exploited — but they are a minimum baseline. A project that has not been audited at all is running on the honesty of the team and the vigilance of the community.

Timelocks on admin functions are another baseline. If the team can upgrade the contract or pause it with immediate effect, users have no defense against a turn-coat team. A 48-hour or 7-day timelock lets users exit if the team proposes something unexpected. Many of the largest historical rug pulls would have been prevented by a functional timelock.

What happens afterward

Rug pulls in jurisdictions with clear legal exposure sometimes lead to arrests. The OneCoin founders were prosecuted. The Squid Game Token team was eventually identified by on-chain analysis. Many ruggers, especially anonymous ones operating across borders, are never caught.

Even when caught, recovery for users is rare. Funds are typically mixed, converted, and moved to jurisdictions where recovery is legally infeasible. The best defense against rug pulls is not pursuing them after the fact; it is not funding them in the first place.

Why it matters

A large share of the tokens launched each year on chains like BNB Chain, Base, and Solana are scams. This is not a secret or a controversial claim — on-chain analysis firms estimate the majority of new tokens have rug-pull features baked in. The survival skill is to default to skepticism, check contracts before buying, avoid untested projects for meaningful size, and treat promised yields far above the real market rate as suspicious until demonstrated otherwise. Most people who lose money to rug pulls lose it because they did not spend five minutes verifying the basics.