What is a Rug Pull in the Crypto World?

By / September 10, 2025

What is a Rug Pull in the Crypto World?

TL;DR

A rug pull is a crypto scam where project insiders abruptly remove funds or abandon the project after attracting investors—typically by draining liquidity or abusing special contract privileges—so holders are left with near-worthless tokens. It’s a subset of “exit scams” seen across DeFi, memecoins, and NFTs. Common variants include liquidity pulls, honeypots (you can buy but can’t sell), and soft rugs (slow insider dumps). Stay safe by verifying contract code/permissions, mint/ownership status, liquidity lock terms, team transparency, audits, and treasury custody—and by using tools to manage token approvals. (Coinbase, CoinGecko, quillaudits.com)

What Exactly Is a Rug Pull?

In crypto, a rug pull occurs when developers or insiders withdraw project funds or disappear after raising money, leaving investors stranded. It’s called “pulling the rug out” from under investors—one moment there’s a promising token with liquidity and hype, the next there’s nothing. Authoritative explainers from major platforms and security firms define rug pulls in these terms. (Coinbase, Solidus Labs, kaspersky.com)

Rug pulls rose to prominence during DeFi and NFT booms and continue to surface in new cycles. Chainalysis’ annual crime reports track their impact within broader crypto crime trends, showing that while the exact composition of scams changes year to year, exit scams remain a persistent risk area. (Chainalysis)

What is a Rug Pull in the Crypto World?

The Main Types of Rug Pulls

1) Liquidity Rug Pull (a “hard rug”)

Scammers seed a liquidity pool (e.g., on a DEX like Uniswap), pump the token with marketing and influencer hype, then pull the liquidity—withdrawing paired assets (often ETH/USDC), sending the price to near-zero and leaving buyers unable to exit. This is the most recognized pattern. (Koinly, CoinGecko)

2) Honeypot / Sell-Blocker

The token’s smart contract is coded so buyers can purchase but cannot sell, or only insiders can sell. Everything looks normal until investors try to exit and discover restrictions embedded in the code. (DEV Community)

3) Soft Rug (slow insider dump)

Founders don’t yank liquidity all at once. Instead they slowly sell large insider allocations or treasury tokens, crashing price over time while abandoning development and communications. (streamflow.finance)

4) NFT Rug Pull

Creators mint an NFT collection, promise roadmaps/benefits, take mint proceeds, and vanish—often shutting down social channels and abandoning promised utilities. The Frosties case (2022) was the U.S. DOJ’s first notable “NFT rug pull” bust. (Department of Justice, nft now)

How Rug Pulls Work (Step by Step)

  1. Token or Project Launch:
    Scammers deploy a new ERC-20 (or chain-specific equivalent) or NFT contract, sometimes modifying access control to keep owner/mint privileges. If those rights aren’t renounced or restricted, they can later mint more tokens, freeze transfers, alter fees, or drain treasuries. (OpenZeppelin Docs)
  2. Hype & Liquidity:
    They pair the token with a reputable asset in a DEX pool and launch marketing blitzes—social posts, influencers, Discord/Twitter hype, copy-pasted audits or fake KYC. Liquidity may be unlocked or “locked” only briefly or in a contract the team controls. (CoinGecko)
  3. Investor Inflows:
    Retail buyers pile in. If the contract is malicious, it might include backdoors (e.g., only owner can sell, unlimited mint after “renounce,” fee switches), or the team simply retains control of the LP tokens. (DEV Community, Medium)
  4. The Pull:
  • Liquidity pull: insiders remove the ETH/USDC from the pool.
  • Honeypot: investors discover they can’t sell.
  • Soft rug: team dumps supply over days/weeks.
    In all cases, insiders disappear and communication stops. (Koinly)
  1. Aftermath:
    Websites and socials vanish. Price collapses. Funds route through mixers and services to obscure trails. (For example, funds tied to the AnubisDAO 2021 rug pull moved through Tornado Cash.) (The Block)

Real-World Examples

  • AnubisDAO (2021) – A high-profile DeFi launch that raised over $58–60M in wETH, which vanished roughly 20 hours later as funds moved to new addresses and through mixers. (Chainalysis, The Block)
  • “Squid Game” Token (2021) – Token rocketed on pop-culture hype; investors later found they couldn’t sell. Developers drained millions and disappeared; reporting puts proceeds in the $3M range and/or several thousand ETH. (WIRED, Wikipedia, TRM Labs)
  • Frosties NFT (2022) – U.S. DOJ charged two founders over a $1M rug pull, the first notable federal enforcement action targeting an NFT rug. (Department of Justice)

These cases underscore the variety of tactics—liquidity drains, sell-blocking contracts, and NFT exit scams—and show that law enforcement can pursue charges when fraud and money laundering are involved. (Department of Justice)

Rug Pulls in the Broader Crypto-Crime Landscape

Crypto crime fluctuates by year and category, but exit scams remain a persistent part of the picture. Chainalysis’ 2025 reports detail shifting patterns among hacks, scams, and service thefts, underscoring that vigilance is necessary in bull and bear markets alike. (Chainalysis)

Mainstream finance outlets and educational sites also list rug pulls among the core scam types retail users should recognize and avoid. (Investopedia)

Red Flags: How to Spot a Potential Rug Pull

Use this checklist before you click “buy”:

  1. Contract Ownership & Privileges
    • Is ownership renounced (for EVM chains) or is mint authority disabled (e.g., on Solana)? If not, insiders may have admin powers to mint, block sells, or change fees. (Solana Stack Exchange)
    • Beware claims of renouncement that aren’t verifiable on a block explorer or verified source. (Reddit)
  2. Liquidity & Locks
    • Is liquidity locked with a verifiable timelock and independent custody? Short lock periods or self-custodied locks are red flags. Sudden unlocks often precede drains. (CoinGecko)
  3. Honeypot Patterns
    • Past victims often find they can’t sell due to restrictive code (e.g., blacklists, maxTx limits favoring insiders). (DEV Community)
  4. Unlimited Mint / Hidden Backdoors
    • Look for code paths that enable new supply mints, fee switches, or transfer blacklists—even after “renouncing” (some schemes can regain control later). (Medium)
  5. Opaque Team & Vague Docs
    • Anonymous teams aren’t inherently malicious, but no track record, vague roadmaps, and copy-pasted docs are classic scam signals. Educators warn that hyped promises with little substance often precede rugs. (Coinbase)
  6. Fake/Weak Audits
    • An “audit” image isn’t proof. Confirm on the auditor’s official site and read the findings (were critical issues fixed?). (quillaudits.com)
  7. Aggressive Hype + No Product
    • Constant calls to “ape now,” manufactured FOMO, and paid shills—without code, demos, or objective milestones—often signal a setup. (flowspecialty.com)
  8. Dangerous Token Approvals & dApp Permissions
    • Unlimited spending approvals expose you to approval-based theft if the dApp is malicious or later compromised. Manage approvals proactively. (revoke.cash)

Due Diligence: A Practical, Doable Workflow

Even if you’re not a developer, you can perform basic checks:

  1. Explorer Basics (Etherscan/BscScan/etc.)
    • Confirm contract verification and match the source code to the deployed bytecode.
    • Check owner address, top holders, and recent transactions for insider clusters.
    • Verify any ownership renounce or transfer transaction (look for calls to renounceOwnership/ownership sent to a burn address on EVM; on Solana, verify mint authority is disabled). (BlackHatWorld, Solana Stack Exchange)
  2. Read the Contract (Lightly)
    • Scan for blacklist, maxTx, setFee, mint functions, or privileged roles under AccessControl. If these exist, what wallet controls them? (OpenZeppelin Docs)
  3. Liquidity Checks
    • Identify where liquidity is stored, lock duration, and who can unlock. If LP tokens sit in a dev wallet or an easily-cancelled lock, beware. (CoinGecko)
  4. Audit & KYC Verification
    • Cross-check audits on the auditor’s official domain, not screenshots. Ensure critical issues were resolved, not merely acknowledged. (quillaudits.com)
  5. Approval Hygiene
    • Before testing a new dApp, use separate wallets and low amounts. Regularly revoke approvals you no longer need using reputable tools (Revoke.cash; alternatives like De.Fi Shield). (revoke.cash, De.Fi)
  6. Social & Reputation Signals
    • Verify founders’ identities, prior repos, and shipped products. Beware paid followers and botted engagement.

Are Rug Pulls Illegal?

Often, yes—if they involve fraud (false statements, material omissions), wire fraud, market manipulation, or money laundering. U.S. prosecutors have charged NFT rug-pull founders (e.g., Frosties), suggesting that when deceptive intent and financial harm are present, standard fraud statutes apply—even if the assets are digital. Outcomes depend on jurisdiction and facts, but the direction of enforcement is clear. (Department of Justice)

If You Suspect a Rug Pull: What to Do

  1. Stop Interacting
    • Don’t approve more transactions. Disconnect dApps and revoke token approvals to limit further damage. (revoke.cash)
  2. Document Everything
    • Save TX hashes, screenshots, the contract address, and social posts. This helps exchanges, analytics firms, and law enforcement.
  3. Trace & Report
    • Use block explorers and analytics to follow funds. Report to your local cybercrime unit; if U.S.-connected, the FBI’s IC3 portal may be relevant. (Enforcement actions like Frosties show that authorities will pursue egregious cases.) (Department of Justice)
  4. Warn Others
    • Post verified details (addresses, TX hashes) to protect other users while avoiding doxxing or unsubstantiated claims.

Frequently Asked Questions

How is a rug pull different from a “pump-and-dump”?

A pump-and-dump manipulates price via coordinated hype and dumps without necessarily seizing pooled funds. A rug pull typically involves withdrawing liquidity or exploiting special privileges to prevent selling or drain value. (Coinbase)

Can a project be anonymous and still legitimate?

Yes, but the burden of proof is higher. Look for verifiable audits, locked liquidity, renounced/admin-minimized contracts, open-source code, and consistent delivery. (quillaudits.com)

If a team “renounced ownership,” am I safe?

Not automatically. Some contracts can regain owner-like control or hide alternative admin roles. Always check for mint/fee/blacklist functions and the role holders. (Medium)

Are NFTs immune to rug pulls?

No. NFT projects can rug by abandoning roadmaps after collecting mint funds; the Frosties case is a clear example of enforcement for NFT rugs. (Department of Justice)

Case Study Snapshots (For Context & Learning)

  • AnubisDAO (2021): ~$58–60M vanished after a rapid raise; later movements through Tornado Cash emphasized how quickly funds can be obfuscated. (Chainalysis, The Block)
  • SQUID Token (2021): Token surged; selling was effectively blocked; developers exited with millions; coverage by major tech and investigative outlets detailed the timeline and mechanics. (WIRED, Wikipedia)
  • Macro Trend (2024–2025): Chainalysis notes ongoing, shifting crypto-crime patterns; 2025 mid-year figures show significant service thefts, reflecting a dynamic threat landscape beyond classic rugs. (Chainalysis)

A Simple Personal Safety Checklist (Printable)

  • Verify contract on explorer; read for mint/fee/blacklist functions. (OpenZeppelin Docs)
  • Confirm ownership renounced (EVM) or mint authority disabled (Solana). (Solana Stack Exchange)
  • Check liquidity lock duration and custody; avoid self-custodied or short locks. (CoinGecko)
  • Validate audit on the auditor’s official site; read key findings. (quillaudits.com)
  • Manage token approvals (revoke when not needed). (revoke.cash)
  • Treat aggressive hype with caution; prefer builders with shipped code. (flowspecialty.com)

Final Word

Rug pulls exploit asymmetry: insiders hold admin keys, liquidity, and narrative control; retail holds belief. By verifying who controls what (ownership, mint, fees, LP tokens), reading basic code signals, and managing approvals, you dramatically reduce your risk. Combine technical checks with social due diligence and you’ll sidestep the majority of schemes posing as the next big thing. (OpenZeppelin Docs, revoke.cash)

Sources & Further Reading

Related Posts

Scroll to Top