How to Avoid Rug Pulls
8 red flags that signal a crypto rug pull, with step-by-step verification methods. Learn to protect yourself before investing in any crypto project.
The Stakes Are Real
Over $6 billion has been lost to rug pulls since 2020. Unlike exchange hacks where some funds may be recovered, rug pull victims almost never get their money back. Prevention is your only protection. Every red flag below has cost real people real money.
Anonymous or Unverifiable Team
The team uses pseudonyms with no verifiable history, no LinkedIn profiles, no GitHub contributions, and no previous project track record. AI-generated team photos are a major warning sign.
How to Check
- 1.Reverse image search team photos (Google Images, TinEye)
- 2.Check LinkedIn for real employment history
- 3.Look for GitHub commits and development activity
- 4.Search for past project involvement and reputation
Real Example
OneCoin ($4B scam) used a charismatic leader but had no legitimate blockchain developers.
Unaudited or Unverified Smart Contract
The contract source code is not verified on-chain (can't be read on Etherscan), has not been audited by a reputable firm, or was forked from another project with hidden modifications.
How to Check
- 1.Check if contract is verified on block explorer (Etherscan, Arbiscan)
- 2.Look for audit reports from Certik, OpenZeppelin, Trail of Bits, Halborn
- 3.Use our Risk Scanner to check contract safety flags
- 4.Compare against known safe contract templates
Locked Liquidity Missing
The DEX liquidity pool is not locked or is locked for a very short period. If liquidity isn't locked, the deployer can remove it at any time, instantly crashing the token to zero.
How to Check
- 1.Check liquidity lock on Team Finance, Unicrypt, or similar platforms
- 2.Verify the lock duration (should be 6+ months minimum)
- 3.Confirm the locked amount is a significant portion of total liquidity
- 4.Be wary of partial locks or very short lock periods
Honey Pot Contract (Can't Sell)
The contract allows buying but blocks selling — a 'honey pot.' You can buy the token, watch the price go up, but when you try to sell, the transaction reverts. The deployer is the only one who can sell.
How to Check
- 1.Test with a tiny buy first, then immediately try to sell
- 2.Use honeypot detection tools (honeypot.is, Token Sniffer)
- 3.Check if other addresses have successfully sold the token
- 4.Read the contract for suspicious transfer restrictions
Unrealistic Returns Promised
The project promises fixed daily returns, 'guaranteed' 100x, or unsustainably high APYs (1,000%+). Any project that guarantees returns is either lying or running a Ponzi structure that will collapse.
How to Check
- 1.If returns are 'guaranteed,' it's a scam — no exceptions
- 2.Check if APY is sustainable by examining where yield comes from
- 3.Compare yields to market rates (5–20% APY is realistic for DeFi)
- 4.Ask: who is paying these returns, and with what money?
Real Example
Bitconnect promised 1% daily returns ($3.5B scam). Anchor Protocol offered 20% on UST — both collapsed.
Concentrated Token Ownership
A small number of wallets hold the majority of tokens. If the top 10 wallets hold 80%+ of supply (excluding contracts), insiders can dump and crash the price at any time.
How to Check
- 1.Check top holders on the block explorer
- 2.Exclude known contract addresses (DEX routers, staking contracts)
- 3.If top 10 non-contract wallets hold >50%, proceed with extreme caution
- 4.Check if team tokens are locked with verifiable vesting schedules
Aggressive Marketing, No Product
The project spends heavily on influencer promotions, paid Twitter shills, and Telegram groups, but has no working product, no GitHub activity, and no technical roadmap beyond vague promises.
How to Check
- 1.Check GitHub for actual code commits and development activity
- 2.Look for a working testnet or mainnet product
- 3.Be skeptical of projects that only have a website and whitepaper
- 4.Search for paid promotion disclosures from influencers
Copycat Project or Name Squatting
The project copies the name, branding, or website design of a legitimate project with slight variations. Scammers exploit brand recognition to trick users into buying fake tokens.
How to Check
- 1.Verify the contract address matches the official project
- 2.Check official social media accounts for the real token address
- 3.Look for subtle differences in URLs (uni5wap.com vs uniswap.org)
- 4.Use CoinGecko or CoinMarketCap to verify legitimate token contracts
Quick Pre-Investment Checklist
What to Do If You Suspect a Rug Pull
Stop buying immediately
Don't average down on a suspected scam
Try to sell what you can
Get out what you can while liquidity exists
Revoke token approvals
Prevent the contract from accessing more funds
Document everything
Screenshots, transaction hashes, wallet addresses
This content is for educational purposes only and does not constitute financial, tax, or legal advice. Always consult a qualified professional for advice specific to your situation.
Frequently Asked Questions
What is a rug pull in crypto?
A rug pull is when crypto project developers abandon the project and run away with investors' funds. This typically happens by removing liquidity from a DEX pool, exploiting a backdoor in the smart contract, or simply disappearing after raising funds. The term comes from 'pulling the rug out from under' investors.
How much money has been lost to rug pulls?
According to blockchain analytics, over $6 billion has been lost to rug pulls and DeFi exploits since 2020. The largest single rug pull was Thodex ($2B+). Most rug pulls are smaller ($100K–$10M range) but happen frequently — several occur every week across various chains.
Can I get my money back after a rug pull?
Usually no. Blockchain transactions are irreversible, and rug pull operators typically use mixers and bridges to obscure their trail. In rare cases, law enforcement has recovered funds (Thodex). Your best protection is prevention — thoroughly verify projects before investing.