Crypto Gloss

Rug Pull

A rug pull is a type of cryptocurrency scam where project developers abandon a project after extracting investor funds — typically by draining liquidity pools, minting unlimited tokens, or simply disappearing with raised capital. The term comes from the idiom “pulling the rug out from under someone,” and rug pulls have cost investors billions of dollars across the crypto ecosystem.

How It Works

A typical rug pull follows a predictable pattern:

  1. Launch — Developers create a token, build a website, and generate social media hype
  2. Attract investment — Aggressive marketing, influencer promotions, and promises of revolutionary technology drive buying
  3. Build liquidity — Early investors provide liquidity, and the price pumps as more buyers enter
  4. Execute the rug — Developers drain liquidity, dump their token holdings, or exploit a backdoor in the smart contract
  5. Disappear — The team goes silent, deletes social accounts, and the token crashes to zero

Types of Rug Pulls

Type Method Speed Recovery
Hard rug Drain liquidity pool via Smart contract backdoor or admin key Instant None — funds are gone
Soft rug Team slowly dumps tokens while project activity fades Gradual (weeks/months) Partial — some can exit if they notice early
NFT rug Collect mint revenue, never deliver roadmap promises Medium Almost none — minting fees are non-refundable

Hard rugs use malicious contract code. Common methods include: hidden mint functions (create unlimited tokens), liquidity withdrawal functions only the owner can call, transfer restrictions (buyers can purchase but never sell), and honeypot contracts.

Soft rugs are harder to identify because they look like legitimate projects slowly failing. The team gradually cashes out, stops developing, and eventually ghosts the community.

Red Flags

  • Anonymous team with no verifiable background
  • Unaudited smart contracts or audits from unknown firms
  • Locked liquidity claims that can’t be verified on-chain
  • Unrealistic APY promises (10,000%+)
  • Aggressive marketing budget that outpaces development
  • No GitHub activity or open-source code
  • Whale concentration — a few wallets hold the majority of supply
  • Disabled selling in the contract (honeypot)
  • Copy-pasted code with suspicious modifications

How to Protect Yourself

  • Verify contract code on Etherscan or block explorers
  • Check if liquidity is locked (and for how long) using tools like Team.Finance or Unicrypt
  • Review the contract for owner privileges — can the deployer mint, pause, or blacklist?
  • Avoid tokens with no real utility or development history
  • Use tools like Token Sniffer, RugDoc, or GoPlus to scan for malicious patterns
  • Never invest more than you can afford to lose in unverified projects

History

  • 2017 — ICO scams proliferate during the bull market. Confido raises $375,000 and disappears overnight, one of the first widely reported “rugs” before the term existed.
  • 2019 — OneCoin’s Ruja Ignatova disappears with an estimated $4 billion. While technically a Ponzi scheme, it shares rug pull characteristics and remains one of the largest crypto frauds ever.
  • 2020 — DeFi Summer brings an explosion of rug pulls on Uniswap and PancakeSwap. SushiSwap’s Chef Nomi drains $14 million from the treasury (later returned after community backlash). Compounder Finance rugs $10.8 million.
  • 2021 — The Squid Game token surges 45,000% before developers drain $3.4 million in liquidity — investors literally could not sell due to a honeypot contract. Thodex, a Turkish exchange, rugs for $2 billion.
  • 2021 — AnubisDAO raises $60 million in an NFT-styled token sale and drains liquidity hours later. Meerkat Finance on BSC rugs $31 million on the day of launch.
  • 2022 — NFT rug pulls peak: Frosties NFT founders arrested by the DOJ (first NFT rug pull prosecution), Pixelmon raises $70 million and delivers comically bad artwork. Bear market reduces rug frequency but doesn’t eliminate it.
  • 2023 — The SEC charges multiple DeFi projects for fraud. Blockchain analytics firms estimate over $2 billion lost to rug pulls in 2021-2023 combined.
  • 2024 — Memecoin rug pulls surge on Solana, with pump-and-dump tokens launching and rugging within hours on platforms like Pump.fun.
  • 2025 — On-chain rug detection tools improve, but the scam model adapts with increasingly sophisticated social engineering and contract obfuscation.

Common Misconceptions

  • “Only small, obscure tokens rug.”

Projects with millions in TVL and active communities have rugged. AnubisDAO had $60 million. Thodex was a major exchange. Size does not guarantee legitimacy.

  • “Audited contracts are safe from rug pulls.”

An audit reduces risk but doesn’t eliminate it. Auditors may miss backdoors, and some projects use audits from disreputable firms as false credibility signals. Compounder Finance was audited before rugging.

  • “Locked liquidity means the project is safe.”

Liquidity lock duration matters — a 2-week lock provides little protection. Also, backdoor mint functions can create new tokens that are dumped against locked liquidity, achieving the same outcome.

Criticisms

  1. Platform accountability — DEXs and launchpads like Pump.fun facilitate thousands of rug pulls with minimal gatekeeping, profiting from fees regardless of whether projects are legitimate.
  2. Enforcement gaps — Most rug pulls go unprosecuted because perpetrators are anonymous, cross-jurisdictional, and steal amounts below law enforcement priority thresholds.
  3. Influencer complicity — Paid promoters hype rug-pull tokens without disclosure, facing minimal consequences while their followers take the losses.
  4. Victim blaming — The crypto community often dismisses rug pull victims with “DYOR” (do your own research), ignoring that scams are deliberately designed to deceive.
  5. Regulatory vacuum — The lack of mandatory audits, disclosures, or licensing for token launches makes crypto a uniquely fertile environment for fraud.

Social Media Sentiment

Rug pulls are one of the most-discussed security topics across crypto social media. On r/CryptoCurrency, every major rug pull triggers threads analyzing red flags that were missed. On r/CryptoScams, victims share experiences and warn about active scams. Crypto Twitter tracks rugs in real-time, with accounts like @ZachXBT building large followings by investigating and exposing fraudulent projects. The memecoin community on r/memecoin and Solana-focused subs openly discusses “rug risk” as a known cost of degen trading.

Last updated: 2026-04

Related Terms

Sources

  • Cernera, F., La Morgia, M., Mei, A., & Sassi, F. (2023). Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB). Proceedings of the 32nd USENIX Security Symposium.
  • Mazorra, B., Adan, V., & Daza, V. (2022). Do Not Rug on Me: Leveraging Machine Learning Techniques for Rugpull Detection. Mathematics, 10(6), 949.
  • Bartoletti, M., Carta, S., Cimoli, T., & Saia, R. (2021). Dissecting Ponzi Schemes on Ethereum: Identification, Analysis, and Impact. Future Generation Computer Systems, 102, 259–277.