A rug pull is a crypto scam where the creators of a token, NFT, or DeFi protocol intentionally drain value from the project and abandon it — leaving investors holding assets that are now worth nothing or close to it. The name comes from the idiom "pulling the rug out from under someone."
Rug pulls happen on every chain. They happen with memecoins, with NFT mints, with yield farms, with presales. If you've spent any time in crypto, you've either been rugged or been one click away from it.
This post breaks down the five patterns that cover roughly 95% of rug pulls, explains the mechanics of each, and tells you what to look for before you send funds.
1. The liquidity pull
How it works: The team launches a token, pairs it with ETH (or BNB, SOL, etc.) on a DEX to create liquidity, then removes that liquidity once enough people have bought in. The token's price instantly collapses to zero because there's no longer a market to sell against.
The mechanics: When a token launches on Uniswap, the deployer typically provides liquidity by depositing both the token and a base asset (ETH) into a liquidity pool. In return they get LP tokens that represent their share. If the deployer controls those LP tokens and hasn't locked them, they can withdraw the ETH at any time.
How to spot it:
- Check where the LP tokens are. If they're in the deployer's wallet rather than a lock contract (Unicrypt, Team.finance, PinkLock are common ones), the deployer can rug any time.
- "LP locked for 1 month" is common. "LP locked for 2 years" is more credible. "LP locked forever" (sent to the zero address or burned) is the strongest version.
- Be extra cautious if the deployer is anonymous and LP unlocks soon.
2. The hard rug (owner drain)
How it works: The contract has a privileged function that lets the owner withdraw user funds directly. The owner waits until TVL is high, then calls the function.
The mechanics: DeFi protocols that hold user deposits (staking contracts, vaults, farms) rely on the contract logic to return funds fairly. A malicious contract includes a backdoor function — something like emergencyWithdraw(uint256) or rescueFunds() — that lets the owner sweep the contract balance into their wallet at will.
How to spot it:
- Read the contract. Search for functions gated by
onlyOwnerthat transfer tokens or ETH to an address. - Look for inheritance from standard vault patterns (ERC-4626, Yearn-style) — deviations from the standard are suspicious.
- Check whether the owner is a multisig or a timelock. A single EOA with withdrawal power is a single point of failure.
3. The soft rug (honeypot or taxable sell)
How it works: The contract lets you buy but blocks or heavily taxes any attempt to sell. No sudden drain, just a slow drain — you can never exit. For the full mechanics, see our honeypot guide.
The mechanics: Modified _transfer function that checks the destination address (for the liquidity pool) and either reverts, sends 99% of the amount to a tax wallet, or requires a whitelist the buyer isn't on.
How to spot it:
- Attempt a small test sell before buying a meaningful amount.
- Check the contract for non-standard
transferor_transferoverrides. - Look at the token's holder list on Etherscan — if you can't find a single organic holder who has sold, that's a signal.
4. The mint-and-dump
How it works: The contract allows the owner to mint unlimited tokens. The owner mints themselves a massive supply, sells it into the liquidity pool, and walks away with the ETH.
The mechanics: A mint function callable by the owner with no supply cap. The total supply you see on day 1 isn't the real total supply — it's whatever the owner decides to make it.
function mint(uint256 amount) external onlyOwner {
_mint(msg.sender, amount);
}
How to spot it:
- Search the contract for
_mintandmint. Any occurrence inside a function callable after deployment is suspicious. - Check if there's a supply cap — something like
require(totalSupply() + amount <= MAX_SUPPLY). - "Renounced ownership" (calling
renounceOwnership()soownerbecomes the zero address) eliminates this risk but needs to be verified on-chain.
5. The exit scam (off-chain)
How it works: The team does everything right on-chain — locked LP, renounced ownership, no rug vectors in the contract — but simply disappears. The website goes down, Telegram goes silent, social media goes dark. Sometimes the project was never real; sometimes it was real but the team decides the liquidity they can extract through price manipulation is worth more than building.
The mechanics: There's no smart contract mechanism here. This is social engineering: convincing people the project has long-term value when it doesn't.
How to spot it:
- Pseudonymous teams with no public track record are higher risk by default. Not automatically scam, but default-skeptical.
- Unrealistic APYs or returns. 1000% APY isn't sustainable yield — it's a short-term incentive funded by your principal.
- Concentrated holders. If the top 5 wallets own 80% of supply, the project's "community" doesn't really exist.
- Social media patterns. Freshly-created Twitter accounts with inflated followers, bot-reply threads, and copy-pasted influencer posts are signals of a coordinated pump.
The single best defense
Across all five patterns, the single most protective habit is: assume hostility, and require the contract to prove safety.
The default posture when you encounter a new token or protocol should not be "this looks interesting, let me buy." It should be "this is probably a rug, prove otherwise." That reframe alone filters out 90% of the scams in crypto.
Practical version of this checklist:
- Is the contract verified? If no, stop.
- Is ownership renounced OR is the owner a multisig/timelock? If no, stop.
- Is liquidity locked for a meaningful period? If no, stop.
- Does the code match a known-good template (OpenZeppelin) with minimal custom logic? If no, be cautious.
- Does the token allow organic sells (verifiable on-chain)? If no, stop.
Only after all five pass does it make sense to evaluate the upside. You can do the first four of these in under two minutes using an AI auditor plus the block explorer.
See exactly which of these risks applies to any contract — run a free Unrugify scan and get the verdict in 30 seconds.