What is a rug pull and how to spot one

Crypto moves fast, and scammers move faster. Among the many risks in the space, the rug pull stands out as one of the most damaging, and often one of the easiest to reduce with basic due diligence. Whether you're exploring decentralized finance (DeFi) for the first time or considering a new token launch, understanding what a rug pull is and how to recognize one could save you from a significant loss.

Key Takeaways:

• A rug pull is a crypto scam where developers attract investment into a project, then abandon it and disappear with user funds or leave investors holding tokens that have collapsed in value.

• Common types include liquidity removal, large insider token dumps and hidden malicious code embedded in smart contracts.

• Red flags include anonymous teams, unaudited contracts, unverifiable liquidity locks and unrealistic return promises.

What is a rug pull?

A rug pull is a type of exit scam in the crypto space. Developers launch a token or project, attract investment from the public, then suddenly withdraw liquidity or sell their holdings and disappear — pulling the rug out from under investors and leaving them with worthless assets.

The term describes exactly what it feels like: the moment everything looks promising, the floor is yanked away. Rug pulls are most common in DeFi, where anyone can create and list a token on a decentralized exchange (DEX) with little to no oversight. Low-cap token launches are particularly high-risk territory, since new projects with no track record can attract speculative capital quickly through social media hype.

Unlike a hack, where an external attacker exploits a vulnerability, a rug pull is an inside job. The people building the project are the threat.

How do rug pulls work?

Most rug pulls follow a recognizable pattern. Developers create a token, add liquidity to a DEX to make it tradeable, then generate excitement through social media campaigns, influencer promotions and promises of high returns. As retail investors buy in and the price rises, the team waits for the right moment — then executes.

There are three main ways this plays out:

1. Liquidity removal: The team adds funds to a liquidity pool on a DEX, then withdraws them all at once. Without liquidity, remaining holders cannot sell their tokens at any meaningful price. The token's value collapses instantly.

2. Insider dump: The development team holds a large allocation of the token from the start. Once the price reaches a target level, they sell their entire position in a short window. The sudden flood of sell orders crashes the price, leaving other holders with massive losses.

3. Code exploit: Malicious functions are embedded directly into the smart contract before launch. These can include the ability to disable selling for all wallets except the team's, mint unlimited new tokens to dilute supply, or transfer user funds to a designated address. Most buyers will not be able to identify these backdoors without technical expertise or a professional audit.

Notable rug pull examples

A few high-profile cases illustrate how quickly a rug pull can unfold.

Squid Game token (SQUID), 2021: Riding the popularity of the Netflix series, an anonymous team launched the SQUID token in October 2021. Within days, the token surged more than 75,000% before the developers allegedly drained the liquidity pool and disappeared. Investors reportedly lost approximately $3.4 million. The team was never publicly identified.

AnubisDAO, 2021: AnubisDAO raised approximately $60 million worth of wrapped Ether (WETH) in a single day through a token sale in October 2021. Within 20 hours of the sale closing, the funds were moved out of the project's wallet and distributed to multiple addresses. The alleged perpetrators were never confirmed and the funds were not recovered.

Both cases share common features: anonymous teams, extreme hype in a short time window, and no working product at the time of launch.

How to spot a potential rug pull

No single red flag guarantees a project is fraudulent, but multiple warning signs appearing together should prompt serious caution. Check for the following before investing in any new token:

• Anonymous or unverifiable team: If you cannot confirm who is behind the project through credible, independent sources, that is a significant risk factor. Pseudonymous teams with no verifiable professional history or prior crypto project track records offer little accountability.

• No smart contract audit: A reputable third-party audit reviews the code for hidden functions or vulnerabilities. If no audit exists, or if the audit was conducted by an unknown firm, treat the contract as unverified.

• Liquidity not locked or lock is unverifiable: Locked liquidity means the team cannot withdraw funds from the pool for a defined period. If liquidity is unlocked, or if the lock was created by the team themselves rather than a reputable third-party service, it can be removed at any time.

• Team holds a majority of the token supply: Check the token's distribution on a block explorer. If a small number of wallets control a large share of the total supply, a coordinated dump can wipe out the price.

• Unrealistic APY or return promises: Any project promising extraordinary, guaranteed yields without a clear, sustainable mechanism for generating those returns is a warning sign.

• Aggressive marketing with no working product: Heavy promotion across social media, paid influencer endorsements and viral hype, all with no functional product, no GitHub activity and no technical roadmap, suggests the marketing is the product.

• Newly created social accounts with inflated engagement: A Twitter/X account launched a week before the token, with thousands of followers but little genuine interaction, is a common pattern in rug pull campaigns.

• No clear use case: If you cannot explain in plain language what problem the token solves or why it needs to exist, that is not a good sign.

How to protect yourself

The most reliable defense against a rug pull is doing your own research (DYOR) before committing any funds. These steps reduce your exposure significantly:

• Check the contract on a block explorer. Tools like Etherscan or Solscan let you inspect the token contract address. Look at the transaction history, holder distribution and whether any suspicious functions are visible in the code.

• Verify audit reports independently. Do not rely on the project's own website to confirm an audit. Go directly to the auditing firm's website and look up the report. Reputable firms include CertiK, Hacken and Trail of Bits.

• Confirm liquidity lock details. Services like Unicrypt or Team.Finance provide third-party liquidity locking. Check that the lock was created by one of these services, not by the project team, and note when it expires.

• Analyze token distribution. Paste the token address into a block explorer and review the top holders. Review whether large wallets are clearly explained, vested or linked to team, treasury or liquidity allocations.

• Use token screening tools. Tools like Token Sniffer and DEXTools scan contracts for common rug pull patterns and flag known issues. They are not foolproof, but they add a useful layer of screening.

• Stick to platforms with listing standards. Established centralized exchanges like Bybit Spot generally apply listing criteria before a token is made available to users. This process reduces (though does not eliminate) exposure to unaudited or fraudulent tokens. You still need to conduct your own research on any asset you trade.

Risk disclaimer: Cryptocurrency trading involves significant risk. No exchange listing or screening tool guarantees the safety of an asset. Always invest only what you can afford to lose.

What to do if you've been rug-pulled

If you believe you have been the victim of a rug pull, take these steps as quickly as possible:

• Document everything. Screenshot all relevant transactions, project pages, social media accounts and communications while they are still accessible.

• Report to the relevant authorities. In the US, you can file a report with the FBI's Internet Crime Complaint Center (IC3) or the Commodity Futures Trading Commission (CFTC). Other jurisdictions have equivalent financial crime reporting bodies.

• Report to the exchange or platform. If the token was listed on a centralized exchange, notify their support team. If it operated on a DEX, report the contract address to community watchdog projects.

• Warn the community. Share details on credible forums and platforms to prevent others from losing funds. Factual, documented warnings are valuable.

Be realistic: recovery of funds from a rug pull is extremely unlikely in most cases. Blockchain transactions are irreversible, and anonymous teams are difficult to trace or prosecute. Prevention is the only reliable protection.

The bottom line

Rug pulls remain one of the most common and costly risks in DeFi. The good news is that most share recognizable warning signs, and a disciplined approach to due diligence can help you avoid the majority of them. Anonymous teams, unaudited code, unlocked liquidity and outsize promises are all reasons to pause before putting capital in.

No platform or tool offers complete protection. But trading on exchanges with established listing standards, verifying contracts independently and using screening tools gives you a meaningful edge. Research thoroughly before investing in any new project, and treat any project that makes that research difficult as a red flag in itself.

You can also explore tokens listed on Bybit Spot, where assets go through a listing review process before becoming available to users.

FAQ

Can you recover money from a rug pull?

In most cases, no. Blockchain transactions cannot be reversed, and the anonymous nature of many rug pull teams makes it very difficult to identify or pursue the perpetrators. In rare high-profile cases, law enforcement agencies have traced funds through blockchain analytics, but recovered assets are the exception rather than the rule.

Are all new tokens rug pulls?

No. Many legitimate projects launch new tokens every day. The risk is higher with anonymous teams, unaudited contracts and no verifiable track record, but not every new token is a scam. Thorough due diligence helps you distinguish between the two.

Is a rug pull illegal?

In many jurisdictions, a rug pull can constitute fraud, theft or securities fraud, depending on how the token was marketed and sold. However, the legal classification varies significantly by country and the specific circumstances of the project. Some cases have led to prosecutions, but enforcement is inconsistent and often complicated by anonymous teams operating across borders.

#LearnWithBybit