What is a Rug Pull?

A rug pull is a cryptocurrency exit scam in which the developers of a token abandon the project and drain its liquidity pool, leaving holders with worthless assets.

The pattern tends to follow a compressed cycle: aggressive social promotion, a price pump, and a wave of retail buyers arriving just in time to be exit liquidity. Blockchain analytics firms now track rug pulls as a distinct fraud category alongside ransomware and darknet markets, which is a reasonable measure of how routine they have become on permissionless decentralized exchanges.

How a rug pull actually works

The mechanics are straightforward once you understand automated market makers. A team deploys a token contract and pairs it against ETH, SOL, or a stablecoin in a liquidity pool on Uniswap, Raydium, PancakeSwap, or a similar venue. Because the team controls the deployer wallet and usually holds a large share of supply, they can wait for retail buyers to push the price up and then withdraw the paired asset in a single transaction, crashing the token to near zero.

Variants differ in subtlety. A hard rug pull embeds malicious logic directly in the contract: hidden mint functions, owner-only transfers, or blacklists that stop holders from selling at all. Contracts built to let buyers in but never out are called honeypots.

A soft rug pull is slower and harder to prosecute. The team stops developing, dumps its allocation over weeks or months, and disappears, often blaming market conditions rather than admitting fraud.

Notable cases and the memecoin era

Rug pulls predate the memecoin boom but have become its defining risk. In November 2021 the Squid Game token, riding on the Netflix series, collapsed within minutes when developers drained around $3 million and disabled selling. AnubisDAO lost roughly $60 million in ETH that same year after liquidity vanished hours into launch. OneCoin was technically a centralized Ponzi rather than a DEX rug, but it set the template for a fraudulent token ecosystem and produced multi-billion-dollar losses and an ongoing prosecution of its leadership.

Since 2023 the Solana launchpad pump.fun has produced tens of thousands of short-lived memecoins, many of them textbook rugs. Research from Chainalysis and Solidus Labs identifies thousands of suspected rug pulls on-chain every year, and in some periods Solidus has reported that a majority of newly deployed ERC-20 and BEP-20 tokens show rug-pull or scam characteristics.

Red flags and on-chain detection

Most rug pulls leave fingerprints that attentive users and moderation systems can catch before the liquidity disappears:

• Anonymous team with no verifiable track record or doxxed founders
• Contract not audited, or audited only by unknown firms
• Large dev wallet allocation with no vesting schedule
• Liquidity marketed as locked but unlockable by the deployer, or locked only for trivial durations
• Disabled transfer functions, punitive sell taxes, or blacklists found through bytecode analysis
• Marketing velocity far ahead of any actual product development

On-chain detection has matured alongside the scams. GoPlus Security, TokenSniffer, and DEXTools publish automated risk scores that flag honeypot logic, owner privileges, and liquidity status in near real time. A growing number of wallets now surface these warnings before a swap is signed.

Regulation and platform responsibility

The legal status of rug pulls sits at the center of the jurisdictional fight between the SEC and the CFTC. The SEC has framed token launches as unregistered securities offerings, a posture visible in its 2023 enforcement actions against Coinbase and Binance, while the CFTC has claimed commodities authority over other tokens and DeFi protocols. Neither framework catches every rug pull on its own, and criminal fraud charges still depend on traditional wire-fraud statutes.

For social platforms the real battleground is upstream.

Rug pulls are almost always promoted on X, Telegram, TikTok, and Discord before the liquidity goes. Moderation tooling can flag coordinated token shilling, impersonation of known projects, and links to freshly deployed high-risk contracts, ideally in time to warn a user before they sign the swap.