Key takeaways
- A rug pull is a specific kind of scam where a token's own creators pull the money out and leave holders with something they cannot sell.
- There are four main flavors: liquidity pulls, hard rugs coded into the contract, slow soft rugs where the team quietly abandons the project, and honeypots where buying works but selling is blocked.
- Most rug pulls share the same fingerprints up front: an anonymous team, unlocked liquidity, an unaudited contract, a giant developer wallet, and marketing that is all hype and no product.
- You can check locked liquidity, token distribution, and honeypot risk yourself in a few minutes using free block explorers and token scanner tools, before you spend a dollar.
- An audit is useful only if you actually read who did it and what they flagged, because a logo on a website is not a passing grade.
- If you get rugged, the money is almost always gone, but reporting to the FTC and the FBI still matters, and a total loss may be deductible on your taxes as a capital loss.
Imagine buying a ticket to a concert. You pay, you walk in, the lights are up, the crowd is buzzing. Then in a single instant the stage, the band, the sound system, and the building itself vanish, and you are standing in an empty lot holding a ticket for a show that never existed. That is a rug pull. It is one of the most common and most brutal scams in crypto, and unlike a bad investment, it is not bad luck. It is a plan. Someone builds a token specifically so they can take everyone's money and disappear. This guide walks through exactly how each type works, the warning signs you can check before you spend a cent, how to verify the things a project claims about itself, and what to do if you have already been caught. The good news is that most rug pulls are surprisingly easy to spot once you know the fingerprints they leave behind.
What a rug pull actually is
The name comes from the phrase pulling the rug out from under someone. In crypto, a rug pull is when the creators of a token deliberately drain its value and abandon it, leaving buyers with an asset they cannot sell or that is suddenly worth nothing. It is different from a coin that simply falls in price. When Bitcoin drops thirty percent, that is the market. When a three-day-old token goes from a rising chart to zero in ninety seconds because the developers removed all the money behind it, that is a rug pull.
The reason this scam thrives in crypto is mechanical. Anyone can create a token in minutes, for a few dollars, with no permission and no name attached. They can list it on a decentralized exchange where no gatekeeper reviews anything. They can market it to millions of strangers. And when they take the money and run, the transactions are final and often untraceable to a real person. Every step that would stop this in traditional finance is missing by design. That is not a flaw the industry forgot to fix. It is the openness that makes crypto crypto, and scammers live in the gap between openness and safety.
Before we go deeper, one honest framing. The point of this guide is not to make you afraid of all crypto. It is to make you fluent in one specific con so that you can move through this space without being an easy mark. The people who lose money to rug pulls are almost never the people who checked the five things in this article. They are the people who saw a chart going up and a countdown timer and bought before the window closed. Slowness is a superpower here.
The four types of rug pull
Rug pulls are not all the same. They fall into four families, and knowing which is which tells you what to look for. Two of them are technically legal in a gray sense, and two are outright coded theft, but all four end the same way for you.
Liquidity pulls
This is the classic. To trade on a decentralized exchange, a token needs a liquidity pool, which is a pot holding the new token paired with something real like a stablecoin or a major coin. That pot is what lets buyers turn their money into the token and, in theory, back again. In a liquidity pull, the creators own that pot. Once enough people have bought in and filled it with real value, the creators withdraw the entire pool in one transaction. The moment the real money is gone, the token has nothing backing it, and its price craters to zero because there is nothing left to sell it into. The whole thing can happen in the time it takes to read this paragraph.
Hard rugs coded into the contract
A hard rug is theft written directly into the token's smart contract, the self-executing code that governs how the token behaves. The developers include hidden functions that let them do things a fair token would never allow. They might code a mint function that lets them create unlimited new tokens for themselves and dump them. They might include a function that lets them pause everyone else's ability to sell. They might set a hidden transfer fee that quietly routes a slice of every trade to their own wallet. The token looks and trades normally until the trap is sprung, because the malicious code sits dormant until the creators decide to trigger it.
Soft rugs and slow abandonment
Not every rug is a single dramatic theft. A soft rug is a slow bleed. The team keeps the project alive just long enough to keep selling their own large holdings into the buying demand of newcomers. They post updates, promise features, hype a roadmap, and quietly offload tokens the entire time. Eventually they stop showing up. The website goes stale, the social accounts go quiet, and the price grinds down to nothing. No single dramatic transaction happened, so it can be harder to prove and harder to notice while it is unfolding, but the outcome is identical. The insiders got out with your money, one sale at a time.
Honeypots
A honeypot is the cruelest version because it lets you believe you are winning. The contract is coded so that anyone can buy the token, but only wallets the creators control can sell it. You buy in. The price rises, sometimes dramatically, because buyers keep coming and nobody except the insiders can take money out. Your balance looks wonderful. Then you try to sell, and the transaction fails, every time. You are trapped. The creators, meanwhile, are the only sellers, so every dollar of buying pressure flows straight to them. A honeypot can run for days, quietly consuming everyone who enters, because the victims cannot even warn others by selling and crashing the price.
The anatomy of a scam token launch
Rug pulls follow a script. Once you have seen the shape of one, you see it everywhere. Here is how a typical scam token goes from idea to disappearance, usually in a matter of days.
Notice what is doing the work in that sequence. Almost none of it is about the technology. It is about manufacturing two feelings: excitement and urgency. The excitement comes from a rising chart and a crowd. The urgency comes from a sense that this is early, that the window is closing, that waiting means missing out. Both feelings exist to shut down the part of your brain that would otherwise ask simple questions. Who made this. Can I sell it. Where is the money. Every rug pull is a race between the scammer's hype and your patience, and patience wins every time it shows up.
The red flags you can check before you buy
Here is the part worth saving. Rug pulls leave fingerprints, and most of them are visible before you spend a cent. No single flag is proof on its own, but they cluster. One is a caution. Two or three together is a wall you do not climb over.
Let me expand on the ones that trip people up most. An anonymous team is not automatically a scam, since privacy has a long tradition in crypto, but it dramatically raises the stakes, because there is no one to hold accountable and nothing to lose by vanishing. Weigh anonymity against everything else. A doxxed, reputable team with locked liquidity is a very different animal from three anonymous social accounts and a countdown timer.
Unrealistic yield deserves its own warning. A token promising a fixed astronomical return, say hundreds or thousands of percent a year, is describing something that cannot come from anywhere real. That yield is either printed out of thin air, which dilutes it to nothing, or paid from new buyers' money, which is the definition of a Ponzi structure. Real returns are variable, modest, and come with visible risk. A guaranteed huge number is not a feature. It is the bait.
Finally, watch the marketing itself. When you read a project's materials and cannot find a plain answer to the question of what this token is actually for, that absence is the signal. Legitimate projects can explain their purpose in a sentence a normal person understands. Scam projects fill the space where a purpose should be with emojis, celebrity names, promises of Lamborghinis, and a wall of hype. Hype is not a substitute for a product. It is what you use when there is no product.
How to check liquidity locks and token distribution
Two of the most important checks are things you can verify yourself, for free, in a few minutes. You do not need to be a programmer. You just need to know where to look.
First, the liquidity lock. Remember that in a liquidity pull, the creators drain the pool that backs the token. The defense against this is a liquidity lock, where the creators send their pool ownership tokens to a third-party locking service or burn them entirely, so they cannot withdraw the money for a set period, often months or years. A genuine lock does not make a project safe, but the absence of one means a liquidity pull can happen at any second. You can check this by looking up the token on a block explorer for its blockchain, which is a public website that shows every transaction and wallet. You can also use free token scanner tools that read the contract and report whether liquidity is locked, for how long, and by whom. If liquidity is unlocked, or locked for only a day or two, treat that as a loaded gun.
Second, token distribution, sometimes called the holder breakdown. A block explorer will show you the list of wallets holding the token and what percentage each holds. This is one of the most revealing checks you can do. If a handful of wallets, especially ones connected to the team, hold a huge share of the total supply, they have the power to crash the price the instant they decide to sell. As a rough instinct, be very wary when the top ten wallets, excluding the locked liquidity pool and burn addresses, control a large majority of the supply. Fair launches spread ownership widely. Rugs concentrate it in a few hands that can hit the exit together.
The illustration above shows the contrast. A distribution where insiders hold the majority is not a maybe. It is a structural guarantee that the people who made the token can end it whenever they choose, and you will be the one left holding the empty bag.
How to read a contract audit
Projects love to advertise that they are audited, and buyers love to see the word, but the word alone means almost nothing. An audit is a review of the smart contract code by security specialists who look for vulnerabilities and, importantly, for the kinds of malicious functions described earlier in this guide. A real, thorough audit is genuinely valuable. A fake or shallow one is a costume. Here is how to tell them apart without being an engineer.
Start by finding out who performed the audit. A real audit is published by a named, established security firm, and the report lives on that firm's own site or verified channels, not only as an image on the project's landing page. If the project shows an audit logo but you cannot find the actual report on the auditor's website, assume it is fabricated, because faking a badge costs nothing. Next, read the findings, not just the summary. Real audits list issues by severity, from low to critical, and describe them plainly. A report that flags critical issues, and a team that never fixed them, is a warning, not a reassurance. Then check the date and the code. An audit covers one specific version of the contract at one moment. If the code was changed after the audit, the audit no longer applies, and a common trick is to get a clean review and then deploy something different. Finally, understand the limits. An audit checks the code. It cannot tell you whether the anonymous team intends to slowly abandon the project or dump their tokens, both of which are perfectly possible with flawless code. An audit is one input among several, never a green light on its own.
Safer habits that keep you out of the blast radius
You do not have to win the game of spotting every scam. You just have to make yourself a hard target, and a few durable habits do most of that work. The single most protective habit is slowness. Nearly every rug pull relies on urgency, so refusing to be rushed disarms most of them before you even start checking. If a project punishes you for waiting a day, that punishment is the tell.
Beyond patience, size your bets so a total loss is survivable. Money you put into a brand-new low-liquidity token should be money you have fully accepted you might never see again, because the base rate of loss in that corner of crypto is high. Keep the bulk of any crypto holdings in large, established, boring assets that have existed for years and are held by millions of people, since those are structurally immune to the rug pull as a category. Use a separate wallet, sometimes called a burner, for experimenting with new tokens, so that a malicious contract you interact with cannot reach your main savings. And get in the habit of reviewing and revoking the permissions you have granted to various sites and contracts, because a wallet approval you forgot about can be the door a drainer walks through months later.
What to do if you get rugged
If it has already happened, take a breath, because the next hour matters and panic makes it worse. First, accept the hard truth so you do not get scammed a second time. The money is almost certainly gone, crypto transactions cannot be reversed, and anyone who contacts you promising to recover your funds for an upfront fee is running the recovery scam, which specifically hunts fresh victims. There is no exception to this. Real law enforcement does not charge you to investigate.
Now act. Stop interacting with the project entirely and do not approve any further transactions, especially not requests to pay a fee to unlock or rescue your funds, which is just more theft. Take screenshots of everything while it still exists: the token contract address, your transactions, the project website, and every social post and chat from the team, because scam accounts get deleted fast and this is your evidence. If you connected your wallet to the project's website at any point, use a permission-revoking tool to cancel any approvals you granted, and if you have any doubt about your wallet's safety, move your remaining funds to a brand-new wallet.
Then report it, which matters even when recovery is unlikely, because reports feed investigations that occasionally freeze funds at exchanges and because your report helps warn and protect others. File with the FBI's Internet Crime Complaint Center at ic3.gov and with the FTC at reportfraud.ftc.gov, including the wallet addresses and transaction details, which investigators use to trace the money. If the token was promoted as an investment, the CFTC and SEC also take reports on digital asset fraud.
Finally, there is a small piece of cold comfort in the tax code. For US taxpayers, a worthless or stolen crypto position may qualify as a capital loss, which can offset capital gains and a limited amount of ordinary income, potentially softening the blow at tax time. The rules around theft losses and worthless securities are genuinely tricky and have changed over the years, so this is a place to bring your records to a tax professional who understands crypto rather than guessing. Keep every screenshot and transaction record you gathered, because documentation is what turns a painful loss into a defensible deduction.
The one habit that beats them all
If you forget everything else in this guide, keep this. A rug pull is a race between someone else's urgency and your patience, and patience wins every single time it shows up. The scammer needs you to buy now, before you check the liquidity lock, before you look at who holds the supply, before you ask what the token is even for. The countdown timer, the rocket emojis, the friend in the group chat swearing this is the one, all of it exists to move you past the small, boring, five-minute check that would have saved you. So make the check the ritual. Who made this, and can they be held accountable. Is the liquidity locked, and for how long. Who holds the supply. Is there a real audit I can read. What is this actually for. If a project cannot survive those five questions, it was never going to survive with your money either. It was only ever going to leave with it.
Crypto punishes guesswork faster than any market on Earth.
Volatility is survivable. Not knowing what you own is not. The Financial IQ Test measures your actual money knowledge, from market basics to risk math, so your conviction is built on understanding instead of a feed full of hype.
Test your Financial IQQuestions people ask
What is the difference between a rug pull and a normal crypto loss?
A normal loss happens when an asset you bought falls in price because the market moved against you. A rug pull is theft dressed up as an investment. The people who created the token engineered it so they could take the money and leave you holding something worthless. The price does not drift down. It collapses to near zero because the value was pulled out on purpose.
How can a coin let me buy but not sell?
That setup is called a honeypot. The smart contract behind the token contains hidden rules that allow buy transactions to go through while blocking or reverting any sell attempt, except from wallets the creators control. Your balance looks fine and even rises, but every time you try to cash out, the transaction fails. The only fix is to check the contract for these traps before you buy, because afterward there is no exit.
Does a security audit mean a token is safe?
No. An audit only checks whether the code does what the developers say it does, at one moment in time, and only if a real firm performed it. Scammers fake audit badges, buy shallow reviews, or change the code after the audit. A genuine audit that you actually read can reveal serious warnings. A logo on a landing page tells you nothing on its own.
Can I get my money back after a rug pull?
Almost never. Crypto transfers cannot be reversed, and rug pull operators move funds through mixers and offshore exchanges within minutes. Anyone who contacts you afterward promising recovery for a fee is running a second scam. The realistic path is to report the theft, secure your other accounts, and treat any recovered money as a rare surprise rather than a plan.
What should I do the moment I realize I have been rugged?
Stop sending money and stop approving any transaction. Screenshot the token contract address, the transactions, and any chats or social posts from the team. File reports with the FBI at ic3.gov and the FTC at reportfraud.ftc.gov. If you connected your wallet to the project's site, revoke its permissions and consider moving remaining funds to a fresh wallet in case the approval can still drain you.
Are new tokens always rug pulls?
No, but brand-new low-liquidity tokens are where nearly all rug pulls live, so the base rate of danger is very high. Legitimate new projects exist, yet they are hard to tell apart from scams in their first weeks, which is exactly the window scammers exploit. Waiting, verifying liquidity locks, and checking the team removes most of the risk at the cost of missing the earliest, most volatile gains.
Keep reading

Bitcoin Explained for Normal People (2026 Edition)

The Crypto Scam Field Guide: Every Major Con and How to Spot It

Crypto Taxes in 2026: What You Actually Owe the IRS
The Flourish Letter
One smart money idea each week, charts included. Join free and get the printable 2026 Money Calendar in your welcome email.
