Rug Pull

What Is a Rug Pull?

A rug pull is a type of cryptocurrency fraud in which project developers build what appears to be a legitimate token or protocol, attract investment, and then abscond with the funds. The term comes from the idiom "pulling the rug out from under someone," describing how investors are left holding tokens that have suddenly become worthless.

Rug pulls are most common in decentralized finance (DeFi) ecosystems where listing a new token is permissionless and requires no regulatory approval or code audit. The typical pattern involves creating a token, pairing it with a valuable cryptocurrency in a DEX liquidity pool, generating hype through social media and influencer promotion, and then extracting the pooled funds through one of several mechanisms.

According to Chainalysis, rug pulls exploded from just 1% of total crypto scam revenue in 2020 to 37% in 2021, driven by the proliferation of permissionless token platforms and the DeFi boom. CertiK's analysis of hard rug pulls found that the average scam project lasted only 92 days from inception to execution, with 77.4% of perpetrator teams being completely anonymous.

How It Works

Rug pulls follow a general playbook, though the specific extraction mechanism varies by type. The lifecycle typically proceeds in four stages:

1. Token creation: developers deploy a new token contract on a platform like Ethereum or BNB Chain and create a trading pair on a decentralized exchange
2. Hype generation: aggressive marketing through social media, Telegram groups, influencer partnerships, and promises of high returns drive retail investors to buy the token
3. Price inflation: as buyers enter the liquidity pool, they deposit valuable assets (ETH, stablecoins) and receive the new token, driving its price upward
4. Extraction: once sufficient value has accumulated, the developers drain the funds through one of the three main mechanisms described below

Liquidity Pulls

The most common type. A developer creates a token and pairs it with a valuable cryptocurrency (such as ETH or USDT) in a liquidity pool on a DEX like Uniswap or PancakeSwap. The developer receives LP (Liquidity Provider) tokens representing their share of the pool. After promoting the token and inflating the pool's value with retail investment, the developer redeems their LP tokens by calling removeLiquidity on the DEX router contract, withdrawing all the paired cryptocurrency.

With no liquidity remaining, the token becomes untradeable. Remaining holders cannot sell because there is no paired asset left in the pool. The token price drops to effectively zero.

// Simplified liquidity pull mechanism
// Developer calls removeLiquidity on the DEX router
router.removeLiquidity(
  tokenAddress,    // The scam token
  wethAddress,     // The valuable paired asset
  lpTokenBalance,  // Developer's full LP token balance
  0,               // Min token amount (set to 0)
  0,               // Min ETH amount (set to 0)
  developerWallet, // Funds sent to developer
  deadline
);
// Result: pool is drained, token is untradeable

Token Dumps (Soft Rug Pulls)

In this variant, developers allocate a disproportionately large share of the total token supply to themselves through pre-mining, team allocations, or hidden wallet distributions. They often distribute holdings across dozens of wallet addresses to simulate decentralized ownership and evade detection.

Once the price reaches a target through retail buying pressure, insiders sell their massive holdings into the market. The volume of sell orders overwhelms demand, crashing the price. This is sometimes called a "soft rug pull" because it uses normal market operations rather than exploiting smart contract code, making it harder to distinguish from legitimate selling in real time.

Smart Contract Exploits (Hard Rug Pulls)

The most technically sophisticated type involves embedding hidden malicious functions directly in the token's smart contract code:

• Hidden mint functions: allow the contract owner to create unlimited new tokens, diluting existing holders' positions to near zero
• Honeypot contracts: restrict sell functionality so only the developer's wallet can sell, while all other holders are trapped. The Squid Game token used this exact mechanism, trapping over 43,000 buyers.
• Fee manipulation: hidden functions that can set transaction fees to 99-100%, effectively blocking all sales by non-whitelisted addresses
• Proxy contract switches: developers deploy a clean, audited implementation behind an upgradeable proxy, then swap in a malicious implementation after attracting funds

Notable Examples

Several high-profile rug pulls have shaped public awareness and regulatory responses:

The Thodex case, where the CEO of a major Turkish exchange fled with approximately $2 billion in customer funds, accounted for roughly 90% of all rug pull losses in 2021 according to Chainalysis. The AnubisDAO case demonstrated the speed at which rug pulls can occur: the project raised 13,556 ETH (approximately $60 million) and drained the entire amount just 20 hours after its token sale, despite having no website or whitepaper.

Warning Signs

CertiK's study of 40 hard rug pulls identified several common patterns. Recognizing these red flags can help investors avoid scams:

• Anonymous teams with no verifiable identities: 77.4% of rug pull projects had completely anonymous teams. Only 12.9% published whitepapers, and just 22.6% had roadmaps.
• Unaudited smart contracts: the single biggest technical red flag. Contracts without audits from reputable firms may contain hidden administrative powers such as unlimited minting, transfer pausing, or blacklisting.
• Unlocked or short-duration locked liquidity: if the developer controls LP tokens without a timelock contract, they can drain the pool at any time. Legitimate projects typically lock liquidity for 6 to 12 months or longer.
• Unrealistic yield promises: guaranteed high returns ("100x guaranteed," "10% per day") with no transparent economic mechanism are classic indicators of fraud.
• Concentrated token ownership: if a small number of wallets hold a large percentage of the total supply, a coordinated dump is trivially easy. On-chain explorers like Etherscan can verify holder distribution.
• Inability to sell after purchase: if you buy a token and cannot sell it, you are likely in a honeypot contract. On DEX charts, a pattern of only buy orders with no sell orders is a telltale sign.

Verification Tools

Several tools can help identify potential rug pulls before investing:

Why Bitcoin Is Structurally Resistant

Bitcoin's base layer architecture makes traditional rug pulls structurally impossible. This resistance stems from several fundamental design decisions:

First, Bitcoin has no native token creation mechanism. Unlike Ethereum, where anyone can deploy an ERC-20 token contract with arbitrary logic in minutes, Bitcoin's base layer supports only one asset: BTC. Its issuance follows fixed consensus rules (the halving schedule and 21 million supply cap) that no single party can alter.

Second, Bitcoin Script is intentionally limited and non-Turing-complete. It supports basic operations like multisig verification and timelocks but cannot express the complex logic needed for rug pull mechanisms: hidden mint functions, dynamic fee modifiers, blacklists, or upgradeable proxy contracts.

Third, the UTXO model uses discrete, stateless transactions rather than a global account state. Each UTXO is a separate "coin" that can only be spent once with the correct unlocking script. There is no shared mutable state (like an AMM liquidity pool balance) that a privileged party could manipulate through contract calls.

This architectural simplicity is a feature, not a limitation, when it comes to security. Platforms like Spark build on Bitcoin's security model while adding functionality through carefully designed Layer 2 protocols, preserving self-custody guarantees without introducing the arbitrary smart contract surface area that enables rug pulls.

Important caveat: While Bitcoin's base layer is resistant to rug pulls, centralized platforms holding BTC (like the Thodex exchange) can still execute exit scams. Token standards built on top of Bitcoin, such as BRC-20 tokens using Ordinals, reintroduce some of these risks through off-chain indexing dependencies. The protection applies specifically to Bitcoin's base-layer consensus protocol.

Rug Pulls vs. Other Crypto Scams

Rug pulls are distinct from other types of cryptocurrency fraud, though the categories sometimes overlap:

The defining characteristic of a rug pull is that the perpetrators have privileged insider access to the project's infrastructure: smart contract admin functions, LP token ownership, or treasury control. This distinguishes rug pulls from phishing attacks, which target individual users through credential theft, and from front-running or sandwich attacks, which exploit transaction ordering rather than project control.

Legal and Regulatory Landscape

No jurisdiction currently has laws specifically targeting cryptocurrency rug pulls. Prosecutors rely on existing statutes: wire fraud, money laundering, securities fraud, and conspiracy charges. However, enforcement has intensified significantly:

• Thodex founder Faruk Fatih Ozer was sentenced to 11,196 years in a Turkish court in September 2023 on charges of aggravated fraud and money laundering
• SafeMoon CEO Braden Karony was convicted of securities fraud conspiracy, wire fraud, and money laundering in May 2025, receiving a sentence of 100 months in February 2026
• The Frosties NFT case (March 2022) marked the first DOJ prosecution specifically framed as an NFT rug pull, establishing that rug pulls are prosecutable as wire fraud under existing US law
• OneCoin co-founder Karl Sebastian Greenwood was sentenced to 20 years and fined $300 million in September 2023 for a $4 billion fraud

In the United States, New York State legislators have proposed bills to criminalize rug pulls specifically, with penalties up to $25 million for corporations and 20 years for individuals, though none have passed as of mid-2026. The EU's MiCA regulation, fully effective since December 2024, creates disclosure and operational standards for crypto asset service providers that may reduce the prevalence of certain types of rug pulls in regulated markets.

How to Protect Yourself

While no single check is foolproof, combining several verification steps dramatically reduces risk:

1. Verify team identities: look for publicly identifiable founders with verifiable track records and reputational stake
2. Check smart contract audits: confirm that the deployed contract address matches the audited code, and that the audit is from a reputable firm
3. Verify liquidity locks: use tools like Unicrypt or Team Finance to confirm that LP tokens are locked in a timelock contract for a meaningful duration (6 to 12 months minimum)
4. Analyze token distribution: check blockchain explorers for holder concentration. If a small group of wallets holds a large share of supply, the risk of a coordinated dump is high
5. Test sell functionality: before committing significant funds, attempt a small test buy followed by a sell to confirm the token is not a honeypot
6. Favor self-custodial platforms: holding assets in your own wallet rather than on centralized platforms eliminates the risk of exchange exit scams. Read more about the tradeoffs in our self-custodial vs. custodial wallets research

Understanding how governance tokens, flash loans, and impermanent loss work can also help investors evaluate whether a project's claimed mechanisms are economically viable or too good to be true.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.