What Is a Rug Pull? How to Spot One Before It Happens

Meta description: Understand what a crypto rug pull is, how they're structured, and the specific warning signs to look for when evaluating a new project.

The term sounds almost cartoonish — "rug pull" — but it describes a genuinely common type of fraud in crypto that has cost people real money. Understanding how rug pulls work isn't about being cynical about the entire space. It's about having a clearer picture of the actual risk landscape so you can ask smarter questions.

What Is a Rug Pull?

A rug pull happens when the creators of a crypto project — typically a new token, NFT collection, or DeFi protocol — build enough hype and attract enough investment to accumulate a significant amount of other people's money, and then abruptly abandon the project and walk away with the funds.

The name comes from the image of someone pulling a rug out from under you: things looked solid until the moment they weren't.

There are two main varieties:

Hard rug pulls are outright fraud from the start. Developers write malicious code into the smart contract — for example, a hidden function that lets them drain the liquidity pool (the pool of funds that lets people trade the token), or code that prevents anyone except the founders from selling. The project was never meant to build anything. It was designed to collect funds and exit.

Soft rug pulls are more gradual and harder to categorize legally. The team launches a real-looking project, builds initial momentum, then quietly stops working on it. They may sell off their token holdings — which they often received for free or cheaply as founders — while public investors are still buying in. The project doesn't have malicious code, but the result is the same: the community is left holding tokens with diminishing value and no team behind them.

Warning Signs to Watch For

No checklist eliminates all risk, but several indicators are consistently associated with fraudulent or abandoned projects.

Anonymous teams with no verifiable history. Many legitimate crypto projects have anonymous or pseudonymous founders. But in the absence of real identities, the question becomes: what accountability exists? If the team has no track record — no prior projects, no verifiable professional history, no public presence that predates the project — there's nothing anchoring them to their commitments.

Locked liquidity that isn't actually locked. Legitimate DeFi projects often lock their liquidity — the funds that make their token tradeable — in a smart contract for a defined period, using third-party auditors to verify it. Projects that skip this step, or claim to lock liquidity without verifiable proof, leave themselves able to drain the pool at any time. You can check this on blockchain explorers or platforms that analyze token contracts.

Concentrated token ownership. If a small number of wallets hold a very large percentage of the token supply (sometimes visible on blockchain analytics tools), those holders can crash the price by selling simultaneously. Founders often hold a disproportionate share. Check the tokenomics — how tokens are distributed, who holds them, and whether there are vesting schedules (lockup periods before founders can sell).

Unrealistic promises and aggressive urgency. Language designed to trigger FOMO — "limited time," "last chance," "guaranteed returns," "100x potential" — is a pressure tactic. Legitimate projects don't need to manufacture urgency. Extraordinary claims without technical substance or third-party audits are a signal to slow down, not speed up.

No smart contract audit. Smart contracts — the self-executing code that runs DeFi protocols — can contain bugs or deliberately malicious functions. Reputable projects commission audits from recognized security firms and publish the results. An unaudited contract isn't automatically malicious, but it's an additional layer of unverified risk.

What Due Diligence Actually Looks Like

Before engaging with any new crypto project, some basic checks are worth the time:

• Read the whitepaper or documentation — is there a real technical plan, or only marketing language?
• Check whether the team is public and verifiable, or anonymous with no prior track record.
• Look up whether the smart contract has been audited, and by whom.
• Search for the project name plus "scam," "rug pull," or "audit" to surface community discussion.
• Examine token distribution data using tools like Etherscan, BscScan, or token analytics platforms.

None of these steps provide certainty. But they shift the information balance. A project that can't survive basic scrutiny is telling you something. For the custody side of protecting yourself, read How Crypto Wallets Actually Work: Hot vs Cold, Keys vs Custody. For the supply, distribution, and vesting red flags that often sit behind these schemes, continue with What Is Tokenomics and Why Should You Care?.

---

Not financial advice. CoinClarity is an educational newsletter.