The Anatomy of a Rug Pull
A rug pull is not an accident. It is a deliberate exit scam executed in three acts.
Act 1: Build the hype. Launch a token with a compelling story — real-world utility, celebrity backing, "revolutionary" tokenomics. Deploy bots to inflate Telegram member counts. Pay micro-influencers $200 each for promotion. Create FOMO.
Act 2: Let retail in. Watch money flood the contract. Price pumps 50x in 48 hours. Retail investors pile in, desperate not to miss the next 100x.
Act 3: Pull the rug. Founders drain the liquidity pool, dump their pre-allocated tokens, or flip a honeypot switch. Price collapses 99% in minutes. Telegram goes silent. Twitter account deleted. Founders vanish.
- $2.7 billion stolen via rug pulls in 2024 — up 40% from the prior year
- 86% of new tokens on major DEXs show at least one rug pull indicator within 48 hours of launch
- Average investor loss: $4,200 per rug pull event
- Time from launch to rug: median 11 days — often just long enough to appear legitimate
None of this is random. Every rug pull leaves traces in the on-chain data. The warning signs are always there before the exit. The difference between losing money and not is whether you know what to look for — and look before you buy.
Red Flag #1 — Unverified Source Code
The source code is hidden or unverified
Every legitimate token has its smart contract source code published and verified on a blockchain explorer — Etherscan for EVM chains, Solscan for Solana. Verification means third parties can read exactly what the contract does before putting money in.
An unverified contract is a black box. You are trusting a team you don't know with code you can't see. Scammers love unverified contracts because they can hide mint functions (ability to create unlimited tokens), blacklist functions (ability to block your wallet from selling), and backdoors that siphon funds to team wallets.
This is not a minor concern. Among confirmed rug pulls analyzed in 2024, over 78% had unverified or obfuscated source code at the time of launch.
- Contract not verified on Etherscan / Solscan
- Source code unavailable or obfuscated
- Contract was deployed recently with zero audit history
- Source fully verified on block explorer
- Code is readable, commented, professional
- External audit reports linked in documentation
Red Flag #2 — Concentrated Holder Distribution
A handful of wallets control most of the supply
Pull up the top holders on any token. If two or three wallets own 50% or more of the total supply, every retail investor is a hostage. The moment those wallets sell, the price collapses — and there is nothing you can do about it.
Scammers often disguise concentration by splitting a massive allocation across 10–20 seemingly unrelated wallets. But on-chain forensics reveal the pattern: all wallets funded from the same source, all created on the same day, all transacting in lockstep. RegPilot's holder analysis flags these coordinated clusters — not just the top raw percentages.
The healthy threshold: no single wallet should control more than 5–10% of circulating supply, and the top 10 holders combined should sit well below 50%. Tokens where founder allocations are vested over multi-year schedules are materially safer than those where team tokens are immediately liquid.
- Top 3 wallets hold >50% of supply
- Wallets with large holdings are newly created
- No vesting schedule for founder tokens
- Top holder under 10% of supply
- Founder tokens locked in a vesting contract
- Supply distributed across hundreds of wallets
Red Flag #3 — No Locked Liquidity
The liquidity pool is not locked — or the lock expires soon
Liquidity is the pool of funds that lets you trade a token on a DEX. When you buy a token on Uniswap or Raydium, you are trading against this pool. If the team controls the liquidity, they can withdraw it at any moment — instantly making the token untradeable and worthless. This is the "hard rug."
Legitimate projects lock their liquidity using smart contracts like Unicrypt or Team Finance, making it mathematically impossible to withdraw for a defined period. This protects investors by preventing overnight exits.
Watch out for short locks. A 30-day liquidity lock on a token launched yesterday is meaningless — the team drains it on day 31 and disappears. Locks shorter than 6 months on new projects are a yellow flag. No lock at all is red. And always verify the lock directly on the locking platform, not by trusting the team's word in Telegram.
- No liquidity lock on any platform
- Lock expires within 30 days of launch
- Team "promises" to lock but hasn't yet
- Liquidity locked for 6+ months or permanently
- Lock verifiable directly on Unicrypt or Team Finance
- Liquidity growing over time, not declining
Check Liquidity Lock Status Instantly
RegPilot scans liquidity lock status, holder concentration, and source code in under 60 seconds. Free — no sign-up required.
Run a Free Trust Score Check →Red Flag #4 — Honeypot Functions
Hidden code blocks selling — you can buy but never exit
A honeypot is one of the most insidious crypto scams because it feels entirely legitimate until the moment you try to sell. The contract lets anyone buy freely — often with normal-looking price action and transaction history. But hidden in the code is a function that prevents any wallet except the owner's from executing a sell transaction.
Your tokens are trapped. The price might continue to rise as more buyers pile in. You watch your portfolio hit 5x, 10x. Then you try to sell — and every transaction fails. The scammer sells their allocation into your failed transactions, draining the pool, and exits. You're left holding tokens worth zero that you can never sell.
This cannot be detected by reading marketing materials. It requires simulating a sell transaction against the actual contract logic before you buy. RegPilot runs this simulation automatically — checking whether a sell transaction from a neutral wallet would succeed or fail against the deployed bytecode.
- Simulated sell transaction fails
- Buy tax and sell tax differ dramatically (e.g., 1% buy / 90% sell)
- Only the deployer wallet can execute sells
- Simulated sell transaction succeeds
- Buy and sell tax are equal and disclosed
- Multiple non-deployer wallets have successfully sold
Red Flag #5 — No Contract Age
The contract was deployed days — or hours — ago
Contract age alone is not a safety guarantee, but it is a strong predictor. The data is unambiguous: over 60% of rug pulls execute within the first 7 days of a token's life. Scammers are impatient. They want quick money, not sustainable projects.
A new token with no trading history, no DEX presence outside one pool, and no transaction record from more than a week ago is statistically likely to be a rug. Not certain — but the risk-adjusted math heavily disfavors new tokens until they demonstrate some longevity.
Also check the deployer wallet's history. If the address that launched this token also launched three other tokens that now have zero liquidity, you have found a serial rug artist. This pattern is common and extremely telling.
- Contract deployed less than 7 days ago
- Deployer wallet also created other dead tokens
- Zero trading history outside of one DEX pool
- Live for at least 30 days with consistent activity
- Deployer wallet has a clean, single-project history
- Active on multiple DEXs with real volume
Red Flag #6 — Fake Social Proof
The community looks real but the metrics don't add up
Social proof manipulation is the psychological layer that makes everything else work. Real investors have learned to check contracts and holders. So scammers buy 50,000 Telegram members, pay 30 micro-influencers, and generate fake transaction volume to create the illusion of organic momentum.
The tells are always there if you look past the surface numbers. A Telegram group with 40,000 members but 8 messages in the last 24 hours is dead. A Twitter account with 15,000 followers created 18 days ago is purchased. A "10,000 active traders" claim with only 200 unique wallet addresses on-chain is fabricated.
Don't mistake activity for authenticity. Bots produce activity. Real communities produce substance — actual questions, genuine debates, people who can explain the tokenomics without copy-pasting marketing copy.
- Large Telegram group, almost no real conversation
- Twitter account created within last 30 days with 10k+ followers
- Multiple paid influencer promotions from unknown accounts
- Community asks hard questions — and gets real answers
- Social accounts have gradual, organic follower growth
- Team members are verifiably doxxed with real identities
Don't Rely on Manual Research Alone
Red flags #1 through #5 are detectable automatically. Paste a contract address and RegPilot checks all five in under 60 seconds — for free.
Check a Token Free → 🛡️ Set Up AlertsHow RegPilot Detects These Automatically
Five of the six red flags above leave machine-readable traces on the blockchain. RegPilot's free trust score checker runs all five checks the moment you paste a contract address — no blockchain expertise required.
Code Verification
Queries Etherscan V2 (EVM) and Solscan (Solana) to confirm source code is published and verified.
Holder Analysis
Pulls live holder distribution from multiple APIs. Flags concentration and identifies coordinated wallet clusters.
Liquidity Check
Checks DEXScreener and GoPlus for liquidity pool depth and lock status across all supported chains.
Honeypot Simulation
Simulates buy and sell transactions against the deployed contract. Flags any function that blocks sells.
Contract Age
Reports exact deployment date and deployer wallet history. Flags newly deployed contracts and serial rug wallets.
Real-Time Watchdog
Set alerts on any token. Get notified the moment risk changes — before the price does. Learn more →
The result is a single Trust Score — a number from 0 to 100 with a color-coded breakdown of every factor. Green means pass. Yellow means caution. Red means stay out.
The Watchdog plan adds continuous monitoring: if a token you're holding suddenly shows new red flags — a whale wallet starting to move, liquidity declining, or a contract change — you'll get an alert before the price reacts. That window between the on-chain signal and the price collapse is where most of the damage is preventable.
Check Any Token Before You Buy — Free
Paste a contract address. Get an instant Trust Score across all six risk dimensions. Ethereum, Solana, BSC, Base, Polygon, Arbitrum, Avalanche. No sign-up, no fees.