Solana was built for speed. A transaction finalizes in under a second. Deploying a new token costs less than a dollar. That's the pitch — and it's genuinely impressive engineering.
It's also why Solana became the preferred chain for meme coin factories, coordinated pump-and-dump schemes, and outright exit scams. When it costs $0.50 to launch a token and 60 seconds to set up a Telegram group, the bar for a rug pull is essentially zero.
By 2025, pump.fun — Solana's dominant meme coin launchpad — had processed over 7 million token launches. A small fraction became legitimate communities. The rest were abandoned, slowly drained, or outright scammed. If you've spent any time in Solana DeFi, you've probably bought at least one.
This guide covers exactly what to check before buying any SPL token, what the red flags look like on-chain, and how to run those checks in under 60 seconds using RegPilot's free trust score checker.
Check Any Solana Token Free
Paste a contract address and get an instant trust score. Freeze authority, holder concentration, liquidity lock, bundle detection — all in one place.
Run a Free Trust Score → Solana CheckerWhy Solana Tokens Are Particularly Risky
Every blockchain has scam tokens. Solana has structural properties that make the problem worse:
- Near-zero deployment cost. Launching an SPL token costs under $1 in SOL. Compare this to Ethereum where contract deployment can cost $50–$500. Low cost = high volume of throwaway scam launches.
- pump.fun and factory tokens. Platforms like pump.fun let anyone create a bonding-curve token in under a minute with no technical knowledge. The majority of these tokens hit their bonding threshold, graduate to Raydium, and immediately get dumped by insiders.
- Jito MEV bundles. Solana's Jito MEV infrastructure allows sophisticated actors to bundle their buy transactions with the liquidity creation transaction — meaning they acquire large token positions in the same block as launch, before any public buyer can react.
- Freeze authority. Solana's token standard includes a "freeze authority" feature that EVM chains don't have. It allows the token creator to permanently freeze any wallet. Most users have no idea this exists.
- Speed obscures analysis time. When a token's entire lifecycle — from launch to 10x to rug — can happen in 4 hours, there's no time to do manual research. Automated checking is essential.
5 Key Checks for Any Solana SPL Token
These are the checks that matter. Not everything — but the ones that catch the vast majority of scams before you lose money.
Freeze Authority Status
Solana's SPL token standard gives creators the ability to freeze any token account — meaning they can lock your funds and prevent you from selling or transferring at any time. A legitimate project revokes this authority immediately after or shortly following launch.
If freeze authority is still enabled, the team has the technical ability to freeze your wallet. Even if they never use it, you're trusting them not to.
- Freeze authority not revoked weeks after launch
- Team claims it's "for security" with no commitment to revoke
- Contract is a copy-paste with freeze authority left enabled by default
- Freeze authority revoked (null address)
- Revocation verifiable on Solscan or Birdeye
- Both freeze AND mint authority revoked
Holder Concentration
Check the top 10 holders. If 3–5 wallets collectively hold more than 40–50% of the circulating supply, a coordinated dump is both feasible and likely. Each of those wallets is a loaded gun pointed at anyone who buys after them.
Be especially cautious about wallets that received tokens from the deployer wallet during the first few blocks of the token's existence. These are almost always insider allocations, regardless of what the team claims.
- Top 10 holders control 60%+ of supply
- Multiple wallets funded from same deployer address
- Team wallet still holding large position post-launch
- Top 10 holders under 30% combined
- No single wallet over 5% (excluding LP pool)
- Distribution spread across hundreds of wallets
Liquidity Lock Status
When a token lists on Raydium or Orca, the team deposits liquidity (SOL + token) to create a trading pool. If that liquidity isn't locked, they can remove it in one transaction, crashing the price to zero — this is called a liquidity pull or "hard rug."
Locked liquidity doesn't guarantee safety (teams can still dump their token holdings), but unlocked liquidity is an immediate yellow flag, especially for tokens under 30 days old.
- LP tokens held by the deployer wallet
- No lock on tokens under 2 weeks old
- Lock duration shorter than 6 months
- LP tokens burned (permanent lock)
- Locked via Streamflow or Fragmetric for 12+ months
- Lock verifiable on-chain with expiry date
Fresh Wallet Analysis & Bundle Detection
Jito MEV bundles let insiders buy in the same transaction block that created the liquidity pool — before a single public buyer can react. When you see multiple wallets that were created 0–24 hours before the token launch, all buying within the first 1–3 blocks, that's a coordinated insider operation.
Bundle detection looks at whether the initial token distribution was achieved through coordinated MEV activity. It doesn't mean the token will definitely rug — but it does mean insiders are sitting on a profit from minute one and have no long-term alignment with the community.
- Multiple fresh wallets in the first 5 blocks
- Jito bundle activity on launch block detected
- Wallets created <24h before token launch with large buys
- No concentrated fresh-wallet buys at launch
- Early buyers are aged wallets (30+ days old)
- Organic distribution in first 100 transactions
Mint Authority & Contract Flags
Mint authority allows the token creator to create new tokens at will, inflating the total supply and diluting every existing holder. Like freeze authority, this should be revoked after the initial supply is minted. If it isn't, your ownership percentage can be decreased to near zero without warning.
GoPlus and RugCheck also flag other contract-level risks: tax functions that increase the sell tax above 30% (making selling economically impossible), blacklist functions that can block specific wallets from selling, and proxy upgradeable contracts that let the team change the token's behavior post-launch.
- Mint authority not revoked
- Sell tax above 10% or adjustable by owner
- Blacklist function present in contract
- Mint authority revoked (fixed supply)
- No tax functions or fixed low tax
- Contract code verifiable on Solscan
How RegPilot Scores Solana Tokens
Manual checks across multiple platforms take 20–30 minutes per token and require knowing where to look. RegPilot aggregates four data sources into a single 0–100 trust score and flags specific issues automatically.
RugCheck
Solana-specific risk analysis: freeze authority, mint authority, top holder distribution, known scam patterns.
GoPlus Security
On-chain contract analysis: honeypot simulation, tax functions, blacklist functions, ownership renouncement.
Birdeye
Price data, trading volume, market cap, liquidity depth, and holder count trends over time.
Helius
On-chain transaction history: wallet age analysis, bundle detection, launch block activity, deployer wallet tracing.
The trust score isn't a guarantee — no automated tool can catch every scam. But it catches the overwhelming majority of Solana rug pulls, and it does it in under 60 seconds.
Step-by-Step: Check Any Solana Token
You'll need the token's mint address — a string of letters and numbers that looks like DezXAZ8z7PnrnRJjz3wXBoRgixCa6xjnB7YaB1pPB263. Find it on pump.fun, DEXScreener, or any Solana explorer.
-
1Get the mint address Copy the contract/mint address from pump.fun, DEXScreener, Jupiter, or Birdeye. It's the unique identifier for the token on Solana — not the token name or ticker symbol.
-
2Go to the RegPilot trust score checker Navigate to regpilot.io and paste the mint address into the search box. No sign-up required for the initial scan.
-
3Select "Solana" as the chain RegPilot supports multiple chains. Select Solana from the chain dropdown, or paste the address — the system will usually auto-detect SPL tokens from EVM addresses based on format.
-
4Read the verdict and score breakdown The trust score (0–100) appears in seconds. Below it, you'll see individual flags: freeze authority status, top holder concentration, liquidity lock, bundle detection, and contract risk flags from GoPlus and RugCheck.
-
5Set up Wallet Watchdog for ongoing monitoring If you decide to buy, add the token to RegPilot's Wallet Watchdog. You'll get instant alerts if freeze authority gets invoked, liquidity is removed, or top holder wallets start mass-selling — before the chart collapses.
Don't Buy Blind
Run a free trust score on any Solana token in 60 seconds. Freeze authority, holder concentration, bundle detection, liquidity lock — all checked automatically.
Check a Token Free → Set Up WatchdogFrequently Asked Questions
How do I check if a Solana token is safe?
Paste the token's mint address into RegPilot's free trust score checker. It automatically scans freeze authority, holder concentration, liquidity lock status, bundle detection, and contract flags from RugCheck and GoPlus — all in under 60 seconds, no sign-up required.
What is freeze authority on a Solana token and why does it matter?
Freeze authority is a Solana-specific token permission that lets the creator lock any wallet holding the token — permanently blocking the holder from selling or transferring. Legitimate projects revoke this authority after launch. If it's still enabled, the team can freeze your position at any time. EVM chains (Ethereum, Base, BNB Chain) don't have an equivalent mechanic.
What is bundle detection and why does it flag a token as risky?
Bundle detection identifies whether the token's launch involved coordinated Jito MEV bundles — a technique where insiders buy large amounts of a token in the same block as the liquidity creation transaction. This lets insiders acquire a disproportionate supply at launch price before any public buyer can react. It doesn't guarantee a rug pull, but it does mean insiders hold significant profit from day one with no long-term commitment.
Is a pump.fun token automatically risky?
Not automatically — but statistically, yes. The overwhelming majority of pump.fun launches lose 90%+ of their value within 48 hours. The risk isn't the platform itself; it's that the low-cost deployment model means anyone can launch a token with no accountability. Check freeze authority, holder concentration, and whether the liquidity locked before buying any pump.fun token. Some do build real communities — but they're a small minority.
What's the difference between a hard rug and a soft rug on Solana?
A hard rug is when the team removes all liquidity from the trading pool in one transaction — the price instantly drops to near zero. This requires the liquidity to be unlocked. A soft rug (or "slow rug") is when the team gradually sells their token holdings over days or weeks, suppressing price and eventually abandoning the project. Locked liquidity prevents hard rugs but not soft ones — which is why holder concentration checks matter even when liquidity is locked.
Check Any Solana Token Before You Buy
RegPilot's free trust score checker scans Solana tokens using data from RugCheck, GoPlus, Birdeye, and Helius. Freeze authority, holder concentration, bundle detection, liquidity lock — in under 60 seconds.