How to Spot a Crypto Rug Pull Before It Happens and the Five Red Flags That Work Every Time

Crypto rug pulls destroyed $1.8 billion in investor funds during 2025, a figure that excludes the contested Mantra OM collapse, according to DappRadar and CoinLaw tracking data. The frequency dropped by 66% compared to 2024, but individual scams got bigger and more sophisticated. MetaYield Farm alone vanished with $290 million in February 2025, and 70% of all victims were retail investors putting in less than $10,000 each. The pattern is consistent across every cycle. Scammers build trust, create urgency, then drain liquidity while holders realize they cannot sell.

The good news is that almost every rug pull leaves warning signs before it happens, and the five red flags covered here catch roughly 90% of them if you check before you buy.

Red Flag #1: The Team Is Anonymous With No Verifiable Track Record

Anonymous founders are not automatically a problem. Satoshi Nakamoto built Bitcoin without revealing an identity. But there is a critical difference between pseudonymous builders who ship code publicly for years and anonymous teams running a token launch with no prior history.

In 80% of documented rug pulls, the team behind the project had zero verifiable identity, according to Solidus Labsresearch on Pump.fun launches. No LinkedIn profiles, no GitHub history, no previous projects, and no real names anywhere. The project website typically shows cartoon avatars or stock photos with made-up names like "Alex DeFi" and "CryptoSam."

What to check. Search the founders' names on LinkedIn and GitHub, and if the project claims partnerships with major protocols, verify those on the partner's official channels. Look at the GitHub repository. A legitimate team will have months or years of commit history, while a rug pull team will have a repo created days before launch with minimal activity and forked boilerplate code. If you cannot find a single verifiable human behind a project asking for your money, that tells you everything you need to know.

Red Flag #2: Liquidity Is Not Locked or the Lock Period Is Suspiciously Short

Liquidity is what allows you to sell a token. When a new token launches on a decentralized exchange like Raydium or Uniswap, the developer creates a liquidity pool by pairing their token with ETH, SOL, or a stablecoin. If that liquidity is not locked, the developer can pull it out at any moment, and every holder's tokens become worthless instantly.

This is the most common rug pull mechanic, and Comparitech's scam tracker confirms that liquidity removal accounts for the majority of DeFi rug pulls across every chain. The developer creates the pool, waits for buyers to swap in, then withdraws all the paired assets, leaving your tokens technically in your wallet but with nothing to sell them into.

What "locked" actually means. A liquidity lock sends the LP tokens to a time-locked smart contract so the developer physically cannot withdraw them before the lock expires. Legitimate projects lock liquidity for 6 to 12 months minimum, often longer, while locks under 30 days are a warning sign and no lock at all is a stop sign.

You can verify locks on Etherscan for ERC-20 tokens or through RugCheck for Solana tokens. If the LP tokens are sitting in the deployer's wallet with no lock contract, treat the token as a live grenade regardless of what the team claims on Telegram.

Source: Comperitech

Red Flag #3: Honeypot Code That Lets You Buy but Blocks You From Selling

A honeypot is the most technically deceptive form of rug pull because everything looks normal from the outside. The token has a chart, trading volume, and a rising price. You buy, and the transaction goes through without any issues. But when you try to sell, the transaction fails because your funds are trapped, and the developer is the only address whitelisted to trade freely.

Honeypots work through hidden functions in the smart contract. The most common technique is a blacklist/whitelist system where every buyer's address gets silently added to a blocked list while the deployer's wallet remains whitelisted. Other variants use balance modifiers that revert any transaction that decreases a holder's balance, or transfer tax functions that set the sell tax to 99-100% for everyone except the owner.

CoinTelegraph reported that a single operator executed nine separate honeypot scams in February 2024, stealing $3.2 million before the pattern was identified. The scams looked completely unrelated on the surface, each with different branding and different communities, but the contract code was nearly identical across all nine.

How to check before you buy. Run the contract address through Honeypot.is or the GoPlus security API, both of which simulate a sell transaction without risking real funds. If the simulation shows the sell will fail or the sell tax exceeds 10%, walk away. This takes 30 seconds and would have saved every victim of the nine scams mentioned above.

Red Flag #4: A Small Number of Wallets Hold a Massive Share of Supply

Token distribution is the most reliable structural predictor of rug pull risk. When fewer than 10 wallets control more than 30% of circulating supply, excluding known exchange and contract addresses, the math is straightforward. Those wallets can crash the price whenever they choose to sell, and retail holders absorb the loss.

The WOLF token on Solana is a textbook case. Over 82% of the supply sat in insider wallets at launch, and after initial buying pressure pushed the price up, the insiders drained the liquidity pool and caused a 99% market cap collapse. Squid Game token was even more extreme, with the top three wallets holding 99% of supply on Ethereum before the $3.3 million exit.

The thresholds most experienced traders use are straightforward. If the deployer wallet retains more than 5% of total supply, investigate why. If the top 10 non-exchange wallets hold more than 30%, the concentration creates structural dump risk. And if those concentrated wallets are connected to each other through transaction history, which tools like Bubblemaps can visualize, you are almost certainly looking at a coordinated insider operation.

Check wallet distribution on Etherscan's token holder page for ERC-20 tokens or through Solscan for SPL tokens. This is not optional due diligence but the single check that catches the most rug pulls before they happen.

Red Flag #5: Yields That Are Too Good to Be True, Because They Are

If a new DeFi protocol is advertising 500% APY or higher with no clear explanation of where the yield comes from, you are not the investor. You are the yield, and that distinction matters more than any chart pattern. Unsustainable returns are the calling card of every Ponzi-structured rug pull, from BitConnect's 1% daily returns in 2017 to MetaYield Farm's $290 million exit in 2025.

Legitimate yield in DeFi comes from identifiable sources, and every one of them can be traced back to real economic activity. Lending protocols generate yield from borrower interest, DEX liquidity pools generate it from trading fees, and staking rewards come from network inflation plus transaction fees. In every case, you can trace the money flow and calculate if the advertised return is mathematically possible given the protocol's actual revenue.

The red flag is not high APY by itself. A new pool with thin liquidity can legitimately show triple-digit APY for a short period because the trading fee revenue is divided among few providers. The red flag is high APY with no mechanism to generate it. When the project's documentation says "innovative yield generation" or "proprietary algorithm" without explaining the actual source, the yield is coming from new depositors' capital, and that model has a 100% historical failure rate.

The quick check. Before you deposit anything into a yield protocol, ask yourself one question. Where does the money actually come from? If you cannot answer that in one sentence after reading the docs, neither can the project, and your capital is at risk.

Your Rug Pull Detection Toolkit

You do not need to be a Solidity developer to check these red flags. Four free tools cover the majority of scam detection for retail traders.

Run every new token through at least two of these before putting money in, a process that takes under five minutes and would have caught every rug pull discussed in this article. And if a project's community reacts defensively when you ask about locked liquidity or wallet concentration, that reaction is its own red flag.

Frequently Asked Questions

What is the fastest way to check if a token is a rug pull?

Run the contract address through RugCheck for Solana tokens or TokenSniffer for Ethereum tokens. Both give an instant risk score covering liquidity locks, mint authority, holder concentration, and known scam code patterns. If the score is poor, skip the token regardless of what the community or influencers claim about it.

Can a token still be a rug pull if liquidity is locked?

Yes, but it is less common. Some scammers use short lock periods of 7-14 days and rug immediately after the lock expires. Others use upgradeable proxy contracts that let them change the contract logic after deployment, bypassing the liquidity lock entirely. A locked pool with a verified, non-upgradeable contract and a 6-month minimum lock is the standard you should demand.

Are rug pulls illegal?

Rug pulls are classified as fraud in most jurisdictions, and enforcement is accelerating as regulators catch up with DeFi. The SEC, DOJ, and CFTC have all pursued cases against rug pull operators under fraud statutes, and several operators have received prison sentences. But enforcement is slow and recovery rates for victims are extremely low, typically under 5% of stolen funds. Prevention beats prosecution every time.

Why do people still fall for rug pulls in 2026?

FOMO and social proof override due diligence. When a token is pumping 500% in 24 hours and an influencer with 200,000 followers is promoting it, checking the contract feels like it might cost you the trade. But the 97% failure rate on platforms like Pump.fun confirms that skipping the five-minute check is the most expensive shortcut in crypto. Scammers are counting on your urgency.

Bottom Line

Every rug pull follows the same playbook with the same five elements. Anonymous team, unlocked liquidity, restricted selling mechanics, concentrated wallets, and impossible yields. The order varies and some scams only use three or four of these, but at least two red flags are present in virtually every documented case. RugCheck, TokenSniffer, Honeypot.is, and Bubblemaps form a free detection stack that catches amateur and intermediate scams before your money is at risk, and the entire process takes less time than scrolling through the project's Telegram. For the average retail trader, spending five minutes on due diligence before every new token purchase is the single highest-ROI habit in crypto, because the money you do not lose to scams compounds just as powerfully as the money you make on legitimate trades.

This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency trading involves substantial risk. Always conduct your own research before making trading decisions.