Skip to content
BTC
Ad

How to Spot Rug Pulls & Exit Scams (2026)

12 red flags that reveal rug pulls before they happen. Real case studies, on-chain verification tools, and how to protect your investments.

The Scale of the Problem

In 2025, rug pulls and exit scams accounted for over $2.8 billion in losses globally. An estimated 50–90% of tokens launched on decentralised exchanges had characteristics consistent with fraud. Learning to recognise these scams isn't optional — it's essential survival knowledge.

1. What Are Rug Pulls & Exit Scams?

Both terms describe fraudulent schemes where project creators steal investor funds, but they differ in execution and timeline.

Rug Pull

  • Timeline: Hours to weeks
  • Mechanism: Liquidity removal or massive token dump
  • Common in: DeFi tokens, memecoins, NFT projects
  • Result: Token price drops 90–100% instantly

Exit Scam

  • Timeline: Months to years
  • Mechanism: Operators disappear with custodied funds
  • Common in: Exchanges, lending platforms, funds
  • Result: Total loss of deposited funds

2. Types of Rug Pulls

Liquidity Theft

Most common

Developers add liquidity to a DEX, attract buyers, then withdraw all liquidity pool tokens — making the token unsellable.

Technical detail: The LP tokens aren't locked or are locked to a contract the team controls. When removed, the paired asset (ETH, BNB) is drained.

Sell Restriction (Honeypot)

Very common

The smart contract allows buying but blocks or heavily taxes selling. Investors can buy in but can never sell.

Technical detail: Hidden functions in the contract check the sender address or apply 99% sell taxes. The contract may even show a low sell tax initially, then change it later.

Team Dump

Common

The team holds a large allocation (30–80% of supply) and dumps it all at once after pumping the price through marketing.

Technical detail: Token distribution is heavily skewed. The team may use multiple wallets to disguise their holdings. Vesting schedules either don't exist or are controlled by the team.

Hidden Mint Function

Moderate

The contract contains a function that lets the deployer mint unlimited new tokens, inflating supply and crashing the price.

Technical detail: The mint function may be obfuscated with misleading names or hidden in inherited contracts. It's often not visible in basic contract scans.

3. Red Flags Checklist

No single red flag guarantees a scam, but multiple red flags together should make you walk away. Use this checklist before investing in any new token.

Team & Transparency

Anonymous team with no verifiable identities or track record
No LinkedIn profiles, GitHub history, or public appearances
Team members' photos are AI-generated (check with reverse image search)
Copied or plagiarised whitepaper

Smart Contract

No audit from a reputable firm (CertiK, OpenZeppelin, Hacken)
Contract is not verified on the block explorer
Owner can pause trading, blacklist wallets, or change fees
Proxy contract that can be upgraded without governance

Tokenomics & Liquidity

Liquidity is not locked — or locked to a contract the team controls
Top 10 wallets hold more than 50% of supply
No vesting schedule for team tokens
Sell tax above 5% or dynamic tax that can be increased

Marketing & Community

Promises of guaranteed returns or '100x potential'
Heavy reliance on paid influencers and bot-inflated social metrics
Telegram/Discord deletes questions about the contract or team
Sudden viral marketing push without organic growth history

4. On-Chain Analysis: How to Verify

Before investing in any new token, use these free tools to verify its legitimacy. This takes 5–10 minutes and can save you thousands.

Token Sniffer

tokensniffer.com

Automated scam detection. Scans the contract for known rug pull patterns, honeypot code, and suspicious functions. Gives a trust score out of 100.

Key check: Score below 50 = high risk

GoPlus Security

gopluslabs.io

Checks if you can sell the token, identifies hidden owner privileges, proxy contracts, and trading restrictions.

Key check: Any 'cannot sell' flag = avoid

DEXScreener

dexscreener.com

View real-time liquidity, holder distribution, and trading activity. Spot suspicious patterns like wash trading or concentrated holdings.

Key check: Low liquidity + high volume = suspicious

Etherscan / BscScan

etherscan.io

Read the verified contract source code. Check if the contract is verified, look at the deployer's transaction history, and review token holder distribution.

Key check: Unverified contract = major red flag

Bubble Maps

bubblemaps.io

Visualises token holder connections. Reveals if seemingly separate wallets are controlled by the same entity (cluster analysis).

Key check: Connected whale clusters = concentration risk

Revoke.cash

revoke.cash

Review and revoke token approvals you've granted to smart contracts. Essential hygiene after interacting with any DeFi protocol.

Key check: Revoke unused approvals regularly

5. Real-World Case Studies

Squid Game Token (2021)

$3.4MHoneypot + Liquidity Theft

Capitalised on the Netflix show's popularity. The contract prevented selling — buyers could only buy, not sell. Developers drained the liquidity pool, and the token crashed from $2,861 to $0.0008 in seconds.

📌 Lesson: If you can't sell a token, it's a honeypot. Always test with a tiny amount first. Check selling restrictions before investing.

AnubisDAO (2021)

$60MLiquidity Theft

Raised 13,556 ETH (~$60M) in a token sale. Within 20 hours, all funds were transferred to a single wallet. The project had no website, no audit, and an anonymous team — but had heavy crypto-Twitter hype.

📌 Lesson: Hype is not due diligence. No website + no audit + anonymous team + massive raise = maximum risk.

Thodex Exchange (2021)

$2B+Exit Scam

A Turkish crypto exchange. The CEO fled the country with an estimated $2B in user funds, citing a 'partnership' as the reason for halting trading. He was later arrested in Albania.

📌 Lesson: Even established exchanges can exit scam. Use regulated, insured exchanges. Don't keep more on an exchange than you're actively trading.

SafeMoon Controversy (2021–2023)

$200M+Team Dump / Misuse of Funds

The SEC charged SafeMoon executives with fraud, alleging they misappropriated millions from the liquidity pool for personal use — including real estate and luxury cars — while promoting the token as a safe investment.

📌 Lesson: Celebrity endorsements and massive communities don't guarantee legitimacy. Follow the money on-chain, not the marketing.

6. The Token Verification Framework

Before investing in any new token, run through this 5-step verification process. It takes 10 minutes and can save you from catastrophic losses.

1

Check the contract

Is it verified on the block explorer? Scan with Token Sniffer and GoPlus. Look for hidden mint functions, sell restrictions, and owner privileges. If the contract isn't verified, stop here.

2

Verify the team

Are founders publicly identified with verifiable backgrounds? Reverse-image-search their photos. Check LinkedIn and GitHub histories. Anonymous teams aren't automatically scams, but they're higher risk.

3

Analyse liquidity & holders

Is liquidity locked? For how long? Who locked it — a third-party service or the team's own contract? Use Bubble Maps to check holder concentration. Top 10 wallets holding >50% = high risk.

4

Read the audit

Does a reputable firm's audit exist? Read the findings — especially any 'high' or 'critical' issues. Were they resolved? An audit isn't a guarantee, but no audit is a red flag.

5

Test with a tiny amount

Buy and immediately sell a small amount ($5–10). If you can't sell, it's a honeypot. Check the actual sell tax vs. what's advertised. If there's a discrepancy, walk away.

The 5-minute rule: If you can't find basic information (team, audit, liquidity lock) within 5 minutes of searching, the project likely doesn't want you to find it. That alone is a red flag.

7. Where Rug Pulls Happen Most

Platform TypeRisk LevelWhy
Pump.fun & memecoin launchersExtremeAnyone can create a token in seconds. No audit, no vetting. The majority of tokens launched here go to zero.
Uniswap / PancakeSwap (new pairs)Very HighPermissionless listing. No requirements for audits, team identity, or liquidity locks.
Small/unregulated exchangesHighLess vetting of listed tokens. Some small exchanges have exit-scammed themselves.
Major regulated exchangesLowExtensive listing requirements, team vetting, and regulatory oversight. Not immune, but significantly safer.

Frequently Asked Questions

What is a rug pull in crypto?+
A rug pull is a scam where developers create a token, attract investment through hype and marketing, then suddenly withdraw all liquidity or sell their holdings — crashing the price to zero and leaving investors with worthless tokens. The name comes from 'pulling the rug out from under' investors. It's the most common type of crypto fraud, particularly in DeFi and memecoin markets.
How is an exit scam different from a rug pull?+
A rug pull typically involves a token launch where liquidity is drained quickly (hours to weeks). An exit scam is broader — it can involve any crypto project (exchange, lending platform, fund) where operators build trust over months or years, then disappear with user funds. The BitConnect collapse and QuadrigaCX exchange are examples of exit scams. Both result in total loss, but exit scams often involve larger sums and longer timeframes.
Can rug pulls happen on major exchanges like Binance?+
Tokens listed on major regulated exchanges undergo vetting processes, making traditional rug pulls much less likely. However, even listed tokens can lose 90%+ of value due to team selling, poor fundamentals, or market conditions — which isn't technically a rug pull but feels similar. The highest rug pull risk is on decentralised exchanges (DEXs) where anyone can list a token without approval.
Are all new tokens scams?+
No, but a significant percentage are. Studies estimate that 50–90% of tokens launched on DEXs in 2024–2025 had characteristics consistent with rug pulls or pump-and-dumps. Legitimate new projects exist, but they're the minority. The key differentiators: audited contracts, transparent teams, locked liquidity, realistic roadmaps, and organic community growth rather than paid hype.
Can I get my money back after a rug pull?+
Almost never. Blockchain transactions are irreversible, and rug pull operators typically convert stolen funds through mixers or cross-chain bridges within hours. In rare cases, law enforcement has recovered funds (e.g., the Squid Game token case), but this is the exception. Your best protection is prevention — never invest more than you can afford to lose, and use the red flag checklist before buying any new token.
How do I report a rug pull?+
Report to: 1) Your local financial regulator (SEC, FCA, BaFin, ESMA), 2) The blockchain's scam reporting channels (e.g., BSCScan's report feature), 3) CoinGecko and CoinMarketCap to flag the token, 4) Law enforcement via IC3 (US), Action Fraud (UK), or equivalent. Also post on-chain evidence on Twitter/X and crypto forums to warn others. Keep all transaction records as evidence.

Trade Vetted Tokens on Binance

Binance lists tokens only after extensive due diligence including team verification, contract audits, and regulatory compliance checks. Trade with confidence on a MiCA-compliant exchange.

Open Binance Account

Ad · Digital asset prices are subject to high market risk and price volatility. Don't invest unless you're prepared to lose all the money you invest. Terms & risk disclosure

This page contains affiliate links. We may earn a commission at no extra cost to you.

Related Guides

Crypto Scams to Avoid

Phishing, Ponzi, impersonation & more.

Never Share Private Keys

Why your keys must stay secret.

How to Secure Your Crypto

2FA, seed phrases & wallets.

Risk Management Guide

Never invest more than you can lose.

Risk Management Guide

Position sizing & stop-losses.

How to Buy Bitcoin

Step-by-step for beginners.

Disclaimer

This guide is for educational purposes only and does not constitute financial, legal, or investment advice. Mentioning specific projects as case studies does not imply legal conclusions — some cases are subject to ongoing litigation. Always conduct your own research and consult qualified professionals before investing.

Educational content only · Last updated March 2026