中文

How to Spot a Rug Pull: 8 Red Flags and a Due-Diligence Checklist

Security · 2026-05-29 · 比特三棱镜编辑部
Ask AI

In 2023 there were hundreds of rug pulls on Solana alone, and on-chain trackers logged a typical lifecycle—token launch, liquidity removal, price to zero—with an average lifespan under 48 hours. In other words, the “100x new gem” you saw on your timeline was often already written off by its own team before you ever placed a buy order. A rug pull isn’t a hack; it’s a trap set by the project itself, which means you can usually spot it before any of your money is at risk. (/uploads/20260529/1780058255234-8086.png)

What a Rug Pull Actually Is

A rug pull is when a project team drains liquidity or runs off with raised funds, leaving holders with worthless tokens. Unlike a hack, the perpetrator is the team itself, the on-chain trail is right there in plain sight, and yet nobody warns you in advance and nobody recovers your money afterward.

The hottest hunting ground is meme coins and low-cap launches on new chains. Before learning the patterns, internalize this: any project that “10x’d before launch” should be treated as something specifically designed to take your money.

Three Classic Types

Different rug pulls use different mechanics, and they need different checks:

Type Mechanic Detection
Liquidity pull Team withdraws all DEX liquidity, price instantly zeros Easy—check LP lock
Contract backdoor (honeypot/mint) Hidden mint, pause, blacklist or tax-toggle privileges Medium—needs code review or scanner
Marketing fraud (slow rug) Fake roadmap, partnerships, KOLs—slow pump then exit Hard—requires watching fundamentals over time

The liquidity pull is the most common and most violent, often happening within the first 24–72 hours after launch. Contract backdoors are nastier—a holder may suddenly find they can only buy, never sell.

8 Red Flags

Run any new project through this checklist. The more it ticks, the harder you should pass:

  1. Liquidity unlocked / locked only briefly—the deployer can pull the pool at any time.
  2. Extreme holder concentration—top 10 wallets hold more than 50%, very likely team-controlled.
  3. Closed-source / unaudited contract—if you can’t read the code, don’t fund it. “Audit coming soon” almost always means never.
  4. Suspicious contract privileges retainedmint, pause, blacklist, setFee not renounced.
  5. Vague roadmap and team—anonymous founders + slideware roadmap + zero verifiable partnerships.
  6. Telegram/Discord bans all questions—only “WAGMI/to the moon” allowed, skeptics get kicked.
  7. Charts that only go up, almost no sell orders—classic honeypot fingerprint.
  8. Coordinated KOL shouts at launch—paid promo timed perfectly to land while you bag-hold.

Rug pull red flags at a glance: unlocked liquidity, concentrated holdings, unverified contracts, suspicious privileges

Due Diligence With Public Tools

Five-step due diligence toolchain pipeline from DEX Screener to social verification

Red flags are intuition; on-chain data is evidence. New users can run this five-step pass in about fifteen minutes:

Step 1: DEX Screener / GeckoTerminal. Check pool liquidity, 24h volume, buy/sell ratio, holder count. Tiny liquidity or extreme imbalance? Pass immediately.

Step 2: Block explorer (Etherscan / Solscan / BscScan). Inspect holder distribution—top-10 share is the headline indicator. Then check if the deployer has been moving size into “marketing wallets” that look suspiciously coordinated.

Step 3: Contract scanner (Token Sniffer / GoPlus / Honeypot.is). These tools flag mintability, blacklists, mutable taxes, honeypot behavior. A single red light is enough to walk away.

Step 4: LP lock query (Team Finance / Unicrypt / PinkLock). Verify the LP is truly locked, for how long, and whether all the LP tokens are locked—some projects only lock a fraction for show.

Step 5: Social cross-check. Look at the age of the X and Telegram accounts, the follower growth curve, the realness of engagement. A three-day-old account with tens of thousands of bot followers is a flashing red warning.

Five steps, and roughly 90% of obvious scams disappear. The remaining 10% are “well-dressed” slow rugs—those take time and ongoing observation.

Common Misconceptions

A few traps newcomers fall into when doing DD:

  • Audited ≠ safe. Most audits cover code logic but not deployer privileges or deliberate backdoors. Treat audits as a signal, not insurance. For broader hygiene see the security guide.
  • KOL shilling ≠ legitimacy. Paid promo is a public business in crypto. Shillers don’t hold the bag and don’t share the risk.
  • Price going up ≠ good project. Early pumps are easy to manufacture. Read flows, not candles.
  • Anonymous teams aren’t automatically scams, but anonymous + unrevoked privileges + unlocked liquidity is a death sentence.

If You’re Already In

If you already bought something that’s now lighting up red flags, don’t wait for “one more pump”:

  1. Test-sell a small amount to confirm you can actually exit (rules out honeypot behavior).
  2. Cut and run if red flags are confirmed—stopping the loss beats gambling on “they won’t rug.”
  3. Revoke approvals you may have granted to that contract; otherwise the team can drain other tokens too.
  4. Preserve evidence—save the contract address, tx hashes and chat screenshots for any future report.
  5. Stay away from “victim recovery” groups—they’re almost always secondary scams.

Habits Worth Building

  • Always read the contract before reading the price.
  • Size positions in low-cap names at zero-loss-tolerance levels only.
  • Keep grounding yourself with market basics and trading fundamentals.
  • Bookmark DEX Screener and Token Sniffer—make them part of your pre-trade muscle memory.

Closing Thought

Rug pulls keep happening because they’re cheap to run and the FOMO premium is enormous. Catching them doesn’t require sophisticated on-chain skills—fifteen minutes of due diligence is enough to filter out most obvious scams, and those fifteen minutes are worth far more than the regret after going to zero.

Trust first, then invest. Reverse the order and you’re catching the knife.