How to Identify and Avoid Crypto Rug Pulls — The Anti-Loss Protocol for Token Safety
Published on 2026-06-10
The $2.8 Billion Problem Hiding in Plain Sight
You found the next 100x gem. The Telegram group is buzzing. The chart is going straight up. The anonymous team promises a revolutionary DeFi protocol, and early buyers are already posting screenshots of their gains. You connect your wallet, swap your ETH for the new token, and then — silence. The website goes offline. The Telegram group is deleted. The liquidity pool is drained. Your tokens are worth zero.
This is a rug pull — the most devastating and common scam in crypto. Unlike hacks, which exploit technical vulnerabilities, rug pulls are designed to steal from the start. The creators build just enough legitimacy to attract capital, then disappear with everything. In 2025, rug pulls accounted for over $2.8 billion in losses across Ethereum, Solana, Base, and BSC, according to blockchain security firms.
The worst part? Most rug pulls are entirely preventable. The warning signs are visible on-chain, in the token contract, and in the project's behavior — if you know what to look for. This guide gives you the complete Anti-Loss Protocol for rug pull detection: a systematic checklist you can run in under 5 minutes before every token purchase.
What Exactly Is a Rug Pull?
A rug pull is a type of exit scam where a project's creators deliberately attract investor funds and then abandon the project, taking the liquidity or treasury with them. The term comes from the expression "pulling the rug out" — removing support and letting investors fall.
There are three main types:
1. Liquidity Pull (Most Common)
The developers create a token and pair it with ETH, SOL, or a stablecoin on a DEX (Uniswap, Raydium, etc.). Investors buy in, adding to the liquidity pool. At a predetermined point — often when the pool reaches a target size — the developers remove all the ETH/SOL from the pool, leaving behind worthless tokens. The price crashes to zero instantly. This is the classic "soft rug" and accounts for roughly 60% of all rug pulls.
2. Token Contract Backdoor
The token's smart contract contains hidden functions that only the deployer can call. These may include:
- Mint function: The creator can mint unlimited new tokens, diluting all holders.
- Blacklist function: The creator can block specific addresses from selling — so you can buy but never sell.
- Tax modifier: The creator can change the buy/sell tax to 99%, making it impossible to sell.
- Trading toggle: The creator can disable selling entirely while continuing to sell their own tokens.
These backdoors are invisible on the surface. The token looks normal, the chart looks healthy, and early buyers may even profit. But when the creator triggers the hidden function, your investment is trapped or worthless.
3. Slow Rug (Gradual Exit)
Instead of a single dramatic exit, the developers slowly drain value over days or weeks. They sell their team tokens gradually, remove liquidity in small chunks, or use the treasury to fund fake partnerships and marketing while quietly cashing out. The price declines slowly, and many holders don't realize what's happening until it's too late. Slow rugs are harder to detect but equally devastating.
Rug Pull Red Flags at a Glance
| Category | Red Flag | Risk Level | How to Check |
|---|---|---|---|
| Team | Fully anonymous team with no verifiable history | High | Search team names on LinkedIn, GitHub, prior projects |
| Team | Team holds >30% of total supply | High | Check token holder distribution on Etherscan/Solscan |
| Contract | Source code not verified on block explorer | Critical | Look for green checkmark on Etherscan contract tab |
| Contract | Honeypot (can buy but not sell) | Critical | Use token scanner tools (see below) |
| Contract | Mint function not renounced | High | Read contract source code or use audit tools |
| Contract | Proxy contract with upgradeable logic | Medium-High | Check if contract is proxy on block explorer |
| Liquidity | Liquidity not locked or locked <6 months | High | Check lock status on Unicrypt, Team Finance, or Mudra |
| Liquidity | Liquidity <5% of market cap | High | Compare pool size to market cap on DEX screener |
| Liquidity | Single wallet controls >50% of LP tokens | Critical | Check LP token holder distribution |
| Tokenomics | No vesting schedule for team/investor tokens | High | Check tokenomics doc or ask in community |
| Social | Telegram/Discord full of bots and paid shillers | Medium | Check for repetitive messages, new accounts, no real discussion |
| Social | Aggressive FOMO marketing, "guaranteed returns" | High | Legitimate projects never guarantee returns |
| Social | No GitHub activity or empty repositories | Medium | Check GitHub for actual code commits |
| Launch | Launched within the last 48 hours | High | Check pair creation date on DEX screener |
| Launch | No audit from a recognized firm | Medium-High | Check for CertiK, Hacken, OpenZeppelin, or Trail of Bits audit |
The Anti-Loss Protocol: 9-Step Rug Pull Checklist
Before you invest any amount in a new token, run through these nine steps. If you fail more than two, walk away.
Step 1: Verify the Contract on a Block Explorer
Copy the token contract address from the project's official website or social media. Paste it into the relevant block explorer (Etherscan for Ethereum/EVM chains, Solscan for Solana, etc.).
What to look for:
- Contract source code verified? A green checkmark means the source code is published. No checkmark = immediate red flag.
- Contract creator: Is the deployer wallet funded from a known exchange (suggesting a real person) or from a fresh wallet with no history?
- Contract age: How long has the contract existed? A token deployed 3 days ago is inherently riskier than one deployed 6 months ago.
- Number of holders: Fewer than 100 holders for a "hot" new token suggests concentration risk.
Step 2: Run a Token Scanner Check
Use automated token scanner tools to detect common rug pull mechanisms:
- Token Sniffer (tokensniffer.com): Scans for honeypot code, mint functions, and other red flags. Free for basic checks.
- GoPlus Security (gopluslabs.io): Checks contract permissions, honeypot status, and whether the creator can modify taxes.
- HoneyPot.is (honeypot.is): Specifically tests whether you can actually sell the token by simulating a buy-sell transaction.
- De.Fi Scanner: Comprehensive audit of token contracts across multiple chains.
Critical: If any scanner flags the token as a honeypot, do NOT buy it. No amount of "the team is fixing it" or "the next version will be clean" justifies the risk.
Step 3: Check Liquidity Lock Status
Locked liquidity means the LP tokens (representing the pooled assets) are held in a time-lock smart contract that prevents the developer from withdrawing them before a specified date. This is the single most important protection against liquidity pulls.
Check lock status on:
- Unicrypt (unicrypt.network)
- Team Finance (team.finance)
- Mudra (mudra.website)
- DeepLock (deeplock.io)
What's acceptable: Liquidity locked for at least 1 year, ideally with a gradual unlock (linear vesting) rather than a single cliff. What's not acceptable: No lock, lock expiring in less than 30 days, or lock controlled by a multisig with fewer than 3 signers.
Step 4: Analyze Token Distribution
On the block explorer, look at the "Holders" tab. A healthy token distribution shows:
- The top 10 wallets hold less than 50% of total supply.
- No single wallet (excluding the DEX pool contract) holds more than 5-10%.
- The deployer wallet holds a reasonable allocation (5-15% for development is normal; 40%+ is a red flag).
If one wallet holds 80% of the supply, that wallet can dump on the market at any moment. Even if they promise not to, there is no enforcement mechanism — you're trusting their word against their financial incentive.
Step 5: Read the Contract Source Code (or Get Help)
If the contract is verified, you can read the source code directly on the block explorer. Look for these specific functions:
- _mint() or mint(): If present and not disabled, the creator can create new tokens at will.
- _transfer() with conditions: Look for if-statements that block transfers to/from specific addresses.
- setTaxFee() or similar: Functions that let the owner change buy/sell taxes.
- pauseTrading() or setTrading(): Functions that can disable trading.
- blacklist() or isBlacklisted: Functions that prevent specific wallets from transacting.
If you can't read Solidity, use ChatGPT or Claude — paste the contract code and ask "Does this token contract contain any functions that would allow the owner to prevent users from selling?" AI tools are surprisingly effective at flagging malicious code patterns.
Step 6: Research the Team
Anonymous teams aren't automatically scammers — Bitcoin's creator is anonymous, and many legitimate DeFi projects launched pseudonymously. But anonymous teams with no track record are significantly riskier.
For each team member, check:
- LinkedIn: Do they have a verifiable work history in tech, finance, or crypto?
- GitHub: Have they contributed to open-source projects? Is their activity consistent over time?
- Prior projects: Have they launched other tokens or protocols? What happened to those projects?
- Social media history: Are their Twitter/X and Telegram accounts years old, or were they created last month?
If you can't find any information about the team beyond their current project, treat that as a significant risk factor.
Step 7: Evaluate the Audit (If Any)
An audit from a reputable firm reduces risk but doesn't eliminate it. Here's how to evaluate audits:
- Who audited it? CertiK, Hacken, OpenZeppelin, Trail of Bits, and Consensys Diligence are recognized. An audit from "XYZ Security Audits" that you've never heard of may be worthless.
- Is the audit public? Legitimate audits are published in full. A project that says "audited" but won't share the report is suspicious.
- What did the audit find? Read the report. Were there critical findings? Were they fixed before launch?
- When was the audit? An audit from 12 months ago doesn't cover recent code changes.
Step 8: Check Social Sentiment Authentically
Don't rely on the project's own Telegram or Discord for sentiment. Instead:
- Search the token name + "scam" or "rug" on Twitter/X and Reddit.
- Check Dextools for the "Check" community comments on the token chart.
- Look at the project's social media engagement: Are comments from real accounts with history, or from accounts created yesterday with no posts?
- Be wary of influencer promotions. Many "crypto influencers" are paid to shill tokens and disclose nothing.
Step 9: Test with a Small Amount
Even after passing all checks, always test before investing seriously. Buy the minimum possible amount, then immediately try to sell it. If the sell transaction fails, is blocked, or incurs a 99% tax, you've just saved yourself from a much larger loss.
This test also reveals slippage issues. Some tokens have such low liquidity that even a small sell moves the price dramatically — meaning you can't exit without massive losses even if the contract is "clean."
Rug Pull Detection Tools Compared
| Tool | What It Checks | Chains | Cost | Best For |
|---|---|---|---|---|
| Token Sniffer | Honeypot, mint, tax modifiers, proxy contracts | ETH, BSC, Polygon, Arbitrum, Base | Free (basic) | Quick automated scan |
| GoPlus Security | Contract risks, permissions, blacklist, mint | 20+ chains | Free API / paid | Multi-chain projects |
| HoneyPot.is | Simulates buy-sell to detect honeypot | ETH, BSC, AVAX, Polygon, Arbitrum, Base | Free | Honeypot-specific check |
| De.Fi Scanner | Full contract audit, owner permissions, risks | Multi-chain | Free (basic) | Comprehensive analysis |
| RugDoc | Community-reviewed due diligence | Multi-chain | Free | Community-driven reviews |
| SnifferBot (Telegram) | Instant contract scan via Telegram bot | ETH, BSC, Base, Solana | Free | On-the-go checking |
| Etherscan Contract Tab | Source code, read/write functions, holders | Ethereum + EVM chains | Free | Manual deep-dive |
What to Do If You've Been Rug Pulled
If you've already been caught in a rug pull, act quickly:
- Revoke token approvals immediately. The malicious contract may still have approval to spend other tokens in your wallet. Use revoke.cash to revoke all approvals for the scam token's contract address.
- Do NOT send more funds. Scammers often follow up with "recovery" schemes — "Send 0.1 ETH to verify your wallet and we'll return your tokens." This is a second scam.
- Report the contract address. Submit the scam contract to Token Sniffer, GoPlus, and blockchain analysis firms. This protects other users.
- Report to law enforcement. In the US, file a report with the FBI's IC3 (ic3.gov) and the FTC. In the UK, report to Action Fraud. While recovery is unlikely, reports help build cases.
- Document everything for taxes. In most jurisdictions, crypto losses from scams are deductible. Save transaction hashes, screenshots, and dates. Consult a crypto-savvy tax professional.
The Anti-Loss Protocol Summary
| Anti-Loss Rule | Action | Time Required |
|---|---|---|
| Verify contract source code | Check green checkmark on block explorer | 30 seconds |
| Run token scanner | Use Token Sniffer or GoPlus | 1 minute |
| Check liquidity lock | Verify lock duration and amount on Unicrypt | 1 minute |
| Analyze holder distribution | Review top 10 wallets on block explorer | 1 minute |
| Read contract for backdoors | Search for mint, blacklist, tax functions | 2-5 minutes |
| Research the team | Check LinkedIn, GitHub, prior projects | 5-10 minutes |
| Verify audit | Read the full audit report, check findings | 5 minutes |
| Test buy-sell | Buy minimum, immediately attempt to sell | 2 minutes |
| Check social sentiment | Search for scam reports, check community comments | 3 minutes |
Total time: under 20 minutes. That's less time than most people spend researching a restaurant for dinner — and the stakes are infinitely higher.
Bottom Line
Rug pulls thrive on FOMO, laziness, and the assumption that "it won't happen to me." The $2.8 billion lost in 2025 proves otherwise. But the vast majority of rug pulls are detectable before you invest — if you take the time to look.
The Anti-Loss Protocol is simple: verify the contract, scan for backdoors, check liquidity locks, analyze distribution, research the team, and always test with a small amount first. No token is so urgent that you can't spend 20 minutes checking it. If a project pressures you to "buy now before it's too late," that pressure itself is the biggest red flag of all.
Before trading any new token, verify the network and contract details at Crypto Network Guide — because the best time to avoid a rug pull is before you buy.