What Is Rug Pull in Crypto?

A rug pull is a crypto scam where the token's deployer drains the liquidity pool and disappears, leaving holders with a worthless token. The name comes from "pulling the rug out" — buyers lose access to the exit the moment the scammer withdraws. Rug pulls dominate low-cap memecoin scams; estimated 70-80% of new Solana memecoin launches end this way within days.

Also known as: rugpull, crypto rug, exit scam

Ask Stingray anything about Rug Pull

How a rug pull typically executes

Common pattern:

  1. Deployer creates a token contract and a liquidity pool (Uniswap, Raydium, Pancake).
  2. They seed initial liquidity — often small amounts of ETH/SOL paired with the new token.
  3. Marketing begins — Twitter/X, Telegram, Discord, paid shillers.
  4. Buyers pile in, pushing price up. The pool now holds meaningful ETH/SOL from their buy-side flow.
  5. Deployer removes the liquidity — withdraws the ETH/SOL side of the pool, keeping the tokens worthless.
  6. Token price collapses to zero; holders can’t sell because there’s no counterparty.

Total time: hours to days for typical memecoin rugs; weeks to months for longer-running scams.

Rug pull variants

  • Hard rug — classic liquidity drain. Often a single transaction that ends the project.
  • Soft rug / slow rug — team drains treasury funds, stops communication, lets the project wither. Slower but same end.
  • Honeypot — contract logic lets users buy but not sell. You’re stuck holding. Often paired with a pump-and-dump on closely-held supply.
  • Backdoor mint — contract includes a hidden function that lets the deployer mint unlimited new tokens, flooding supply and crashing price.
  • Governance rug — project with governance controls uses those controls maliciously. The Beanstalk attack (2022) was a flash-loan-enabled governance rug that drained $180M.

Red flags that predict rugs

  • Unlocked LP tokens. If the deployer can remove liquidity at any time, they probably will. Liquidity locks (Unicrypt, Pinksale) lock LP tokens for months to years.
  • Anonymous team with no track record. Doesn’t guarantee a rug, but raises probability substantially.
  • Centralized contract control. onlyOwner functions that can change fees, pause trading, or mint new tokens.
  • No audit, or audit by a disreputable firm. Top firms (Trail of Bits, OpenZeppelin, Certik for basic checks, Spearbit, Code4rena) are the meaningful ones.
  • Short vesting or no vesting for team supply. Deployer can dump immediately.
  • Concentration in few holders. Top 10 addresses holding 80%+ is usually the team + early shills.
  • Front-run-and-dump from the deployer’s own address. Check if the deployer is quietly selling into every price pump.

Tools for rug detection

  • TokenSniffer — basic contract-bytecode analysis.
  • HoneyPot.is — specific honeypot detection.
  • DEXscreener — trader community flags suspicious tokens.
  • Etherscan / Solscan — holder distribution, contract verification, LP token ownership.
  • Token.unlocks.app — vesting schedules.

No tool guarantees safety. Every check adds confidence but a motivated scammer can defeat each heuristic individually.

Risks and considerations

Rugs scale with narrative hype. Every memecoin boom brings a wave of rugs riding that narrative — 2021 AnubisDAO, 2023 BALD (Base), 2024 endless Pump.fun launches. The pattern repeats because the retail demand for 100-1000x moonshot bets is persistent, and scams offer that shape (pump, rug, zero) without the project needing to actually succeed.

Practical defense:

  • Size positions so a total loss is acceptable. Never put more in a new memecoin than you’d lose to a random coin flip.
  • Skip tokens without LP locks and verified contracts. These are the easiest filter.
  • Exit early. Most rugs happen after initial pump; take profits on the way up so even a rug leaves you with gains.
  • Never re-enter a project that’s “almost rugged and recovered.” Projects that drain and return partial funds usually rug again.
  • Don’t chase pumps on new launches. The trade that feels urgent is often the one you’re supposed to skip.

See also on Stingray

Related terms

Phishing Phishing in crypto is an attack where someone tricks you into revealing your seed phrase or signing a malicious transaction. Memecoin A memecoin is a cryptocurrency whose value derives almost entirely from community attention, cultural resonance, and speculative coordination — not from unde… Tokenomics Tokenomics is the study of a crypto token's economic design — supply schedule, distribution, utility, value accrual mechanisms.