Crypto can be exciting—and unforgiving. Rug pulls remain one of the most damaging scams in decentralized finance: a project gains traction, money pours in, and then the team drains liquidity or blocks selling, leaving investors with worthless tokens. The good news? Most rug pulls telegraph their intentions if you know what to look for. This guide breaks down seven practical red flags, how to check for them in minutes, and what to do if something feels off.

Recent research and industry reporting show scams continue to evolve, blending slick marketing with tricky code and wallet behaviors. While overall crypto-related illicit flows fluctuated in 2024, rug pulls remain a persistent threat, especially on DEX-driven ecosystems where anyone can launch a token. Let’s help you stay a step ahead.

Summary: Key Takeaways

A rug pull usually relies on two things: code that allows abuse and wallet activity that gives too much control to a few or blocks sellers from leaving.

Big promises, anonymous teams, and opaque tokenomics aren’t just “bad vibes”—they’re measurable risks you can check with explorers and basic due diligence.

The safest “quick test” before buying is a tiny trade to confirm you can sell and that taxes aren’t punitive or dynamic.

Verify liquidity is locked, ownership is controlled via multisig, and audits are real (not screenshots or unverifiable PDFs).

If several red flags cluster together, walk away—no upside compensates for asymmetric scam risk.

Why this matters now

Chainalysis estimates that 2024 saw at least $40.9 billion in value received by illicit addresses (a lower-bound estimate likely to be revised upward), underscoring the scale and adaptability of crypto crime broadly.

Academic research cataloging real-world rug pulls highlights a familiar pattern: malicious contract powers (e.g., mint, blacklist), sell restrictions, and coordinated wallet behaviors—often culminating in trapped investors and drained pools.

The 7 Red Flags (and how to check them fast)

1) Anonymous or unverifiable team and “too-good-to-be-true” partnerships

Why it’s risky: Anonymous teams aren’t always malicious, but anonymity combined with big promises removes accountability. Fake or exaggerated partnerships are a classic credibility ploy.

Quick checks:

  • Search for founders on LinkedIn, GitHub, and prior project history. Do they exist, and do claims match reality?
  • Validate partnership claims on the alleged partner’s official channels (blog, press page, or verified X/LinkedIn).
  • Look for reputable backers or advisors with a visible, verifiable track record.

2) No reputable audit—or a superficial/fake one

Why it’s risky: Audits aren’t a silver bullet, but absence of credible review leaves abusive functions unchecked (e.g., unlimited mint, blacklist/whitelist sell locks, fee manipulation).

Quick checks:

  • Confirm the audit on the auditor’s official website (not a screenshot). Reputable firms list completed audits publicly.
  • Read the summary: Were critical issues resolved? Are high/medium-severity items still open?
  • Verify the exact contract address audited matches the live token.

Research note: Recent analysis shows rug pulls frequently rely on malicious code patterns that audits are designed to flag (e.g., sell restrictions, mint authority, ownership tricks) arXiv 2025.

3) Liquidity not locked—or controlled by a single wallet

Why it’s risky: If liquidity is unlocked or held by insiders, they can yank the pool, making it impossible to sell at fair prices.

Quick checks:

  • On Etherscan/BscScan, check the token’s liquidity pool (LP) token holders. Is the LP locked with a recognized locker (e.g., vesting/locking service) and for how long?
  • Confirm who controls the LP: a multisig with known signers is safer than a single EOAs address.
  • Watch for sudden LP removals or “migrations” with no community vote.

4) Opaque or skewed tokenomics (whales, taxes, and minting)

Why it’s risky: Extreme buy/sell taxes, large insider allocations, or an active mint function can crush buyers or dilute them later.

Quick checks:

  • Holders tab: Are top wallets (excluding exchange and dead wallets) controlling an outsized share?
  • Read Contract: Can the owner mint? Change fees? Blacklist addresses? Disable trading?
  • Test a micro-trade: Do fees match the advertised rate, and can you sell without error?

5) Honeypot traits and sell restrictions

Why it’s risky: Some tokens let you buy but prevent selling or impose dynamic fees that spike on sell attempts.

Quick checks:

  • Tiny buy/sell test: Attempt to sell a nominal amount immediately. If it fails or fees are extreme, it’s a red alert.
  • Explore function names like “setBlacklist,” “setMaxTx,” “enableTrading,” or “setTax.” If owner can toggle these without timelocks or multisig, proceed with caution.
  • Observe mempool/DEX aggregator behavior; if only certain addresses can sell, you may be facing a whitelist or allowlist trap.

Evidence base: Real-world rug pulls frequently combine malicious code powers (e.g., sell blocking) with on-chain behaviors like wallet clustering to execute exits.

6) Hyper-aggressive marketing, unrealistic yields, and pressure tactics

Why it’s risky: Scammers frontload attention—celebrity shoutouts, airdrop farms, trading contests—while avoiding substantive disclosures.

Quick checks:

  • “Guaranteed APY,” “risk-free,” or “next 100x” are classic lures. Legit teams discuss risk, roadmap limits, and timelines.
  • Bot-heavy followers and engagement spikes on social channels (sudden 100k followers, repetitive comments).
  • Countdown launches with no audit, no token distribution details, and no functioning product repos.

7) Plagiarized or low-effort documentation and no real development trail

Why it’s risky: Copy-paste whitepapers and non-existent code suggest there’s no product—just a token sale.

Quick checks:

  • Run a phrase search from the whitepaper/website to see if it’s copied from another project.
  • Check the GitHub: Are there active commits from known contributors? Do repos correspond to claimed features?
  • Roadmap vs. reality: Are milestones achieved, demonstrated, and verifiable on-chain or in a testnet/app demo?

A quick due-diligence workflow (10 minutes or less)

1 - Identity and claims

Verify team identities and any announced partnerships via official channels.

Check domain age and prior projects tied to the team.

2 - Contract and audit sanity check

Confirm contract verification on a block explorer.

Scan owner powers: mint, blacklist, fee changes, trading toggles.

Verify a real audit exists on the auditor’s site, and it matches the live contract.

3 - Liquidity and holder distribution

Ensure LP is locked with a credible locker and not controlled by a single wallet.

Check whales: If top non-exchange wallets control a large percentage, know you’re trusting them.

4 - Live market test

Execute a tiny buy and sell to confirm you can exit and to gauge taxes/slippage in practice.

5 - Community signals

Scan Discord/Telegram for deleted questions, heavy moderation, or scripted replies.

Look for open governance, multisig signers, and public treasury disclosures.

What to do if you spot multiple red flags

Walk away: As risk compounds, your downside overwhelms any potential upside.

Report suspicious projects: Share findings on reputable forums or report to platform security teams.

Protect peers: Educate friends and communities; scammers rely on momentum and herd behavior.

Conclusion: Trust, then verify (with receipts)

Rug pulls aren’t inevitable. They thrive when investors buy first and verify later. A few checks—validating team claims, confirming audits and contract powers, verifying liquidity locks, and running a tiny sell test—can filter out most traps. Remember: strong projects welcome scrutiny. If your reasonable questions get stonewalled or mocked, that’s a signal in itself.

Stay curious, keep receipts (links and TX hashes), and never risk funds you can’t afford to lock up or lose. In crypto, prudence is a superpower.