A crypto rug pull is a scam where a project’s creators attract buyers, then drain liquidity, abandon the project, or use malicious contract rules that leave holders with worthless or unsellable tokens. Rug pulls are common in DeFi, new tokens, NFTs, and memecoin launches.
TL;DR
A rug pull usually looks exciting before it looks dangerous.
The main risk is not just losing money after a token crashes. It is trusting a project before you understand who controls the token, liquidity, contract, and selling rules.
Before buying a new token, check the team, liquidity lock, holder distribution, contract behavior, audit status, and approval request.
A safer wallet can help you understand what you are signing, but no wallet can guarantee that a token or team is honest.
What is a rug pull in crypto?
A rug pull is a crypto exit scam. The creators build hype around a token or project, attract buyers, then remove the support that gave the token value. That support can be liquidity, trust, access to sell, or the team’s promise to keep building.
A rug pull is a scam where a development team abandons a project and drains its liquidity, leaving investors unable to sell their tokens. This happens often in DeFi because tokens can be created and listed quickly with limited oversight.
In plain English: people buy in, then the people behind the project pull out. A rug pull can happen through:
Type | What happens | What the user sees |
Liquidity drain | The team removes funds from the trading pool | The token price collapses |
Honeypot | Users can buy, but cannot sell | The chart rises, but exits fail |
Insider dump | Founders or insiders sell large holdings | Retail buyers absorb the crash |
Fake project exit | The team raises money, then disappears | Website, X, Telegram, and support go quiet |
Soft rug | The team slowly abandons the project | Price bleeds while excuses continue |
A rug pull is usually not one red flag. It is a cluster of missing trust signals.
How does a crypto rug pull work?
Most rug pulls follow a simple pattern: create a token, build hype, attract liquidity, bring in buyers, then exit with the valuable assets.
This often happens on a decentralized exchange, or DEX. A DEX lets people trade directly through liquidity pools instead of a centralized order book. A liquidity pool is a smart contract that holds two assets, such as a new token and ETH, SOL, BNB, USDT, or USDC. Here is the usual flow.
A team creates a token. They launch a website, write a roadmap, open social channels, and make the project look active.
Then they create a liquidity pool so the token can be traded. Buyers send valuable assets into the pool and receive the new token.
Then the team pushes hype. X posts, Telegram groups, influencer mentions, “early” language, charts, fake urgency. The usual carnival, now with smart contracts.
Then the exit happens. The team may drain liquidity, dump insider tokens, block selling through contract rules, or simply disappear.
The result is ugly: users may still see tokens in their wallet, but those tokens may be worthless or impossible to sell.
If you want to understand the related trap where buying works but selling fails, read our guide on what a crypto honeypot is. It is one of the most common rug-pull-adjacent risks.
Hard rug vs soft rug: what is the difference?
A hard rug pull is sudden and usually malicious from the start. A soft rug pull happens more slowly through insider selling, broken promises, or quiet abandonment. Rug pulls could be separated into hard and soft types. Hard rugs are sudden. Soft rugs happen over a longer period while the team gives users a false sense of security.
Type | Meaning | Common signs |
Hard rug pull | The project is designed to trap or steal funds quickly | Liquidity drain, blocked selling, malicious code |
Soft rug pull | The team slowly exits while pretending the project is alive | No updates, insider selling, missed roadmap, vague excuses |
Honeypot | Users can buy but cannot sell normally | Buy works, sell fails |
Pump-and-dump | Price is pushed up so insiders can sell | Sudden hype, sudden crash |
A soft rug can be harder to prove, but it can still hurt users badly. Sometimes the team does not vanish in one dramatic moment. They just keep posting less, shipping less, answering less, and selling more.
Very human. Very depressing. Very on-brand for the internet.
What are the warning signs of a rug pull?
The biggest rug pull warning signs are anonymous creators, unlocked liquidity, concentrated token holdings, unaudited contracts, unrealistic returns, fake hype, and confusing approval requests. No single warning sign proves a rug pull. But when several appear together, slow down.
Red flag | What it means | What to check |
Anonymous team | Nobody is clearly accountable | Team history, public profiles, previous projects |
Unlocked liquidity | Developers may be able to remove pool funds | Liquidity lock status and duration |
Concentrated supply | A few wallets can crash the market | Holder distribution on a block explorer |
No credible audit | Contract risks may be hidden | Audit provider, audit date, unresolved issues |
Unrealistic returns | Hype may be replacing real utility | Source of yield, business model, token mechanics |
Aggressive FOMO | Pressure is being used instead of proof | Paid influencers, sudden group activity, “last chance” language |
Confusing approval | The contract may ask for risky permissions | Approval amount, spender address, action being signed |
This is also why a liquidity lock matters, but only as one signal. If you are not sure what that means, start with this guide on how liquidity locks work in crypto.
Does locked liquidity mean a token is safe?
No. Locked liquidity lowers one type of rug-pull risk, but it does not prove a token is safe. A liquidity lock means the project’s liquidity provider tokens are locked for a period of time. That makes it harder for the team to immediately remove liquidity from the pool.
Useful? Yes.
Enough? No.
A token can still have malicious contract rules, concentrated insider holdings, short lock periods, hidden admin controls, fake utility, or a team that slowly abandons the project.
CertiK lists missing liquidity lockups, anonymous creators, suspicious lack of audits, and unrealistic yields among the common signs users should watch for.
So the better question is: What can still go wrong even if liquidity is locked? That question saves more people than hype ever will.
Explore how walllet.com helps make crypto actions easier to understand
Can you recover money after a rug pull?
Recovering money after a rug pull is usually difficult. Blockchain transactions are hard to reverse, scammers move funds quickly, and anonymous wallets can be hard to connect to real people. That does not mean you should do nothing.
If you think you bought into a rug pull, stop interacting with the token or website first. Do not approve more transactions while panicking.
Then check whether you gave the contract permission to spend tokens from your wallet. If you did, review and revoke risky approvals where possible. A guide on how to check token approvals before signing can help users understand this step.
Save evidence too: transaction hashes, contract addresses, screenshots, social links, website URLs, and wallet addresses. And be careful with “recovery” offers. Scammers often target victims again by promising to recover lost funds for an upfront fee. Because apparently one scam was not enough.
How can you avoid rug pulls before buying a token?
You cannot remove all risk, but you can avoid the laziest traps by checking the project before you buy and the approval before you sign.
Start with these checks:
Check who is behind the project. Anonymous teams are not always scams, but anonymity means you need stronger trust signals elsewhere.
Check whether liquidity is locked. Look at the lock duration, lock provider, and whether the lock can be changed.
Check holder concentration. If a few wallets control most of the supply, they may be able to crash the market alone.
Check whether selling works. If the token behaves like a honeypot, normal users may be able to buy but not sell.
Check the audit status. An audit helps, but it is not a magic shield. Read who performed it, when it happened, and whether issues were fixed.
Check the approval request. If a dApp asks for unlimited permission or the wallet prompt is unclear, slow down.
Start small or skip it. If a project needs you to act fast before you understand it, that is already a signal.
Imagine a freelancer who receives USDC for remote work and sees a trending token on X. The danger is not only that the token price could fall. The bigger danger is approving a contract they do not understand, buying something they cannot sell, or exposing funds they actually need.
That is the real decision moment: not “Can this token go up?” but “What am I trusting before I click approve?”
Can a wallet help reduce rug-pull risk?
A wallet cannot guarantee that a token, team, liquidity lock, or market price is safe. But a better wallet experience can help users avoid blind signing.
walllet.com is a seedless self-custodial crypto wallet built to make crypto safer and easier to use. It helps users control their crypto without managing a seed phrase, uses passkeys and biometric access, and makes transaction actions easier to understand before signing.
For rug-pull risk, that matters because many users do not get scammed after carefully reading contract logic. They get exposed because a transaction looks confusing, urgent, or normal enough to approve. A wallet can help with clearer prompts, suspicious contract warnings, and risky approval awareness. It cannot promise that every token is safe. That line matters.
A safer wallet should help you slow down before signing. It should not pretend speculation is suddenly risk-free because the interface looks clean. For more basic safety habits, read our guide on crypto wallet security tips.
What a wallet can and cannot protect you from
A wallet can reduce confusion. It cannot remove market risk, project risk, or human risk.
A wallet can help you understand transactions, reduce seed phrase anxiety, warn around risky approvals, and keep crypto under your own control.
A wallet cannot guarantee that a token will hold value, a team will keep building, a liquidity lock is enough, an audit found every issue, or lost funds can always be recovered.
That is the honest version.
Crypto safety is not about pretending every danger can be removed. It is about making fewer blind decisions.
Try walllet.com for a simpler self-custody experience with clearer prompts and fewer blind approvals
