Definition
A rug pull is a malicious exit scam in the cryptocurrency and DeFi space where project developers or insiders abandon a project and abscond with investor funds — “pulling the rug” from beneath investors.
The term encompasses several distinct fraudulent techniques: liquidity removal (developers drain liquidity pool funds they control), hard rug (dumping large developer token allocations), soft rug (gradual abandonment of project after raising funds), and contract-level exploits (admin functions hidden in code to mint unlimited tokens or freeze transfers).
Rug pulls became endemic during the DeFi Summer of 2020 and NFT boom of 2021, with billions of dollars stolen from retail investors who failed to verify code, team identity, or liquidity lock status. By 2025, rug pulls remained the single largest category of crypto fraud by incident count, though average losses per event declined as community awareness and on-chain detection tools improved.
Origin & History
| Date | Event |
| 2020 | DeFi Summer: hundreds of forked Uniswap-style DEX projects launch; rug pulls proliferate |
| 2020 Oct | SushiSwap “Chef Nomi” incident — chef sells $13M SUSHI dev fund, returns all funds after community backlash |
| 2020 Nov | Compounder Finance rug pulls $10.8M in what appeared to be legitimate yield aggregator |
| 2022 | NFT rug pulls multiply: Frosties NFT creators arrested for $1.3M rug pull — first NFT fraud prosecution |
| 2021 Oct | Squid Game token rug pulls $3.38M after 45,000x price pump, becoming worldwide news |
| 2022 | Rug pulls account for ~$2.8B of $3.9B total DeFi losses (Chainalysis data) |
| 2022 | Token Sniffer, RugDoc, and DeFiYield launch automated rug pull detection tools |
| 2021 | Anubis DAO rug: $60M in ETH drained hours after launch — anonymous team risk highlighted |
| 2024 | Rug pull detection AI tools flag 85%+ of rugpulls before they execute |
| 2025 | Most DEX launchpads require liquidity locks and audit badges; rug pulls shift to social engineering |
“The crypto space doesn’t have a scam problem. It has a research problem. Every rug pull was visible on-chain to anyone who looked.” — ZachXBT, on-chain investigator
How It Works
RUG PULL MECHANICS
PHASE 1: Setup
- Deploy token contract (often fork of legitimate project)
- Create social media presence, fake team, roadmap
- Add liquidity to DEX (Uniswap, PancakeSwap)
- Market heavily: influencer payments, Telegram hype
PHASE 2: Pump
- Early investors buy → price rises → FOMO attracts more
- Developer retains 50–90% of token supply (hidden)
- Liquidity lock claimed (often fake or short-term)
PHASE 3: Pull ┌───────────────────────────────────────────────┐ │ HARD RUG: Dev sells entire token holding │ │ instantly → price crashes 99% → liquidity │ │ drains as investors try to sell │ ├───────────────────────────────────────────────┤ │ LIQUIDITY PULL: Dev removes LP tokens they │ │ control → pool drained → token untradeable │ ├───────────────────────────────────────────────┤ │ MINT RUG: Hidden mint() function activated │ │ → billions of tokens minted → dev sells all │ └───────────────────────────────────────────────┘
| Rug Pull Type | Mechanism | Warning Signs | Example |
| Liquidity removal | Devs drain LP pool they control | Unlocked LP tokens, anonymous team | Hundreds of 2020 DeFi projects |
| Hard dump | Dev sells massive token allocation | Dev wallet holds >20% of supply | Squid Game token (2021) |
| Mint exploit | Hidden admin minting function | Unaudited contract, mint permissions | Multiple NFT projects 2021–2022 |
| Soft rug | Gradual abandonment after fundraise | Inactive devs, no deliverables | Many ICO projects 2017–2018 |
| NFT rug | Sell NFTs, never deliver roadmap | Anonymous team, vague roadmap | Frosties NFT (2022) |
Real-World Examples
| Scenario | Implementation | Outcome |
| Squid Game token 2021 | SQUID token launches with fake play-to-earn game premise | 45,000x price rise → devs dump $3.38M → token crashes to $0.0007926 |
| Frosties NFT 2022 | 8,888 ice cream NFTs sold for $1.3M | Devs disappear hours after mint; Discord and social media deleted; two arrested |
| Anubis DAO 2021 | Dog-themed DAO raises 13,556 ETH ($60M) in 20 hours | All funds moved from treasury within 24 hours; anonymous team vanishes |
| Compounder Finance 2020 | Yield aggregator with hidden backdoor in contract | Dev activates emergency withdraw function; $10.8M drained from vaults |
| Legitimate liquidity lock | New DeFi project locks LP tokens for 2 years on Team Finance | Investors verify lock on-chain; confident to invest; dev cannot rug |
Advantages
| Advantage | Detail |
| N/A | There are no advantages to rug pulls — they are purely fraudulent |
| Community awareness | High-profile rugs have educated millions of investors about due diligence |
| On-chain transparency | Unlike traditional fraud, rug pulls leave fully auditable on-chain evidence |
| Legal precedent | NFT rug pull prosecutions (Frosties) established crypto fraud is prosecutable |
Disadvantages & Risks
| Risk | Description |
| Total loss | Investors typically lose 95–100% of invested capital |
| No recourse | Anonymous teams in unregulated jurisdictions make recovery nearly impossible |
| FOMO exploitation | High-pressure tactics and artificial urgency prevent rational evaluation |
| Sophisticated mimicry | Professional-looking websites and fake audits fool experienced investors |
| Recovery scams | After a rug pull, scammers target victims again with fake “recovery services” |
Risk Management Tips
- Always verify LP token lock using tools like Team Finance, Unicrypt, or Mudra Locker — and check the lock duration
- Check developer wallet holdings: if anonymous team holds >20% of supply, treat as high risk
- Require audits from reputable firms (CertiK, Hacken, Peckshield) — not paid “logo” audits
- Use TokenSniffer, RugDoc, or DeFiYield honeypot checkers before buying any new token
- Never invest based on influencer promotions alone — most paid promoters don’t disclose payment
- Anonymous teams aren’t automatically bad, but require stronger code security and community vetting
FAQ
Q: How can I check if a token is a rug pull before it happens?
A: Run the contract through TokenSniffer (tokensniffer.com) or DeFiYield Rug Check — these tools scan for honeypot functions, ownership concentration, unlocked liquidity, and suspicious permissions.
Also check:
(1) Is the LP locked on-chain? For how long?
(2) What percentage of supply does the developer wallet hold?
(3) Has the contract been audited by a reputable firm?
(4) Is the team doxxed or anonymous?
(5) Is there a working product, or just promises?
Q: What’s the difference between a rug pull and an exit scam?
A: Both involve developers stealing investor funds. Exit scam is the broader category — can apply to ICOs, exchange operators (QuadrigaCX), and any fraudulent fundraise. Rug pull is specifically the DeFi/DEX variant where liquidity is drained or a large token dump is executed from a deployed smart contract. All rug pulls are exit scams; not all exit scams are rug pulls.
Q: If I lose money in a rug pull, can I recover funds?
A: Recovery is extremely difficult. On-chain investigators like ZachXBT can identify developer wallets and trace fund flows — and some have cooperated with law enforcement to result in arrests (Frosties). However, funds transferred to centralised exchanges can sometimes be frozen. On-chain funds sent to mixers or wrapped across chains are typically unrecoverable. Prevention is far more effective than recovery.
UPay Tip: Before investing in any new DeFi or NFT project, spend 15 minutes running the contract through TokenSniffer, checking LP lock status on Unicrypt, and verifying the team’s identity. This simple process would have prevented the vast majority of rug pull losses.
Disclaimer: This content is for educational purposes only and does not constitute financial advice. New cryptocurrency projects carry extreme risk of fraud.
UPay — Making Crypto Encyclopedic
