--- title: "What Is a Crypto Rug Pull and How to Spot One" date: 2026-05-03 author: "Barry Elad" featured_image: "https://coinlaw.io/wp-content/uploads/2026/04/what-is-a-crypto-rug-pull-and-how-to-spot-one.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "Insights" url: "/tag/insights.md" --- # What Is a Crypto Rug Pull and How to Spot One The FBI recorded nearly **$9.3 billion** in [cryptocurrency fraud losses](https://coinlaw.io/cryptocurrency-security-fraud-statistics/) in 2024, a **66%** increase from the prior year. Rug pulls, where project creators drain investor funds and vanish, sit at the center of this damage. Solidus Labs found that **98.6%** of tokens launched on Solana’s Pump.fun platform between January 2024 and March 2025 were classified as rug pulls or [pump-and-dump schemes](https://coinlaw.io/rug-pulls-amp-ponzi-schemes-in-crypto-statistics/). The data below covers how these scams work mechanically, the three distinct types, smart-contract red flags that signal danger, notable cases with court outcomes, and the evolving legal enforcement framework. ## Key Takeaways - The FBI’s IC3 received nearly **150,000** cryptocurrency fraud complaints in 2024, totaling **$9.3 billion** in losses. - Three types of rug pulls exist: hard pulls (smart contract exploits), soft pulls (gradual token dumping), and liquidity pulls (DEX pool drainage). - The Squid Game token collapsed from over **$2,861** to zero on November 1, 2021, after developers drained approximately **$3.38 million** and disappeared. - Over **7 million** tokens were deployed on Pump.fun with at least five trades between January 2024 and March 2025, but only **97,000** maintained liquidity above **$1,000**. - The DOJ’s April 2025 memo names “fake digital asset development projects such as rug pulls” as a prosecution priority. - Red flags include unlocked liquidity, anonymous teams, unaudited smart contracts, hidden mint functions, and unrealistic return promises. - Rug pull losses peaked at approximately **$5.06 billion** in 2021 before dropping sharply, then resurged to **$94.8 million** in 2024, per Chainalysis. ## What Is a Crypto Rug Pull Chainalysis data shows rug pull losses peaked at approximately **$5.06 billion** in 2021, over 200 times higher than the year before, making these scams one of the costliest fraud categories in crypto history. A [crypto rug pull](https://coinlaw.io/rug-pull-statistics/) is a scam where developers create a cryptocurrency project, attract investor funds, and then abandon the project after draining its value. The attacker in a rug pull is an insider, not an outsider. Hacks exploit code vulnerabilities from outside a project; rug pulls exploit trust from inside. CertiK’s 2024 security report identified centralized privileges, where contract owners retain the ability to mint tokens, pause transfers, blacklist wallets, or modify fees, as a common vulnerability category enabling rug pull exits. These privileges are often embedded at launch and hidden from investors who lack the technical expertise to audit [smart contract code](https://coinlaw.io/smart-contract-security-risks-and-audits-statistics/). ## Types of Crypto Rug Pulls Rug pulls fall into three distinct categories, each with different mechanics, speed, and detection difficulty. Recognizing the type helps investors understand what to look for in a project’s smart contract and team behavior. **Hard pulls** involve direct exploitation of a smart contract. Hard pulls typically use hidden functions such as mint capabilities that allow the owner to create unlimited new tokens, crashing the price to near zero when executed. Hard pulls happen within minutes and leave investors with worthless tokens. **Soft pulls** unfold over days or weeks. The development team gradually sells its token allocation while maintaining the appearance of active development. Project updates slow, team members become less responsive, and by the time investors recognize the pattern, insiders have already exited their positions. **Liquidity pulls** target decentralized exchange (DEX) pools specifically. A developer provides initial liquidity to a trading pair, waits for outside investors to add value through purchases, then withdraws all liquidity from the pool. This leaves token holders unable to sell because the trading pair no longer has the paired asset (typically ETH or a stablecoin). **Type****Mechanism****Speed****Example****Detection Difficulty**Hard PullSmart contract exploit (mint, blacklist, hidden drain)MinutesSquid Game TokenHigh (requires code audit)Soft PullGradual insider token dumpingDays to weeksAbandoned DeFi forksMedium (on-chain analysis)Liquidity PullDEX liquidity pool removalMinutes to hoursSmall-cap DEX tokensLow (check lock status)Source: CertiK, Chainalysis## How Rug Pulls Work Step by Step The Squid Game token developers implemented hidden smart contract code that blocked sell transactions while allowing purchases freely, creating artificial scarcity that drove the price from pennies to over **$2,861**. That case illustrates the typical sequence that plays out across thousands of token fraud projects. The process follows four stages. First, a developer deploys a token on a blockchain (typically Ethereum or Solana) with hidden privileges embedded in the contract. Second, hype builds through social media campaigns, paid influencer promotions, and fabricated partnerships. Third, the token’s price rises as new buyers enter, often inflated by [wash trading](https://coinlaw.io/wash-trading-statistics/) from the developer’s own wallets. Fourth, the exit happens: the developer drains liquidity, mints and dumps tokens, or activates a hidden sell-blocking function. Consider a scenario: Alice buys a new token after seeing social media hype, connecting her [MetaMask wallet](https://coinlaw.io/metamask-wallet-statistics/) to swap ETH. When she tries to sell days later, every transaction fails. A blacklist function blocked her address while the developer removed all liquidity. ## Smart Contract Red Flags CertiK identified **403** security incidents on Ethereum alone in 2024, with centralized privilege exploits among the most common vulnerability categories, enabling token fraud. Several specific smart contract features signal potential fraud risk. An **unverified or unaudited contract** is the first red flag. Legitimate projects publish source code on block explorers and commission third-party audits. Unverified contracts hide their logic from review. A **mint function** allowing the owner to create unlimited new tokens is among the most dangerous smart contract features, as executing it crashes the token price to near zero. A **blacklist or whitelist function** silently adds every buyer’s address to a blocked list while keeping the deployer’s wallet whitelisted, per CertiK’s honeypot analysis. Investors can buy freely but cannot sell. **No liquidity lock or a short lock period** means the developer can pull all funds from the DEX pool at any time. Reputable projects lock liquidity for 6 to 12 months minimum. **Proxy contracts** let developers change contract code post-deployment, enabling drain functions to be added after attracting investment. CertiK documents that **transfer tax manipulation**, where the sell tax is set to 99-100% for everyone except the owner, is another common honeypot technique that traps investors in a position they cannot exit. > **By the numbers:** According to CertiK, honeypot scams use hidden smart contract functions, including blacklist systems and 99-100% sell taxes, to trap buyers while allowing only the deployer to sell. Detection tools like Honeypot.is and the GoPlus API simulate sell transactions without risking real funds. ## Notable Crypto Rug Pull Cases Thodex, a Turkish cryptocurrency exchange, abruptly halted trading on April 20, 2021, locking **391,000** traders out of their accounts, with Chainalysis estimating losses at **$2.52 billion**. That single case accounted for approximately 90% of all rug pull losses globally in 2021, according to Chainalysis. Founder Faruk Fatih Ozer fled Turkey after the shutdown, triggering an Interpol Red Notice. After a 16-month manhunt, Albanian authorities arrested Ozer in Vlora in August 2022. A Turkish court sentenced him to **11,196** years in prison for aggravated fraud, leading a criminal organization, and money laundering. AnubisDAO launched on October 28, 2021, as a dog-themed DeFi project modeled on OlympusDAO. The project raised approximately 13,597 ETH (roughly $60 million at the time) through its ANKH token sale. Twenty hours into the sale, an unknown entity drained 13,556 ETH from the liquidity pool. The stolen funds were later laundered through Tornado Cash. The Squid Game token reached over **$2,861** per coin before collapsing to zero on November 1, 2021. Developers drained approximately **$3.38 million** from the liquidity pool, deleted all social media accounts, and shut down the website within minutes. The project’s smart contract had included hidden code that blocked sell transactions, a classic honeypot mechanism. **Case****Date****Estimated Losses****Mechanism****Outcome**ThodexApril 2021$2.52 billionExchange shutdown, founder fled11,196-year prison sentenceAnubisDAOOctober 2021$60 millionLiquidity pool drainedFunds laundered via Tornado CashSquid Game TokenNovember 2021$3.38 millionAnti-sell contract, liquidity drainDevelopers unidentifiedSource: Chainalysis, court recordsThe pattern we’ve documented across 18 regulatory events at CoinLaw holds here too: enforcement follows collapse, typically within 12 months. Thodex’s April 2021 implosion preceded Turkey’s first comprehensive crypto regulation in 2022. ## The Scale of Rug Pull Fraud Chainalysis tracked rug pull losses from a 2021 peak of approximately **$5.06 billion** to a sharp decline in 2022 (**$1.3 million**), followed by a resurgence to **$94.8 million** in 2024. The 2021 peak was overwhelmingly driven by the Thodex collapse. Solidus Labs reported that between January 2024 and March 2025, over **7 million** tokens were deployed on Pump.fun with at least five trades. Only **97,000** maintained liquidity above **$1,000**, meaning **98.6%** collapsed into worthless pump-and-dump schemes. On Raydium, a Solana-based DEX, **93%** of liquidity pools showed signs of rug pulls and pump-and-dumps, with a median rug pull value of **$2,832**, according to Solidus Labs. These figures point to a shift from high-value, one-off scams toward industrialized, low-value token fraud. The FBI’s IC3 report documented **$5.8 billion** stolen through [cryptocurrency investment scams](https://coinlaw.io/most-expensive-crypto-scams/) alone in 2024 across **41,557** incidents, a **47%** increase in monetary losses from 2023. While the FBI does not break out rug pulls as a separate category, investment scams encompass the most common rug pull delivery mechanisms. > **Key finding:** According to the FBI’s IC3 2024 report, individuals over the age of 60 were the most affected by crypto fraud, filing roughly 33,000 complaints totaling $2.8 billion in losses. The Recovery Asset Team froze $561 million in fraudulently obtained funds. Stablecoins now account for **63%** of all [illicit crypto transactions](https://coinlaw.io/blockchain-forensics-and-illicit-transactions-statistics/), per Chainalysis, shifting the composition of funds used in scam operations. ## How to Spot a Crypto Rug Pull Before It Happens Honeypot.is and GoPlus both offer tools that simulate sell transactions without risking real funds, providing a first line of defense against honeypot contracts. A systematic approach to due diligence can catch most fraud signals before investment. **1. Check if liquidity is locked.** Use services like Unicrypt, Team Finance, or DexScreener to verify whether the project’s liquidity pool tokens are locked. A lock period under 6 months is a warning sign. No lock at all is a red flag. **2. Verify smart contract audit status.** Audited projects publish reports from firms such as CertiK, Hacken, or OpenZeppelin. An audit does not guarantee safety, but the absence of one eliminates a critical layer of review. **3. Research team identity and track record.** Anonymous teams are not inherently malicious (Bitcoin’s creator is pseudonymous), but anonymity combined with other red flags raises the risk profile significantly. Check whether team members have verifiable histories in crypto or software development. **4. Analyze [token distribution](https://coinlaw.io/token-airdrop-statistics/)**: If a small number of wallets hold a disproportionate share of the token supply, insiders can crash the price by selling. Block explorers and tools like Bubblemaps visualize wallet concentration. Moving tokens to a [self-custody wallet](https://coinlaw.io/self-custody-wallet-statistics/) after purchase adds a layer of control, but it does not protect against an underlying token scam. **5. Use detection tools**: Token Sniffer, Honeypot.is, GoPlus API, and RugDoc analyzes contracts for dangerous functions, including unrestricted minting, concentrated ownership, trading restrictions, and missing liquidity locks. **6. Watch for unrealistic promises and fake engagement**: Guaranteed returns above market norms signal unsustainable tokenomics. Bot-driven follower counts, identical comment patterns, and sudden spikes suggest manufactured legitimacy. Investors active in [DeFi markets](https://coinlaw.io/decentralized-finance-market-statistics/) face the highest exposure because decentralized platforms lack the gatekeeping mechanisms of regulated crypto exchanges. ## Legal and Regulatory Response to Rug Pulls The DOJ’s April 2025 memo, issued by Deputy Attorney General Todd Blanche, explicitly named “fake digital asset development projects such as rug pulls” as a prosecution priority alongside exchange fund misappropriation and smart contract exploits. That language marks the first time the Department of Justice formally categorized these scams as a named enforcement target. The same memo disbanded the National Cryptocurrency Enforcement Team (NCET), a DOJ unit formed in 2022 to prosecute crypto-related conduct. The DOJ’s new approach narrows the scope of digital asset prosecutions while focusing resources on fraud that directly victimizes investors. The SEC charged three purported crypto trading platforms (Morocoin Tech Corp., Berge Blockchain Technology Co., Ltd., and Cirkor Inc.) and four investment clubs with defrauding retail investors out of more than **$14 million** through fake platforms where no actual trading took place. The FBI’s Recovery Asset Team froze **$561 million** in fraudulently obtained funds in 2024. The Thodex case produced a sentence of **11,196** years in prison for founder Faruk Fatih Ozer, handed down by a Turkish court in September 2023. Global [crypto adoption](https://coinlaw.io/cryptocurrency-adoption-by-country-statistics/) continues to expand, which means the pool of potential victims grows alongside it. Across crypto user demographics, newer investors with less experience evaluating smart contracts face the highest risk. ## Frequently Asked Questions (FAQs) **Is a crypto rug pull illegal?**Yes. Rug pulls constitute fraud under securities and wire fraud statutes in most jurisdictions. The DOJ’s April 2025 memo explicitly names rug pulls as a prosecution priority. Penalties range from multi-year prison sentences to the 11,196-year term imposed on Thodex founder Faruk Fatih Ozer by a Turkish court in 2023. **Can you recover money from a rug pull?**Recovery is difficult but not impossible. The FBI’s Recovery Asset Team froze $561 million in fraudulently obtained crypto funds in 2024 with a 66% success rate. Victims should file reports with IC3 (ic3.gov), local law enforcement, and the relevant blockchain community channels. On-chain forensics firms like Chainalysis assist law enforcement in tracing stolen funds. **What is the difference between a rug pull and a pump and dump?**A rug pull involves the project’s own developers draining funds or abandoning the project entirely. A pump and dump involves external actors inflating a token’s price through coordinated buying and misleading promotion, then selling at the peak. Both cause investor losses, but rug pulls involve insider betrayal while pump and dumps can be executed by outsiders. **How common are rug pulls?**Extremely common at the token level. Solidus Labs found that 98.6% of tokens launched on Pump.fun between January 2024 and March 2025 were classified as rug pulls or pump-and-dumps. Over 7 million tokens were deployed in that period, but only 97,000 maintained any meaningful liquidity. Most rug pulls are small-scale, with a median value of $2,832 on Raydium. **What blockchain has the most rug pulls?**Solana currently leads in rug pull volume by token count due to the Pump.fun token launcher, which deployed over 7 million tokens between January 2024 and March 2025. Ethereum historically hosted the largest rug pulls by dollar value, including AnubisDAO ($60 million) and numerous DeFi exit scams. BNB Chain also sees significant rug pull activity due to low deployment costs. ## Conclusion Crypto fraud losses reached **$9.3 billion** in 2024, per the FBI, and rug pulls remain one of the most accessible attack vectors for scammers. Three distinct types exist (hard pulls, soft pulls, and liquidity pulls), each exploiting different smart contract mechanisms and investor trust patterns. The industrialization of rug pulls through platforms like Pump.fun, where **98.6%** of over 7 million tokens were classified as scams, shows the scale has shifted from high-profile collapses to automated, low-value token fraud. Detection tools and enforcement have matured alongside the threat. Investors who check liquidity locks, verify audits, and run contracts through honeypot detectors before investing eliminate the majority of risk. Smart contract literacy and systematic due diligence are no longer optional for crypto participants. Definition of Blockchain. Link to full glossary entry follows the description.**Blockchain**A distributed digital ledger that records transactions across a network, with each block cryptographically linked to the previous one for security. [Read more](https://coinlaw.io/glossary/blockchain/) Definition of Smart Contract. Link to full glossary entry follows the description.**Smart Contract**A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries. [Read more](https://coinlaw.io/glossary/smart-contract/) Definition of DeFi. Link to full glossary entry follows the description.**DeFi**Decentralized finance leverages blockchain protocols and [smart contracts](https://coinlaw.io/glossary/smart-contract/) to enable lending, trading, and borrowing without banks or traditional intermediaries. [Read more](https://coinlaw.io/glossary/defi/)