The FBI recorded nearly $9.3 billion in cryptocurrency fraud losses in 2024, a 66% increase from the prior year. Rug pulls, where project creators drain investor funds and vanish, sit at the center of this damage. Solidus Labs found that 98.6% of tokens launched on Solana’s Pump.fun platform between January 2024 and March 2025 were classified as rug pulls or pump-and-dump schemes.
The data below covers how these scams work mechanically, the three distinct types, smart-contract red flags that signal danger, notable cases with court outcomes, and the evolving legal enforcement framework.
Key Takeaways
- The FBI’s IC3 received nearly 150,000 cryptocurrency fraud complaints in 2024, totaling $9.3 billion in losses.
- Three types of rug pulls exist: hard pulls (smart contract exploits), soft pulls (gradual token dumping), and liquidity pulls (DEX pool drainage).
- The Squid Game token collapsed from over $2,861 to zero on November 1, 2021, after developers drained approximately $3.38 million and disappeared.
- Over 7 million tokens were deployed on Pump.fun with at least five trades between January 2024 and March 2025, but only 97,000 maintained liquidity above $1,000.
- The DOJ’s April 2025 memo names “fake digital asset development projects such as rug pulls” as a prosecution priority.
- Red flags include unlocked liquidity, anonymous teams, unaudited smart contracts, hidden mint functions, and unrealistic return promises.
- Rug pull losses peaked at approximately $5.06 billion in 2021 before dropping sharply, then resurged to $94.8 million in 2024, per Chainalysis.
What Is a Crypto Rug Pull
Chainalysis data shows rug pull losses peaked at approximately $5.06 billion in 2021, over 200 times higher than the year before, making these scams one of the costliest fraud categories in crypto history. A crypto rug pull is a scam where developers create a cryptocurrency project, attract investor funds, and then abandon the project after draining its value.
The attacker in a rug pull is an insider, not an outsider. Hacks exploit code vulnerabilities from outside a project; rug pulls exploit trust from inside.
CertiK’s 2024 security report identified centralized privileges, where contract owners retain the ability to mint tokens, pause transfers, blacklist wallets, or modify fees, as a common vulnerability category enabling rug pull exits. These privileges are often embedded at launch and hidden from investors who lack the technical expertise to audit smart contract code.
Types of Crypto Rug Pulls
Rug pulls fall into three distinct categories, each with different mechanics, speed, and detection difficulty. Recognizing the type helps investors understand what to look for in a project’s smart contract and team behavior.
Hard pulls involve direct exploitation of a smart contract. Hard pulls typically use hidden functions such as mint capabilities that allow the owner to create unlimited new tokens, crashing the price to near zero when executed. Hard pulls happen within minutes and leave investors with worthless tokens.
Soft pulls unfold over days or weeks. The development team gradually sells its token allocation while maintaining the appearance of active development. Project updates slow, team members become less responsive, and by the time investors recognize the pattern, insiders have already exited their positions.
Liquidity pulls target decentralized exchange (DEX) pools specifically. A developer provides initial liquidity to a trading pair, waits for outside investors to add value through purchases, then withdraws all liquidity from the pool. This leaves token holders unable to sell because the trading pair no longer has the paired asset (typically ETH or a stablecoin).
| Type | Mechanism | Speed | Example | Detection Difficulty |
| Hard Pull | Smart contract exploit (mint, blacklist, hidden drain) | Minutes | Squid Game Token | High (requires code audit) |
| Soft Pull | Gradual insider token dumping | Days to weeks | Abandoned DeFi forks | Medium (on-chain analysis) |
| Liquidity Pull | DEX liquidity pool removal | Minutes to hours | Small-cap DEX tokens | Low (check lock status) |
How Rug Pulls Work Step by Step
The Squid Game token developers implemented hidden smart contract code that blocked sell transactions while allowing purchases freely, creating artificial scarcity that drove the price from pennies to over $2,861. That case illustrates the typical sequence that plays out across thousands of token fraud projects.
The process follows four stages. First, a developer deploys a token on a blockchain (typically Ethereum or Solana) with hidden privileges embedded in the contract. Second, hype builds through social media campaigns, paid influencer promotions, and fabricated partnerships.
Third, the token’s price rises as new buyers enter, often inflated by wash trading from the developer’s own wallets. Fourth, the exit happens: the developer drains liquidity, mints and dumps tokens, or activates a hidden sell-blocking function.
Consider a scenario: Alice buys a new token after seeing social media hype, connecting her MetaMask wallet to swap ETH. When she tries to sell days later, every transaction fails. A blacklist function blocked her address while the developer removed all liquidity.
Smart Contract Red Flags
CertiK identified 403 security incidents on Ethereum alone in 2024, with centralized privilege exploits among the most common vulnerability categories, enabling token fraud. Several specific smart contract features signal potential fraud risk.
An unverified or unaudited contract is the first red flag. Legitimate projects publish source code on block explorers and commission third-party audits. Unverified contracts hide their logic from review.
A mint function allowing the owner to create unlimited new tokens is among the most dangerous smart contract features, as executing it crashes the token price to near zero.
A blacklist or whitelist function silently adds every buyer’s address to a blocked list while keeping the deployer’s wallet whitelisted, per CertiK’s honeypot analysis. Investors can buy freely but cannot sell.
No liquidity lock or a short lock period means the developer can pull all funds from the DEX pool at any time. Reputable projects lock liquidity for 6 to 12 months minimum. Proxy contracts let developers change contract code post-deployment, enabling drain functions to be added after attracting investment.
CertiK documents that transfer tax manipulation, where the sell tax is set to 99-100% for everyone except the owner, is another common honeypot technique that traps investors in a position they cannot exit.
By the numbers: According to CertiK, honeypot scams use hidden smart contract functions, including blacklist systems and 99-100% sell taxes, to trap buyers while allowing only the deployer to sell. Detection tools like Honeypot.is and the GoPlus API simulate sell transactions without risking real funds.
Notable Crypto Rug Pull Cases
Thodex, a Turkish cryptocurrency exchange, abruptly halted trading on April 20, 2021, locking 391,000 traders out of their accounts, with Chainalysis estimating losses at $2.52 billion. That single case accounted for approximately 90% of all rug pull losses globally in 2021, according to Chainalysis.
Founder Faruk Fatih Ozer fled Turkey after the shutdown, triggering an Interpol Red Notice. After a 16-month manhunt, Albanian authorities arrested Ozer in Vlora in August 2022. A Turkish court sentenced him to 11,196 years in prison for aggravated fraud, leading a criminal organization, and money laundering.
AnubisDAO launched on October 28, 2021, as a dog-themed DeFi project modeled on OlympusDAO. The project raised approximately 13,597 ETH (roughly $60 million at the time) through its ANKH token sale. Twenty hours into the sale, an unknown entity drained 13,556 ETH from the liquidity pool. The stolen funds were later laundered through Tornado Cash.
The Squid Game token reached over $2,861 per coin before collapsing to zero on November 1, 2021. Developers drained approximately $3.38 million from the liquidity pool, deleted all social media accounts, and shut down the website within minutes. The project’s smart contract had included hidden code that blocked sell transactions, a classic honeypot mechanism.
| Case | Date | Estimated Losses | Mechanism | Outcome |
| Thodex | April 2021 | $2.52 billion | Exchange shutdown, founder fled | 11,196-year prison sentence |
| AnubisDAO | October 2021 | $60 million | Liquidity pool drained | Funds laundered via Tornado Cash |
| Squid Game Token | November 2021 | $3.38 million | Anti-sell contract, liquidity drain | Developers unidentified |
The pattern we’ve documented across 18 regulatory events at CoinLaw holds here too: enforcement follows collapse, typically within 12 months. Thodex’s April 2021 implosion preceded Turkey’s first comprehensive crypto regulation in 2022.
The Scale of Rug Pull Fraud
Chainalysis tracked rug pull losses from a 2021 peak of approximately $5.06 billion to a sharp decline in 2022 ($1.3 million), followed by a resurgence to $94.8 million in 2024. The 2021 peak was overwhelmingly driven by the Thodex collapse.
Solidus Labs reported that between January 2024 and March 2025, over 7 million tokens were deployed on Pump.fun with at least five trades. Only 97,000 maintained liquidity above $1,000, meaning 98.6% collapsed into worthless pump-and-dump schemes.
On Raydium, a Solana-based DEX, 93% of liquidity pools showed signs of rug pulls and pump-and-dumps, with a median rug pull value of $2,832, according to Solidus Labs. These figures point to a shift from high-value, one-off scams toward industrialized, low-value token fraud.
The FBI’s IC3 report documented $5.8 billion stolen through cryptocurrency investment scams alone in 2024 across 41,557 incidents, a 47% increase in monetary losses from 2023. While the FBI does not break out rug pulls as a separate category, investment scams encompass the most common rug pull delivery mechanisms.
Key finding: According to the FBI’s IC3 2024 report, individuals over the age of 60 were the most affected by crypto fraud, filing roughly 33,000 complaints totaling $2.8 billion in losses. The Recovery Asset Team froze $561 million in fraudulently obtained funds.
Stablecoins now account for 63% of all illicit crypto transactions, per Chainalysis, shifting the composition of funds used in scam operations.
How to Spot a Crypto Rug Pull Before It Happens
Honeypot.is and GoPlus both offer tools that simulate sell transactions without risking real funds, providing a first line of defense against honeypot contracts. A systematic approach to due diligence can catch most fraud signals before investment.
1. Check if liquidity is locked. Use services like Unicrypt, Team Finance, or DexScreener to verify whether the project’s liquidity pool tokens are locked. A lock period under 6 months is a warning sign. No lock at all is a red flag.
2. Verify smart contract audit status. Audited projects publish reports from firms such as CertiK, Hacken, or OpenZeppelin. An audit does not guarantee safety, but the absence of one eliminates a critical layer of review.
3. Research team identity and track record. Anonymous teams are not inherently malicious (Bitcoin’s creator is pseudonymous), but anonymity combined with other red flags raises the risk profile significantly. Check whether team members have verifiable histories in crypto or software development.
4. Analyze token distribution: If a small number of wallets hold a disproportionate share of the token supply, insiders can crash the price by selling. Block explorers and tools like Bubblemaps visualize wallet concentration. Moving tokens to a self-custody wallet after purchase adds a layer of control, but it does not protect against an underlying token scam.
5. Use detection tools: Token Sniffer, Honeypot.is, GoPlus API, and RugDoc analyzes contracts for dangerous functions, including unrestricted minting, concentrated ownership, trading restrictions, and missing liquidity locks.
6. Watch for unrealistic promises and fake engagement: Guaranteed returns above market norms signal unsustainable tokenomics. Bot-driven follower counts, identical comment patterns, and sudden spikes suggest manufactured legitimacy.
Investors active in DeFi markets face the highest exposure because decentralized platforms lack the gatekeeping mechanisms of regulated crypto exchanges.
Legal and Regulatory Response to Rug Pulls
The DOJ’s April 2025 memo, issued by Deputy Attorney General Todd Blanche, explicitly named “fake digital asset development projects such as rug pulls” as a prosecution priority alongside exchange fund misappropriation and smart contract exploits. That language marks the first time the Department of Justice formally categorized these scams as a named enforcement target.
The same memo disbanded the National Cryptocurrency Enforcement Team (NCET), a DOJ unit formed in 2022 to prosecute crypto-related conduct. The DOJ’s new approach narrows the scope of digital asset prosecutions while focusing resources on fraud that directly victimizes investors.
The SEC charged three purported crypto trading platforms (Morocoin Tech Corp., Berge Blockchain Technology Co., Ltd., and Cirkor Inc.) and four investment clubs with defrauding retail investors out of more than $14 million through fake platforms where no actual trading took place.
The FBI’s Recovery Asset Team froze $561 million in fraudulently obtained funds in 2024.
The Thodex case produced a sentence of 11,196 years in prison for founder Faruk Fatih Ozer, handed down by a Turkish court in September 2023.
Global crypto adoption continues to expand, which means the pool of potential victims grows alongside it. Across crypto user demographics, newer investors with less experience evaluating smart contracts face the highest risk.
Frequently Asked Questions (FAQs)
Yes. Rug pulls constitute fraud under securities and wire fraud statutes in most jurisdictions. The DOJ’s April 2025 memo explicitly names rug pulls as a prosecution priority. Penalties range from multi-year prison sentences to the 11,196-year term imposed on Thodex founder Faruk Fatih Ozer by a Turkish court in 2023.
Recovery is difficult but not impossible. The FBI’s Recovery Asset Team froze $561 million in fraudulently obtained crypto funds in 2024 with a 66% success rate. Victims should file reports with IC3 (ic3.gov), local law enforcement, and the relevant blockchain community channels. On-chain forensics firms like Chainalysis assist law enforcement in tracing stolen funds.
A rug pull involves the project’s own developers draining funds or abandoning the project entirely. A pump and dump involves external actors inflating a token’s price through coordinated buying and misleading promotion, then selling at the peak. Both cause investor losses, but rug pulls involve insider betrayal while pump and dumps can be executed by outsiders.
Extremely common at the token level. Solidus Labs found that 98.6% of tokens launched on Pump.fun between January 2024 and March 2025 were classified as rug pulls or pump-and-dumps. Over 7 million tokens were deployed in that period, but only 97,000 maintained any meaningful liquidity. Most rug pulls are small-scale, with a median value of $2,832 on Raydium.
Solana currently leads in rug pull volume by token count due to the Pump.fun token launcher, which deployed over 7 million tokens between January 2024 and March 2025. Ethereum historically hosted the largest rug pulls by dollar value, including AnubisDAO ($60 million) and numerous DeFi exit scams. BNB Chain also sees significant rug pull activity due to low deployment costs.
Conclusion
Crypto fraud losses reached $9.3 billion in 2024, per the FBI, and rug pulls remain one of the most accessible attack vectors for scammers. Three distinct types exist (hard pulls, soft pulls, and liquidity pulls), each exploiting different smart contract mechanisms and investor trust patterns.
The industrialization of rug pulls through platforms like Pump.fun, where 98.6% of over 7 million tokens were classified as scams, shows the scale has shifted from high-profile collapses to automated, low-value token fraud.
Detection tools and enforcement have matured alongside the threat. Investors who check liquidity locks, verify audits, and run contracts through honeypot detectors before investing eliminate the majority of risk. Smart contract literacy and systematic due diligence are no longer optional for crypto participants.
