What is a crypto rug pull?
A rug pull is a crypto scam where developers abandon a project and abscond with investor capital, typically by pulling liquidity from a DEX pool or exploiting a backdoor in the token contract. The result: token price collapses to near-zero, holders lose everything. Rug pulls range from crude (pull liquidity in one transaction) to sophisticated (slow multi-week exits that look like organic decline). Distinguishing legitimate projects from rugs is one of the most important skills in crypto — and one of the easiest to systematize with automated tooling.
The 30+ red flags: contract-level
Contract-level red flags appear in the smart-contract code itself. Critical patterns: (1) Mint authority not renounced — devs can print unlimited supply. (2) Pause / halt functions that block trading. (3) Blacklist / blocklist functions that freeze specific wallets. (4) Hidden transfer fees (buy/sell tax) above 5% or not disclosed in docs. (5) Proxy-upgradeable contracts where devs can replace logic post-audit. (6) Custom fee mechanisms routing trading fees to dev wallets. (7) Modifiable metadata (update authority retained on Solana). (8) Unverified contract source code — if the block explorer doesn't show source, treat as a rug by default. Sharpe's Rug Check runs a layered security scan covering all contract-level patterns.
The 30+ red flags: liquidity-level
Liquidity-level red flags appear in the DEX pool configuration: (1) Liquidity pool not locked — devs can pull at any moment. (2) Lock period less than 6 months — protection expires. (3) Lock contract is custom rather than Unicrypt / Team.Finance / Pinksale — verify the lock contract is legitimate. (4) LP token holdings concentrated in a single wallet with withdrawal access. (5) Pool depth below $50K — even small sells crash price. (6) Pool created minutes before launch with no historical organic activity. (7) Pool imbalanced (e.g., 5% token, 95% paired asset) suggesting dev added minimal paired value. (8) Multiple pools across DEXes with wildly different prices — arbitrage hasn't equalized because pool is a trap.
The 30+ red flags: holder-level
Holder-level red flags appear in on-chain wallet analysis: (1) Top-10 holders control 25%+ of supply (excluding LP and staking contracts). (2) Single wallet above 10% — concentrated dump risk. (3) Holder growth stagnant or declining post-launch — no real community. (4) Dev wallet holdings haven't vested or unlocked — pre-planned dump pattern. (5) Cluster of wallets funded from same source (Bubblemaps visualization) — coordinated dump-group. (6) Top holders inactive — tokens sit unused, often a sign of inactive project or insider holdings. (7) Transfer patterns showing wash-trading between known wallet clusters. (8) First buyers still holding in full — either diamond hands or pre-coordinated hold before dump.
The 30+ red flags: social / team-level
Social / team red flags are non-quantitative but important: (1) Anonymous team with no doxxed members — not inherently bad but correlates with rug frequency. (2) Team has a history of abandoned previous projects (reverse image search profile pictures, check social handle history). (3) Discord/Telegram heavily moderated with negative comments deleted — sign of damage control. (4) Website is a free template with placeholder content. (5) Whitepaper is AI-generated or copied from another project. (6) Social following bought (sudden spikes in followers, engagement ratio under 0.1%). (7) Community mods have no history before the project. (8) Team responses to technical questions are vague or AI-generated.
A 60-second rug-check workflow
Step 1: Paste contract address into Sharpe's Rug Check. Review the 0-100 risk score and any flagged patterns. Step 2: Check block explorer — Etherscan/BscScan/Solscan/Arbiscan. Verify source code is published, holder distribution is reasonable, LP is locked. Step 3: Check TokenSniffer or Honeypot.is for a second opinion on security patterns. Step 4: Look up the team — do they have doxxed members or previous projects? Step 5: Check DEX pool on DexScreener — depth, age, volume, holder count. Any two red flags from the list above should make you skip. Three or more is a near-certain rug.
What to do if you've been rugged
First, accept the loss and move on — most rug-pulled tokens never recover, and chasing the trade deeper typically compounds losses. Second, report the contract to Etherscan / BscScan / Solscan via their token-tagging systems so future victims see the warning. Third, file a report with Chainabuse.com (aggregated scam reporting) and CryptoScamDB. Fourth, if the rug involved a large amount, consult a blockchain-forensics firm (Chainalysis, Elliptic, TRM) — in rare cases stolen funds can be traced to CEX deposits and recovered with law enforcement involvement. Fifth, learn the pattern for next time — most rug pulls follow recognizable templates and detection improves with pattern recognition.
Using Sharpe's tooling to prevent rugs
Sharpe's Rug Check produces a 0-100 risk score across 30+ patterns using a layered security scan. Every token flagged in the Gem Finder, DEX Screener, or Memecoins products has the security score visible inline — no context switch required. For deeper analysis, use the per-chain rug-check pages for chain-specific patterns (Solana mint authority, Ethereum proxy contracts, Base Clanker tokens, etc.). The combination of Sharpe's integrated workflow plus this checklist gives most traders enough tooling to avoid 90%+ of rug patterns.