Rug Pull Detector & Prevention Guide

Detect scams with RugCheck, TokenSniffer, and GoPlus before investing.

What Are Rug Pulls?

A rug pull is when token developers or project leaders steal funds from users and disappear. They "pull the rug out" from under you. Crypto rug pulls are estimated at $5+ billion annually, making them the most common scam type.

Types of Rug Pulls:

  • Liquidity Pull: Team removes liquidity from DEX, token crashes to zero
  • Team Dump: Team wallets (30-50% supply) sell everything at once
  • Infinite Mint: Hidden mint() function allows unlimited token creation
  • Honeypot: Contract prevents selling—you can buy but never sell
  • Vanishing: Team stops responding after collecting funds

The average rug pull victim loses $10K-$100K. Small meme coins are riskiest—90%+ of new tokens are scams. Only invest in established projects with proven teams.

Red Flags to Check Before Buying

Before buying ANY new token, check these red flags. If more than 2 are present, avoid:

Critical Red Flags:

  • Unlocked Liquidity: LP can be withdrawn anytime (rug pullable)
  • Team Wallets Hold 50%+: Team can dump on you
  • No Contract Audit: Code unreviewed for vulnerabilities
  • Hidden Mint Function: Allows infinite token creation
  • Anonymous Team: No real names or social media verification

Marketing Red Flags:

  • Guaranteed Returns Promised: "100x in 30 days"
  • Pressure to Buy Quickly: "Limited time launch"
  • Influencer Shilling: Paid promoters (often undisclosed)
  • No Real Website: Just social media links
  • Dead Social Accounts: No activity for weeks

If a project checks even 3 of these boxes, it's likely a scam. Your job is to say "no" often and only invest in projects that pass rigorous checks.

Top Rug Pull Detection Tools

RugCheck.xyz (Solana)

Most popular Solana token checker. Scans contract for hidden mint functions, checks LP lock status, analyzes holder distribution. Shows a risk score (0-100). Green = low risk, red = high risk.

  • Checks: Mint function, LP lock, top holders, creator social
  • Verdict: Fast, accurate, best for Solana

TokenSniffer (Ethereum & others)

Ethereum's equivalent to RugCheck. Analyzes contract code for honeypot functions, admin privileges, and scam patterns. Real-time blockchain monitoring.

  • Checks: Honeypot detection, admin functions, trading restrictions
  • Verdict: Best for Ethereum tokens

GoPlus Security API

Cross-chain security scanner for Ethereum, Polygon, Arbitrum, Optimism. Used by major wallets. Provides detailed risk reports and contract analysis.

  • Checks: Multi-chain support, phishing detection, holder analysis
  • Verdict: Best for multi-chain projects

De.Fi Scanner

Comprehensive DeFi security tool. Checks smart contracts for vulnerabilities, admin privileges, and exploit patterns. Best for LP safety checks.

  • Checks: LP lock verification, contract audit history
  • Verdict: Best for DeFi-specific projects

Honeypot.is

Specialized tool for honeypot detection only. Simulates buying and selling to determine if you can actually sell. Green = tradeable, red = honeypot.

How to Verify a Contract Yourself

For technical users, verify contracts manually using Etherscan or Solscan:

Step-by-Step Contract Review:

  1. Get contract address from official website
  2. Search on Etherscan (Ethereum) or Solscan (Solana)
  3. Look for hidden mint() function in contract code
  4. Check LP locked with Uniswap V3 or Raydium lock
  5. Verify top holders don't have 50%+ supply
  6. Check owner renounced (not still a risk)

What NOT to See:

  • Hidden mint() function (allows unlimited creation)
  • Admin can freeze/seize tokens
  • Transfer restrictions that block sells
  • LP unlocked or time-locked with short expiry

Comparison Table: Detection Tools

ToolBest ForAccuracyCost
RugCheckSolana tokensHighFree
TokenSnifferEthereum tokensHighFree
GoPlusMulti-chainVery HighFree/Premium
De.Fi ScannerDeFi projectsHighFree
Honeypot.isHoneypot checkVery HighFree

On-Chain Forensics Basics

For serious investigators, trace stolen funds on-chain using these tools:

Tracing Stolen Funds:

  • Use Etherscan/Solscan to track fund movements
  • Look for withdrawals to exchanges (CEX)
  • Check bridge transactions to other chains
  • Report to law enforcement if funds at known exchange
  • Most recovered funds are from exchange collaboration

Recovery is rare unless funds are traced to regulated exchanges. Prevention is infinitely better than recovery attempts.

Related Resources

Frequently Asked Questions

What is a rug pull in crypto?

A rug pull is when token creators or developers abandon a project and steal funds. Types include: liquidity pull (removing LP), team dump (selling tokens), infinite mint (printing unlimited supply), honeypot (can't sell). Most common on new projects.

How do I check if a token is a rug pull?

Use RugCheck (Solana), TokenSniffer (Ethereum), GoPlus, or De.Fi Scanner. Check: locked liquidity percentage, team wallet holdings, contract audit, honeypot functions, social media activity.

What are the biggest red flags?

Unlocked liquidity (rug can pull anytime), team wallets holding 50%+, no contract audit, hidden mint functions, dead social accounts, zero website, promises of guaranteed returns, pressure to buy quickly.

Can I recover funds after a rug pull?

Usually no. If funds moved on-chain, law enforcement can sometimes trace them. Blockchain is immutable—stolen tokens are gone unless the team repays. Never expect recovery. Prevention is everything.

What is a honeypot token?

A honeypot token lets you buy but not sell. Contract code has hidden restrictions that prevent selling. You're trapped holding worthless tokens. Use Honeypot.is to check before buying.

How can I verify a contract myself?

Check the contract on Etherscan/Solscan. Look for mint() functions that shouldn't exist. Check LP is locked with real lock contract. Check holder distribution. Never trust a project with suspicious code.

0
0xMachina·Founder
·
Apr 10, 2026
·
Updated Apr 12, 2026
·
3 min read