Crypto rug pull scam

A rug pull is when the creators of a cryptocurrency token, NFT collection, or DeFi project drain the liquidity pool or treasury after gathering investor money. The token price collapses to zero almost instantly.

Variants:

• Hard rug: developers withdraw all locked liquidity from the trading pool. Price → 0.
• Soft rug: developers slowly sell off their reserved tokens into the market over weeks until the price collapses.
• Honeypot: smart contract is designed so buyers can buy but cannot sell. Only the developer can withdraw.
• NFT rug: art mint, gather mint funds, then disappear (delete Twitter, Discord, website).

Rug pulls are the most common DeFi/NFT scam by count. Chainalysis tracked over $2.8B lost to rug pulls in 2021 alone.

• Anonymous team — no LinkedIn-verifiable founders.
• Token contract is not audited by a known firm (Certik, OpenZeppelin, Trail of Bits).
• Liquidity isn't locked (or is locked for a comically short period like 1 month).
• Smart contract grants the deployer mint authority, sell tax, or pause functions.
• Influencer hype that started days ago, often paid promotions.
• Telegram/Discord aggressively bans dissenting questions.
• The roadmap reads like marketing copy with no technical specificity.
• "Limited mint" urgency, often artificial.

1. Check the team. Real teams have public LinkedIn profiles with verifiable employment history. Anonymous founders carry significantly higher rug risk.
2. Read the smart contract on Etherscan / Polygonscan / BscScan. Look for mint authority, transfer restrictions, sell-tax-to-deployer, and pause functions.
3. Verify the audit. Click through to the actual audit report, not just a "Certik audited" badge. The badge can be screenshot-faked.
4. Check liquidity lock. Use tools like Unicrypt to verify the lock period. A lock that ends next month is not a lock.
5. Search for the project name + "rug pull" or "scam." New projects with established complaints aren't worth the risk.
6. Use small test transactions first if you must engage.

• Try selling immediately. If you can't sell, it may be a honeypot — try smaller amounts to confirm.
• Capture transaction hashes, contract address, the project's website, Telegram/Discord usernames.
• Report the contract address to chain analytics firms (Chainabuse, ScamSniffer).
• Report to IC3 — the FBI has had real recoveries in this category for larger losses.
• Revoke smart-contract approvals at revoke.cash to prevent further drains.
• Expect recovery scams to DM you within days. Pre-decide not to engage.

• Do not rebuy in hopes of a "recovery."
• Do not join the new Telegram launched by the same anonymous team under a new name.
• Do not approve smart contracts on URLs the project DMs you.
• Do not pay "recovery services."

• FTC: reportfraud.ftc.gov — the broadest US fraud intake; reports flow to thousands of law-enforcement agencies.
• FBI IC3: ic3.gov — the right destination when the scam is internet-enabled (phishing, BEC, romance, crypto).
• CFPB: consumerfinance.gov/complaint — for complaints about banks, money transmitters, payment apps, credit cards, debt collection.
• IdentityTheft.gov — if any identity information (SSN, driver's license, account credentials) was shared.
• Your bank or payment platform. Call the number on the back of your card or use the app's in-product help. Time matters — wires can sometimes be recalled within hours; ACH and Zelle are harder but worth trying.