This article previews our Rug Pull Report and sets the stage with a plain-language guide to rug pulls in crypto, outlining what they are, how bad actors execute them, and how the threat is tracked.
Within cryptocurrency crime, rug pulls dominate. More than 300,000 scam tokens have been launched, defrauding about 2 million participants — a tally that surpasses the combined investor impact of the FTX, Celsius, and Voyager failures.
Rug pulls have evolved into repeatable playbooks: the packaging may look new, but the underlying mechanics are often designed to trap liquidity and strand buyers.
So what does a rug pull actually involve, and what mechanics make it work?
What Is a Rug Pull?
A rug pull occurs when fraudsters create a new cryptocurrency, draw in buyers or liquidity, and then abruptly cash out or drain funds, leaving holders with tokens that have little to no value. These schemes show up in both DeFi tokens and NFT projects, and they can be driven by technical manipulation (smart contract abuse) or by promotion-heavy exit behavior. In crypto slang, getting “rugged” means being the victim of a rug pull — the moment you realize you’ve lost funds because the project was a scam. From an Islamic (Sharia) perspective, rug pulls are generally considered haram (forbidden) because they rely on fraud, deception, and wrongful taking of others’ property.
How Do Scammers Pull the Rug?
Perpetrators generally use two approaches: they either plant malicious logic in the token’s smart contract or engineer a hype cycle that misleads the market. A hard rug is a code-based trap where the contract is built to steal, freeze selling, or siphon value. A soft rug is a promotion-driven exit where insiders use marketing to attract funds and then abandon the project or dump holdings. The fastest operations are often hybrids that combine code-level controls with aggressive promotion.
- A DeFi scam exploits code. Attackers alter a token’s smart contract to, for example, block selling, mint unlimited supply, or impose extreme fees that siphon value.
- An exit scam exploits promotion. Offenders stage aggressive marketing, fabricate partnerships, or orchestrate wash trading to entice buyers before disappearing with the proceeds.
The fastest, most lucrative schemes often blend both methods. The creators of the Squid Game token, for instance, combined a honeypot restriction with glossy marketing and a white paper; within days, $SQUID’s backers walked away with more than $3 million. Other widely cited rug-pull incidents include Meerkat Finance and AnubisDAO, which drew rapid inflows and then saw funds disappear amid allegations of malicious or compromised control.
DeFi Scams: Common Exploits
Solidus Labs classifies code-driven theft into several recurring exploit types:
| Exploit Type | Description | Typical Impact on Buyers |
|---|---|---|
| Honeypots | Block holders from selling their tokens. | Funds get trapped because exits are disabled or selectively blocked. |
| Hidden mints | Let insiders create limitless new tokens on demand. | Supply can be inflated at will, enabling rapid dilution and dumping. |
| Fake ownership renunciations | Conceal that developers can still invoke privileged functions. | Investors believe control was surrendered when it was not. |
| Hidden balance modifiers | Allow direct edits to user balances. | Holders can be debited, zeroed out, or otherwise manipulated without a normal transfer. |
| Hidden fee modifiers | Enable sell fees that can effectively reach 100%. | Sells can become economically impossible, draining value through punitive fees. |
| Hidden max-transaction controls | Can push the maximum allowed trade down to near zero. | Trading can be throttled so buyers cannot exit meaningfully. |
| Hidden transfers | Permit moving tokens from user wallets to the developer’s address. | Assets can be redirected to insiders without the holder’s intent. |
The chart below contrasts how often each exploit appears across confirmed rug pulls.
Case Study: The “Dictionary” DeFi Scammer
One prolific offender, dubbed the “dictionary” scammer, has launched more than 9,000 fraudulent tokens across Ethereum, BNB Chain, and Polygon. The nickname comes from their habit of using everyday words as variable names in constructor and transfer functions.
In the SafeUkraineInu source, for example, unusual variables such as shirt, uncle, herd, and ice appear — terms rarely seen in standard ERC-20 contracts.
Each of this actor’s tokens bakes in two traps at once: a honeypot and a hidden mint. Buyers cannot resell, and the scammer can fabricate new tokens at will — even beyond a stated maximum supply.
Naming is also deceptive. SafeUkraineInu mimics a real donation project called Ukraine Inu, while its ticker, SUI, matches the better-known Sui token, creating confusion to lure victims.
- Deploy a new token.
- Pair the token with Ether (ETH) or Binance Coin in a Uniswap or PancakeSwap liquidity pool.
- Wait for users to swap ETH or Binance Coin into the pool.
- Mint an enormous batch of new tokens, often exceeding 100 times the original supply.
- Dump tokens for ETH or Binance Coin, drain liquidity, and profit (often around 0.1 to 5 ETH per scheme).
Exit Scams: Hype-Driven Frauds
In an exit scam, the token itself functions normally — whether a fungible ERC-20 or a non-fungible ERC-721 NFT — but the promoters falsely market the project and later disappear with investor funds.
Before vanishing, these promoters often manufacture buzz using tactics such as:
- Building slick but misleading websites.
- Announcing partnerships that never existed.
- Making untrue claims about the team or financial backing.
- Secretly allocating themselves far more tokens than publicly disclosed.
- Wash trading to fake price discovery or inflate volume.
- Bot-driven social posts to flood positive sentiment.
Common warning signs also include contracts that are unverified or unaudited, concentrated token supply in a few wallets, liquidity that can be removed at any time, admin keys that allow privileged changes after launch, unusually high or changeable transfer taxes, and promises of guaranteed returns. Practical risk reduction starts with basic diligence: read the token’s permissions, look for credible audits, verify whether liquidity is locked or controlled by a trusted mechanism, avoid projects that pressure you to buy quickly, and be especially cautious with anonymous teams or vague tokenomics.
If you think you’ve been rugged, prioritize damage control and documentation: stop interacting with the token or connected sites, preserve transaction hashes and screenshots, check whether you can revoke token approvals from the wallet you used, report the incident to relevant platforms and local authorities where applicable, and alert other users so they can avoid interacting with the same contracts. In some cases, victims may have potential recourse through civil claims or coordinated reporting, but outcomes vary widely.
These steps are deliberate attempts to deceive investors, and prosecutors have responded.
Case Study: The FLiK Token Exit Scammer
When promoters are caught running exit schemes, charges often include money laundering, wire fraud, and securities fraud. Enforcement varies widely by jurisdiction, and not every rug pull is prosecuted, particularly when perpetrators are offshore, identities are obscured, or regulations leave gaps around token launches and promotional conduct. Atlanta film producer Ryan Felton pleaded guilty after orchestrating two 2018 offerings — FLiK and CoinSpark — admitting to twelve counts of wire fraud, ten counts of money laundering, and two counts of securities fraud.
According to the United States Attorney’s Office for the Northern District of Georgia, investigators found the following:
Felton falsely claimed a prominent rapper co-owned FLiK, asserted that the U.S. military would distribute the streaming platform to service members, and suggested studio licensing deals were imminent. In reality, the artist’s involvement ended with a single promotional post, no military agreement existed, and there were no licensing talks. Although Felton said ICO proceeds would fund platform development, he later dumped over 40 million FLiK tokens on exchanges, triggering a price collapse.
The case illustrates that U.S. authorities can successfully prosecute exit scammers — and similar accountability may soon extend to smart contract exploiters.
Trends in 2026: Scale and Prevalence
Between September 2020 and January 1, 2022, more than 212,000 scam tokens were created. That span includes over 83,000 in 2021 and roughly 125,000 in 2022.
These figures dwarf earlier industry tallies that counted just 24 events in 2021 and 262 in 2022, and they show a troubling share of code-level fraud. Roughly 8% of Ethereum ERC-20 tokens and 12% of Binance Smart Chain BEP-20 tokens were engineered to steal from buyers.
