How to Spot a Crypto Rug Pull: Red Flags for 2026

A rug pull is the crudest scam in crypto and one of the most common. The team behind a token builds hype, attracts buyers, and then pulls out the liquidity or dumps their holdings, leaving everyone else with a worthless asset they cannot sell. These scams drained roughly $1.8 billion from investors in 2025. The good news is that most rug pulls share the same handful of warning signs, and free tools can flag them in seconds. This guide walks through the red flags and the checks that take only a few minutes but can save your money.

Key takeaways

• A rug pull is a scam where a token's creators remove liquidity or dump holdings, collapsing the price to near zero.
• The biggest red flags are unlocked liquidity, an anonymous team, concentrated ownership, and impossible promised yields.
• If the top wallets hold most of the supply, a single coordinated dump can wipe out the price in minutes.
• Free tools like RugCheck, TokenSniffer, Honeypot.is, and Bubblemaps catch most amateur scams before you buy.
• Even after these checks, never invest more than you can afford to lose in a new, unproven token.

What a rug pull actually is

In a rug pull, the people who launch a token retain the ability to destroy its value and then exercise it. The most common version is a liquidity rug: the team provides the pool that lets people trade the token, then withdraws that liquidity, so there is no longer anything to sell into and the price crashes to zero. Another version is a slow dump, where insiders quietly sell their large allocation into buyers until the price collapses. A third is a technical trap baked into the contract, such as code that blocks ordinary holders from selling at all.

The scams have evolved. While the raw number of rug pulls dropped sharply from 2024, the individual scams grew larger and more sophisticated, with some single incidents vanishing with hundreds of millions of dollars. The lesson is that volume going down does not mean the danger is gone.

The red flags that matter most

Unlocked or briefly locked liquidity. Legitimate projects lock their liquidity for months, often six to twelve, through a verifiable lock. A lock of under 30 days, or no lock at all, means the team can drain the pool whenever they choose.

Anonymous team with no history. Search the founders on professional networks and code repositories. A real team has months or years of commit history. A scam team has a repository created days before launch, minimal activity, and forked boilerplate code. Claimed partnerships should be verifiable on the partner's own official channels, not just the project's marketing.

Concentrated ownership. If the top ten wallets hold more than 40 to 50 percent of the supply, those wallets can coordinate a dump that collapses the price in minutes. Distribution should be wide.

Impossible yields. Promises of enormous fixed returns are bait. Sustainable yield comes from real activity; advertised triple-digit returns with no clear source are a classic lure.

Hidden contract functions. Scam contracts can hide a mint function to print new tokens, a blocklist to stop you selling, a fee modifier to tax you to death, or a fake ownership-renounce trick. These are not visible to a casual buyer, which is why automated scanners matter.

Here is a fast reference for how serious each red flag is and how to verify it:

Red flag	Why it is dangerous	How to check	Severity
Unlocked liquidity	Team can drain the pool any moment	Token scanner lock status	Critical
Hidden sell block (honeypot)	You can buy but never sell	Honeypot.is	Critical
Mint function in contract	Team can print unlimited tokens	TokenSniffer / RugCheck	Critical
Top wallets hold 40%+	One coordinated dump crashes price	Bubblemaps, holder list	High
Anonymous team, no history	No accountability if it collapses	Search repos and professional profiles	High
Impossible fixed yields	Bait with no real revenue source	Read the tokenomics critically	Medium

Free tools that do the checking for you

You do not have to read Solidity to catch most scams. A short stack of free tools covers the basics:

1. Paste the token's contract address into a scanner like TokenSniffer for Ethereum-based tokens or RugCheck for Solana tokens to get an instant risk score.
2. Review what the scanner flags: liquidity lock status, mint authority, holder concentration, and known scam code patterns.
3. Use Honeypot.is to check whether the token can actually be sold, not just bought, which exposes sell-blocking traps.
4. Use a wallet-mapping tool like Bubblemaps to visualize whether a few connected wallets secretly control most of the supply.
5. If any tool flags a serious issue, walk away. The cost of skipping a token is zero; the cost of a rug pull is everything you put in.

These tools catch amateur and intermediate scams reliably. They are not infallible against the most sophisticated operations, so treat a clean score as necessary but not sufficient.

A quick map of which tool answers which question:

Tool	What it tells you	Chains
RugCheck	Liquidity lock, mint authority, holder risk score	Solana
TokenSniffer	Contract risk score, known scam patterns	Ethereum and EVM chains
Honeypot.is	Whether the token can actually be sold	Ethereum and EVM chains
Bubblemaps	Hidden links between top holder wallets	Multiple chains

A simple rule that survives every scam

No checklist replaces position sizing. New tokens are the highest-risk corner of an already risky asset class. Even after every check passes, only commit money you are fully prepared to lose. For related threats that target your wallet rather than a token, see our guides on wallet drainer scams and address poisoning scams, both of which complement rug-pull awareness with on-chain hygiene.

What to do right now

Before you buy any new token, run this in under five minutes:

• Paste the contract address into RugCheck (Solana) or TokenSniffer (Ethereum and EVM) and read the risk score.
• Confirm liquidity is locked for several months through a recognized locker, not unlocked or locked for days.
• Run the token through Honeypot.is to prove you can sell, not just buy.
• Open Bubblemaps and check whether a few linked wallets secretly control most of the supply.
• Search the team on code repositories and professional networks for real, months-long history.
• If any check fails, walk away. If everything passes, still size the position as money you can fully afford to lose.

Frequently asked questions

What is a rug pull in crypto?

It is a scam where the creators of a token remove its liquidity or dump their holdings, collapsing the price to near zero and leaving other holders unable to sell at any meaningful value.

How can I tell if liquidity is locked?

Use a token scanner that reports lock status, and look for locks of several months through a recognized locking service. Unlocked liquidity or a lock under 30 days is a major red flag.

Are rug pull detection tools reliable?

Tools like RugCheck, TokenSniffer, Honeypot.is, and Bubblemaps reliably catch amateur and intermediate scams, but the most sophisticated operations can evade them. A clean score lowers risk but does not guarantee safety.

Why does holder concentration matter?

If a few wallets control most of the supply, they can dump simultaneously and crash the price in minutes. Wide distribution makes a coordinated dump far harder.

Can a token look fine and still be a scam?

Yes. Hidden contract functions like minting, sell blocking, or fee modifiers may not be visible to a casual buyer, which is why running the contract through automated scanners before buying is essential.