Rug pulls are the nightmare of memecoin trading. One moment you're up 500%, the next your tokens are worthless because the developer drained the liquidity and disappeared. In 2024-2025, billions were lost to rug pulls across crypto.
The good news: most rug pulls show warning signs before they happen. This guide teaches you to spot those red flags, use security tools to check tokens before buying, and protect yourself from the most common scams in the memecoin space.
Reality Check
Even with perfect research, you can still lose money. Not all losses are rug pulls - many tokens simply fail due to lack of interest. This guide helps you avoid obvious scams, but it can't eliminate the inherent risks of memecoin trading.
What is a Rug Pull?
A rug pull occurs when token creators abandon a project after extracting value from investors. There are several types:
Types of Rug Pulls:
- Liquidity Pull: Developer removes liquidity from the trading pool, making tokens impossible to sell
- Dump Rug: Team holds large supply and sells everything once price rises
- Honeypot: Contract allows buying but blocks selling entirely
- Mint Rug: Developer mints new tokens to dilute supply and dump
- Slow Rug: Gradual selling over time while maintaining appearance of legitimacy
Understanding these methods helps you know what to look for when evaluating tokens.
The 10 Biggest Red Flags
Before buying any memecoin, check for these warning signs:
Critical Red Flags
- 1. Unlocked Liquidity: If LP tokens aren't locked or burned, developer can pull liquidity anytime
- 2. Concentrated Holdings: Single wallet (non-contract) holding >10% of supply is dangerous
- 3. Honeypot Contract: Contract that allows buys but blocks or heavily taxes sells
- 4. Mint Function Enabled: Developer can create unlimited new tokens to dump
- 5. No Social Presence: No Twitter, Telegram, or website - or newly created accounts
- 6. Copy/Paste Website: Generic template site with no original content
- 7. Anonymous Team: No verifiable identity or history in crypto
- 8. Unrealistic Promises: "Guaranteed 100x" or "can't lose money" claims
- 9. Paid Promotion Only: All visibility comes from paid shills, no organic community
- 10. Blacklist Function: Contract can blacklist wallets from selling
The more red flags present, the higher the risk. Even one critical red flag should make you extremely cautious.
How to Check Token Security
Before buying any token, run it through these checks:
Security Check Process
Use RugCheck.xyz
Paste the token contract address into RugCheck. It automatically analyzes the contract for dangerous functions, liquidity status, holder distribution, and common scam patterns. Look for "Good" ratings on critical factors.
Check Liquidity Status
On Solana, check if LP tokens are burned (sent to dead address) or locked. Burned is best - it's permanent. Locked is okay if the lock period is long enough. Unlocked liquidity is a major red flag.
Analyze Holder Distribution
Use a block explorer (Solscan, Birdeye) to view top holders. Exclude known addresses (DEX pools, burn addresses). If any single wallet holds more than 5-10% of supply, be cautious.
Verify Social Presence
Check Twitter account age, follower quality (not bots), and engagement. Look for a Telegram with real community discussion, not just announcements. Verify the website has original content.
Test with Small Amount
Before committing significant funds, buy a tiny amount and immediately try to sell it. This confirms the token isn't a honeypot. If you can't sell, you've only lost a small test amount.
Tools for Security Checking
These tools help automate the security checking process:
| Tool | What It Checks | Best For |
|---|---|---|
| RugCheck.xyz | Contract analysis, LP status, holder distribution | Quick overall assessment |
| GMGN.ai | Built-in security scores, wallet analysis | Integrated with trading |
| Birdeye | Holder distribution, trading activity | Detailed analytics |
| DEXScreener | Liquidity, volume, price charts | Market data |
| Solscan | Contract details, holder list, transactions | On-chain verification |
Pro Tip: Use GMGN for Integrated Security
GMGN.ai includes built-in token security analysis. When you view a token, it shows security scores and warnings automatically. This saves time compared to checking multiple external tools. Their wallet tracking also helps identify if smart money is buying or avoiding a token.
Liquidity Analysis Deep Dive
Liquidity is crucial for both trading and security. Here's how to analyze it:
Liquidity Status Types:
- Burned (Best): LP tokens sent to dead address - permanently locked, developer can never pull
- Locked (Good): LP tokens in time-lock contract - safe until lock expires, check the unlock date
- Unlocked (Dangerous): Developer can remove liquidity at any moment
What to Check:
- Liquidity amount: Higher is better - low liquidity means high slippage and easy manipulation
- Liquidity ratio: Compare liquidity to market cap - very low ratio is suspicious
- Lock duration: If locked, when does it unlock? Short locks can be extended but aren't guaranteed
- Multiple pools: Check all trading pools, not just the main one
Pump.fun Tokens
Tokens launched on Pump.fun have a bonding curve mechanism. Liquidity is automatically added to Raydium when the token "graduates" (hits ~$69k market cap). Before graduation, there's no traditional LP to lock. After graduation, check if the migrated LP is burned.
Holder Distribution Analysis
Who holds the tokens matters as much as the contract security:
| Holder Pattern | Risk Level | What It Means |
|---|---|---|
| Top holder has <5% | Low | Well distributed, no single entity can dump significantly |
| Top holder has 5-10% | Medium | Acceptable but watch for selling activity |
| Top holder has >10% | High | Can cause major price impact when selling |
| Multiple wallets, similar amounts | Very High | Likely same person with multiple wallets (Sybil) |
| Deployer still holds tokens | Varies | Normal for some projects, but watch the percentage |
Exclude Known Addresses
When checking holder distribution, exclude: DEX pool addresses, burn addresses (dead wallets), known exchange wallets, and marketing/team wallets that are locked. Focus on wallets that can actually sell.
Contract Red Flags
Dangerous contract functions that enable rugs:
Dangerous Contract Functions
- Mint Function: Allows creating new tokens - can dilute your holdings to zero
- Blacklist Function: Can block specific wallets from selling
- Pause Function: Can freeze all trading
- Max Transaction Limits: May prevent you from selling your full position
- Hidden Fees: Sells may have massive hidden taxes (90%+ going to developer)
- Proxy Contract: Contract logic can be changed after launch
- Owner Functions: Special privileges that weren't renounced
Tools like RugCheck automatically scan for these functions. If any are present and not renounced, proceed with extreme caution.
Social Engineering Scams
Not all rugs are technical - many rely on social manipulation:
Common Social Scams:
- Fake Influencer Endorsements: Edited screenshots or paid promotions presented as genuine recommendations
- Impersonation Accounts: Fake accounts mimicking popular traders or projects
- Telegram Group Manipulation: Fake "community" full of bots hyping the token
- Countdown Pressure: "Only 2 hours until launch!" creating FOMO
- Fake Partnerships: Claims of partnerships with major projects that don't exist
- Airdrop Bait: Free tokens that require connecting wallet to malicious site
Never Trust DMs
Legitimate projects don't DM you first. Any unsolicited message about a token, especially claiming you've "won" something or offering "guaranteed returns," is a scam. Always verify through official channels.
Protection Strategies
Beyond checking tokens, these habits protect your portfolio:
Security Best Practices:
- Dedicated trading wallet: Never use your main wallet for memecoin trading
- Limited funds: Only keep what you're actively trading in hot wallets
- Position sizing: Never put more than 5-10% of your portfolio in one token
- Take profits: Sell portions as price rises - don't hold 100% hoping for more
- Revoke approvals: Regularly revoke token approvals you no longer need
- Bookmark official sites: Never click links from DMs or random tweets
- Use anti-drain protection: Trojan offers built-in protection against signing malicious transactions
Read our full Risk Management guide for comprehensive portfolio protection strategies.
What to Do If You Get Rugged
If you do fall victim to a rug pull:
Accept the Loss
The tokens are likely worthless and unrecoverable. Don't waste more money trying to "average down" or believing recovery promises from scammers.
Revoke Approvals
Immediately revoke any token approvals related to that contract. The scammers may try additional exploits through approvals you granted.
Document Everything
Screenshot transactions, contract addresses, and scammer wallets. This may be useful for reports or future reference.
Report the Scam
Report to relevant platforms (Twitter, Telegram) and consider filing reports with blockchain analysis companies that track scams.
Learn and Move On
Analyze what red flags you missed. Use the experience to improve your checking process for future trades.
Frequently Asked Questions
What is a rug pull in crypto?
A rug pull is a scam where developers abandon a project and steal investors' funds. This typically happens by draining liquidity pools (making tokens unsellable), dumping large token holdings, or using malicious contract functions. The term comes from "pulling the rug out" from under investors.
How can I check if a token is safe before buying?
Use security scanners like RugCheck.xyz, verify liquidity is locked or burned, check holder distribution for suspicious concentrations, research the team's history, and confirm there's a real community. GMGN.ai has built-in security checks that automate much of this. Always test with a tiny buy first to confirm you can sell.
What are the biggest red flags for a rug pull?
Major red flags: unlocked liquidity, single wallet holding large supply percentage, no or fake social media, anonymous team with no history, honeypot contract (can't sell), mint function enabled, unrealistic promises of guaranteed returns, and all visibility from paid promotion with no organic community.
Is locked liquidity enough to be safe?
No. Locked liquidity prevents one type of rug (liquidity pull), but developers can still scam through other methods: holding large token supplies to dump, having mint functions to create new tokens, or using malicious contract functions. Always check multiple security factors, not just liquidity status.
Are Pump.fun tokens safe?
Pump.fun provides a standardized launch mechanism, but tokens launched there can still be rugged through supply dumps (developer holding large amounts) or post-graduation liquidity manipulation. The platform reduces some risks but doesn't eliminate them. Always check holder distribution and developer wallet activity.
Can I recover money from a rug pull?
In most cases, no. Crypto transactions are irreversible, and rug pull operators typically disappear or use untraceable wallets. Focus on prevention rather than recovery. The best protection is thorough research before buying and never investing more than you can afford to lose.
Trade Safer
Use terminals with built-in security features: