· 7 min read

5 Red Flags That Signal a Crypto Rug Pull

Rug pulls drained billions from crypto investors. Here are the 5 warning signs you can spot in any smart contract before it is too late.

Red warning flags on crumbling crypto platform with broken chain links

Imagine scrolling through Twitter at midnight and seeing a new token everyone is talking about. The chart is going vertical. People are posting screenshots of 10x gains. You feel that pull in your chest, the fear of missing out, and your finger hovers over the "buy" button.

But what if that token was designed to steal your money from the start?

Quick Answer
Most rug pulls share 5 warning signs you can spot before investing: unverified source code, unlimited minting power, unlocked liquidity, concentrated token holdings, and anonymous teams. Checking for these takes 5 minutes and could save you everything.
Crypto Scam

Rug Pull

A rug pull is when a crypto project's developers abandon it after draining investor funds. They "pull the rug out" from under you. It is the most common type of crypto fraud, responsible for billions in losses since 2020. The scam works because smart contracts can be written with hidden backdoors that let creators take your money while everything looks legitimate on the surface.

Red Flag 1: Unverified Source Code

This is the single biggest warning sign. And it is surprisingly simple to check.

When a smart contract is deployed on Ethereum, the compiled code is visible on the blockchain. But compiled code is unreadable to humans. That is why legitimate projects "verify" their source code on block explorers like Etherscan, so anyone can read exactly what the contract does.

This Is the #1 Red Flag
If a contract's source code is not verified, you are trusting a black box with your money. You literally cannot see what the contract will do with your tokens. No verification means no transparency, and no transparency means no trust.

Remember the Squid Game token from 2021? Investors poured $3.3 million into it because the hype was irresistible. But the contract was unverified. Nobody could read the code. And when the developers drained every penny, investors realized they never had the ability to sell in the first place.

The anti-sell mechanism was baked into the contract. If the code had been verified, anyone could have spotted it.

Red Flag 2: Owner Can Mint Unlimited Tokens

Picture this. You buy 1,000 tokens that represent 1% of the total supply. You feel good about your position. Then the contract owner mints 10 million new tokens overnight. Your 1% is now worth almost nothing.

Some contracts give the owner a mint function with no cap. This means the project creator can generate unlimited new tokens at any time, instantly destroying the value of every token you hold.

What to Look For
Search the contract code for functions like mint(address, uint256) that are restricted to the owner. A legitimate project might have controlled minting on a fixed schedule for staking rewards. A rug pull contract gives one wallet unrestricted minting power with no supply cap enforced in the code.

This is different from a fair token emission schedule. The difference is accountability. Capped, scheduled minting is transparent. Unlimited owner minting is a loaded gun pointed at investors.

Red Flag 3: No Liquidity Lock

This is the classic rug pull mechanic, and understanding it will change how you evaluate every new token.

When a token launches on a decentralized exchange like Uniswap, the developers provide initial liquidity. That is the pool of tokens and ETH that makes trading possible. If that liquidity is not locked, the developers can withdraw it whenever they want.

How a Liquidity Rug Pull Works

1

Launch and Hype

Developers create a token and add liquidity to a DEX. Social media campaigns drive excitement.

2

Investors Buy In

You and thousands of others swap ETH for the new token. The liquidity pool grows.

3

Price Rises

Buying pressure pushes the price up. Early screenshots of gains fuel more FOMO buying.

4

Rug Gets Pulled

Developers remove all liquidity from the pool. They walk away with the ETH.

5

Token Dies

With no liquidity left, the token cannot be sold. Price crashes to zero. Holders are stuck.

Always verify that liquidity is locked through a service like Unicrypt or Team Finance. If a project claims locked liquidity but cannot provide a verifiable lock transaction, walk away.

Red Flag 4: Concentrated Token Holdings

When a small number of wallets hold most of the total supply, those wallets control the price. They can crash it any time they want by selling. This is called a "whale dump," and it is often coordinated by the project team using multiple wallets to hide their true holdings.

50%+

Whale Dump Risk Threshold

If the top 10 wallets (excluding known exchanges and contract addresses) hold more than 50% of a token's supply, the risk of a coordinated dump is dangerously high.

Source: Chainalysis 2024 Crypto Crime Report

Some projects try to hide concentrated holdings by splitting tokens across dozens of wallets. It looks decentralized on the surface. But blockchain analysis tools can trace these connections back to the same source.

Most retail investors never bother to check. That is exactly what scammers are counting on.

Red Flag 5: Anonymous Team

Anonymity is part of crypto culture. Bitcoin itself was created by a pseudonymous founder. So an anonymous team is not automatically a red flag on its own.

But when anonymity is combined with the other warning signs on this list, it dramatically increases your risk. A team with no verifiable identity, no prior projects, and no public reputation has nothing to lose by pulling the rug. There are no consequences because there is no one to hold accountable.

Team Verification Checklist

  • Team members have LinkedIn profiles with work history
  • Founders have GitHub accounts with real contribution history
  • Team has prior involvement in known crypto projects
  • Project has been audited by a recognized security firm
  • Team does live AMAs or video calls (not just text chat)
  • Company is registered in a real jurisdiction

A doxxed team is not a guarantee of legitimacy. But it raises the cost of scamming significantly. People with real reputations have something to lose.

How to Protect Yourself

No single red flag means a project is definitely a scam. But multiple red flags stacking up should make you pause. The more boxes a project checks on this list, the faster you should close that browser tab.

The 5 Rug Pull Red Flags
  • Unverified source code means you cannot read what the contract does with your money.
  • Unlimited minting power lets the owner dilute your tokens to zero overnight.
  • Unlocked liquidity means developers can drain the trading pool and disappear.
  • Concentrated holdings give a few wallets the power to crash the price at will.
  • Anonymous teams with no track record have nothing to lose by scamming you.

Checking for these 5 red flags takes about 5 minutes. That is a small price to pay for peace of mind, and for keeping your investment safe.

The fastest way to check any contract is to run it through an automated scanner. CryptoGuard AI analyzes verified Ethereum contracts for centralization risks, dangerous permissions, and common vulnerability patterns. It is instant, free, and could save you from the next rug pull.

Try CryptoShield AI

Paste any contract address and get an instant AI risk report. Free, no signup required.

Scan a Contract Free →
Alex Mercer

Alex Mercer

Smart contract security researcher and founder of CryptoShield AI. Spent 4 years in blockchain security before building tools that make contract analysis accessible to everyday investors.

CryptoShield AI · Smart Contract Security