Rug pulls follow predictable patterns. After analyzing thousands of scams, the same warning signs appear again and again. Here are the ten most reliable indicators that a token may be a rug pull.
1. No Liquidity Lock
This is the most direct rug pull mechanism. When developers provide liquidity to a DEX pool, they receive LP (liquidity provider) tokens. If these tokens aren't locked in a time-locked contract or burned, the team can withdraw all the liquidity at any moment — leaving your tokens worthless and untradeable.
What it looks like on-chain: LP tokens sitting in the deployer's wallet, not in a locker contract like Unicrypt or Team Finance.
What to do: Only invest in tokens with LP locked for at least 6 months via a reputable locker, or LP fully burned.
2. Active Mint Authority
A mint function allows new tokens to be created. If an active mint is controlled by the deployer, they can flood the market with new supply at any time, instantly diluting your holding to near zero.
What it looks like on-chain: A mint() function callable by the contract owner, with no renouncement.
What to do: Look for tokens where ownership has been renounced or minting is permanently disabled.
3. Anonymous Team with No Track Record
Projects where the team is completely anonymous and has no prior history are significantly higher risk. This doesn't mean anonymous = scam (many legitimate DeFi projects are pseudonymous), but it does mean there's no accountability if things go wrong.
Red flags: Fresh social media accounts, no prior project history, stock photo profile pictures, no doxxed team members.
What to do: Research the team. Are they known figures in the space? Have they shipped projects before? Is there a KYC audit?
4. Copy-Paste Whitepaper / Vague Roadmap
Rug pull teams often copy whitepapers from legitimate projects with minimal changes. The roadmap is full of buzzwords but devoid of specifics.
Red flags: Roadmap with phases like "Q3: Launch. Q4: Partner with major exchanges." No technical specifics. Whitepaper that reads like a marketing brochure.
What to do: Google sentences from the whitepaper. Check if the roadmap has any concrete, verifiable milestones.
5. Extreme Token Concentration
If 60–80% of the supply is held by a handful of wallets (especially the deployer), any coordinated sell will crash the price. This is sometimes hidden behind multiple wallets that appear separate but move together.
What it looks like on-chain: Top 10 holders controlling >60% of supply. Multiple wallets that were funded from the same source (a "sybil" pattern).
What to do: Check the holder distribution on a block explorer. Use a scanner that aggregates this data automatically.
6. Unverified Contract Source Code
If the contract source code isn't verified on a block explorer, there's no way to audit what the token actually does. It could have hidden backdoors, mint functions, or honeypot logic built in.
What it looks like: "Contract not verified" warning on Etherscan.
What to do: Never invest significant amounts in an unverified contract. There's no legitimate reason for a serious project not to verify their code.
7. Honeypot Mechanics (Can Buy But Can't Sell)
Some contracts are designed so you can buy the token but can never sell it — or selling triggers a 99% tax. This is technically a different attack from a liquidity rug but equally devastating.
What it looks like on-chain: Blacklist functions, max transaction amounts that prevent normal sells, or sell taxes that can be set arbitrarily high by the owner.
What to do: Simulate a sell before buying. Use a contract scanner to check for blacklist functions and adjustable taxes.
8. Fake Volume and Wash Trading
Rug pull teams inflate volume to create the illusion of demand. This tricks you into thinking a token is popular when it's really just the team trading with themselves.
What it looks like: Volume that's disproportionately high relative to holder count, round-number transactions, volume from a small number of wallets.
What to do: Look at unique wallets trading, not just total volume. Real organic volume comes from many different addresses.
9. Artificially Hyped Social Media with No Substance
"100x guaranteed," "next Dogecoin," aggressive Telegram groups banning anyone who asks critical questions — these are classic rug pull social dynamics.
Red flags: Telegram groups where price-critical questions get deleted. Twitter accounts that only post price predictions. Paid shillers with no genuine analysis.
What to do: Join the community and ask hard questions. Legitimate teams welcome scrutiny. Scam teams ban and silence critics.
10. No Audit from a Reputable Firm
Serious projects get audited by reputable security firms before launch. Fake "audit" certificates from unknown firms are a common trick.
Red flags: No audit, or an audit from an unrecognized firm with no track record. An audit that doesn't address specific code risks.
What to do: Look for audits from recognized firms. Read the actual audit report — not just the "passed" badge.
Scan Before You Invest
You don't need to check each of these manually. ChainRaven's free rug pull scanner automatically detects mint authority, liquidity status, blacklist functions, holder concentration, and more — giving you an instant risk score from 0 to 100.
Spot the signals early, before you're left holding worthless tokens.