Secure your copy of the Rug Pull Report


What is a Rug Pull? The Mechanics of DeFi Scams

October 27, 2022
   |   By 
Solidus Labs Team

This blog is a preview of our Rug Pull Report — coming this November. Secure your copy today.

Rug pulls are one of crypto’s most pervasive scams and, until today, the vast majority have gone undetected. Solidus data indicates that more than 188,000 rug pulls have been deployed on Ethereum, BNB Chain, and other leading blockchains – far more than previous estimates.

These rug pulls – also known as “scam tokens” or “DeFi scams” – are not just abandoned crypto projects, as the traditional definition of a rug pull would suggest; rug pull tokens are explicitly programmed to steal from retail investors. Their smart contracts often include scripts that disable secondary sales, allow developers to mint new tokens, or that charge buyers sell fees of 100%. Together, these tokens contribute to the hidden theft of hundreds of millions from crypto users.

The anatomy of a crypto rug pull

In most respects, rug pull tokens look just like any other cryptocurrency, abiding by their respective blockchains’ fungible token standard. Where they differ is in their source code.

Over time, scammers have learned how to make dozens of different modifications to their tokens’ underlying smart contracts. Token smart contracts, for reference, are software programs that establish rules about how tokens are created and traded on the blockchain. To execute rug pulls, scammers first hard-code exploitative rules into their tokens' smart contracts that give them additional powers – or strip their buyers of basic privileges. Then, they deploy (i.e. publish) that token contract.

After deploying their scam token, the scammer next creates a liquidity pool on a decentralized exchange (DEX). This establishes a trading pair between that token and more popular, legitimate cryptocurrency, like Ethereum. They then generate artificial transaction volume to inflate that token’s perceived value.

DeFi scammers may attract even more investors by:

  • Publishing a promotional website or roadmap
  • Sharing fake partnerships or names of “doxxed” developers
  • Advertising on Twitter, Discord, Reddit, Telegram, or other social media apps

When enough users have bought into the scam token, the scammer then sells off their token holdings in exchange for the now-larger sum of legitimate tokens in the liquidity pool. This drives the token’s price to zero, thereby finishing the rug pull.

Types of rug pull smart contracts

Scammers program their crypto tokens to pull the rug out from under investors in a number of different ways. Three of the most popular types of DeFi scams– honeypots, hidden mints, and balance modifiers – are outlined below. 


Number of honeypots detected by Solidus Threat Intelligence as of October 25th, 2022: 96,008

A honeypot is any exploit that prevents the buyers of a token from reselling it. This inability to sell causes the token’s price to increase, creating the appearance of a “mooning” token and tricking even more users into buying it.

The most famous example of this exploit is the Squid Game token (SQUID). Capitalizing on the popularity of the eponymous Netflix series, SQUID embedded a honeypot exploit in its deployment contract, making it look to many investors like a promising meme coin — another Dogecoin or Shiba Inu. Within days, investors had spent over $3.36 million buying SQUID, and the developers used this opportunity to run off with the funds.

Source: Coinmarketcap

Hidden mints

Number of tokens with hidden mint functionalities detected by Solidus Threat Intelligence as of October 25th, 2022: 40,569

A hidden mint is an exploit that allows one or more externally owned accounts (EOAs) to mint new tokens using a hidden function within the token contract. After calling the mint function, the scammer dumps the extra tokens in the market, rendering the originally minted tokens that users hold worthless.

Hidden mints often accompany honeypots.

Hidden Balance Modifiers

Number of tokens with hidden balance modifiers detected by Solidus Threat Intelligence as of October 25th, 2022: 7,907

A hidden balance modifier is an exploit that allows token holder balances to be modified by one or more EOAs, or by the contract itself. When the EOA sets holder balances to zero, this makes selling impossible. The scammer then removes liquidity or mints/sells tokens to exit the scam.

Additional typologies

Other typologies include fake ownership renunciations, hidden fee modifiers, hidden transfers and external contract calls. In our forthcoming Rug Pull Report, we analyze these exploits and more in greater detail.

How Solidus Threat Intelligence spots rug pulls, early, accurately, and at scale 

Solidus Threat Intelligence combines proprietary on- and off-chain datasets with Token Sniffer’s smart contract scanning technology to spot rug pulls as soon as they’re deployed. This gives crypto businesses a window into their compliance posture and an opportunity to prevent DeFi scammers from cashing out. In this way, companies can protect their users, root out bad actors, and address regulatory enforcement risks.

Learn how Solidus Threat Intel can help your business tackle crypto and DeFi AML:

Subscribe to our weekly newsletter

Loader Animation