Rug Pull
A rug pull is a fraudulent exit scheme in cryptocurrency where developers or insiders of a project abruptly withdraw all liquidity, dump their token allocations, or exploit a hidden backdoor in a smart contract — leaving investors holding worthless tokens and recovering little to no value.
The term rug pull describes the metaphor of literally pulling the rug out from under investors. Unlike traditional financial fraud, rug pulls in decentralized finance can be technically instant — a malicious developer can drain a liquidity pool or mint and dump tokens in a single blockchain transaction, before any investor or regulator can intervene. The combination of pseudonymous developer identities, immutable or deliberately opaque smart contracts, and the global retail audience that participates in DeFi token launches creates an environment unusually favorable to perpetrators.
Rug pulls fall into several categories. A liquidity pull occurs when project founders remove the liquidity they added to a DEX pool — typically the entire supply of the new token paired against ETH or a stablecoin — leaving no buyers and rendering the token worthless. This is technically possible whenever founders hold the LP tokens that represent ownership of pool assets. A token dump, or slow rug, involves insiders selling their pre-mined or pre-allocated token holdings progressively into market demand, driving the price to near zero over days or weeks. A smart contract exploit rug uses a hidden function in the contract code — such as an unlimited mint function, a backdoor that allows the deployer to drain user funds, or a transfer restriction that prevents anyone but the deployer from selling — to extract value from holders.
High-profile rug pulls have inflicted billions of dollars in cumulative losses on crypto investors. The Squid Game token of 2021, which prevented holders from selling through a smart contract restriction while developers sold freely, became one of the most publicized examples. Frosties, an NFT project, was subject to a US federal indictment in 2022 — one of the first criminal prosecutions for an NFT rug pull — demonstrating that US authorities classify such schemes as wire fraud regardless of the crypto-native context.
The SEC and DOJ have pursued rug pull cases under wire fraud, securities fraud, and in some instances the Commodity Exchange Act, when the underlying token can be characterized as a security or commodity. The pseudonymous nature of many rug pulls makes enforcement difficult but not impossible — blockchain transaction records are permanent and on-chain KYC data from centralized exchanges used for cashing out has enabled investigators to identify perpetrators.
Investors assessing new token projects should evaluate whether the smart contract has been audited by a reputable firm, whether liquidity has been locked in a time-locked contract that prevents withdrawal, whether the team is publicly identified and has a verifiable track record, and whether the token allocation schedule creates incentives for insider dumps. On-chain analytics tools that highlight wallet concentration, insider sell activity, and anomalous mint events have become standard due-diligence instruments for sophisticated DeFi participants.