A rug pull is a crypto scam where developers abandon a project and escape with user funds, leaving tokens worthless. These schemes often happen in DeFi and NFT projects, but by learning the warning signs, you can navigate the ecosystem with greater confidence.
The term ‘rug pull’ originates from the phrase ‘pulling the rug out from under someone,’ meaning to suddenly withdraw support and leave someone in a difficult position. In cryptocurrency, a rug pull occurs when developers or creators of a crypto project suddenly abandon it and disappear with buyers' funds, leaving token holders with worthless assets.
This type of scam became particularly prevalent with the rise of decentralised finance (DeFi) platforms, catalysed by pandemic-era stimulus, starting around 2020. The ease of creating tokens on blockchain networks like Ethereum, combined with minimal regulatory oversight, created an environment where malicious actors could launch projects, attract investment and vanish within days.
Rug pulls differ significantly from other crypto scams. Unlike Ponzi schemes, which promise returns from new buyer money while maintaining an operational facade for extended periods, rug pulls involve an immediate or sudden exit by developers.
They're also distinct from phishing attacks, which trick users into revealing private keys or passwords. In a rug pull, the scam is embedded in the project's structure itself, often through malicious smart contract coding or centralised control mechanisms that allow creators to drain liquidity or mint unlimited tokens at will.
The decentralised nature of cryptocurrency makes rug pulls particularly devastating. Without any centralised oversight or the ability to reverse blockchain transactions, victims have little recourse once their funds are stolen.
This combination of easy project creation, anonymous developers, and irreversible transactions has made rug pulls one of the most common exit scams in the crypto space, costing participants billions of dollars collectively. Maintaining personal financial sovereignty comes with significant advantages but also several risks. This is one of them.
Crypto rug pulls typically operate through three primary mechanisms, each exploiting different aspects of how cryptocurrency projects function:
While insiders can argue that they were simply selling their legitimately held tokens, the intent to deceive users for profit makes this a form of rug pull, especially when combined with false promises about project development.
There have been several high profile cases over the years, with the following ordered by amount lost:
In November 2021, the Squid Game token rode the hype of Netflix's popular series, skyrocketing to nearly $2,900 within days. The project promised a play-to-earn game based on the show, but buyers soon discovered they couldn't sell their tokens due to restrictions embedded in the smart contract.
Developers then drained US$3.38 million from the liquidity pool and disappeared, leaving the token worthless. The website and social media accounts vanished overnight, making this the textbook example of a liquidity theft rug pull.
In October 2021, AnubisDAO executed one of the fastest rug pulls in crypto history. The project raised approximately US$60 million worth of Ethereum in just 20 hours before the developers drained the funds.
What made this case particularly shocking was the speed. Most rug pulls build momentum over weeks or months, but AnubisDAO collapsed within a day of launch. The anonymous team provided no documentation, whitepaper or substantial project details, yet still attracted massive investment due to DeFi hype.
Luna Yield performed a rug pull in April 2021, stealing approximately US$6.7 million from users . The project positioned itself as a yield farming protocol on Binance Smart Chain and attracted buyers with promises of high returns.
After accumulating substantial deposits, developers exploited a backdoor in the smart contract to drain all the funds. The team's identities were anonymous, and they vanished completely after the theft, again highlighting the dangers of projects with unaudited contracts and unknown developers.
While technically an exchange exit scam rather than a DeFi rug pull, Thodex deserves a mention as one of the largest cases. In April 2021, the Turkish cryptocurrency exchange suddenly shut down operations, with its founder fleeing the country.
Approximately US$2 billion in user funds disappeared, affecting hundreds of thousands of buyers. This case demonstrates that rug pulls can occur even on centralised platforms when proper regulatory oversight and security measures are absent.
Trade crypto securely on Crypto.com
Meerkat Finance stole US$31 million from users within 24 hours of launching on Binance Smart Chain in March 2021. The project was a fork of Yearn Finance, a legitimate DeFi protocol, which gave it an air of credibility.
However, developers exploited vulnerabilities they had intentionally coded into the smart contracts to drain all deposited funds. Interestingly, the developers later claimed they were ‘testing’ security and returned some funds, though this appears to have been a response to public pressure and potential legal consequences rather than genuine remorse.
Surprisingly, the legality of crypto rug pulls is a complex grey area that varies significantly by jurisdiction and the specific circumstances of each case. In principle, rug pulls that involve intentional fraud, misrepresentation or theft are illegal in most countries, but prosecuting those involved can be challenging, especially as crypto regulatory frameworks are not fully developed globally.
In Australia, rug pulls can potentially violate consumer protection laws, financial services regulations and various criminal statutes related to fraud and theft.
For perspective, the distinction between intentional fraud and legitimate project failure is legally significant. If developers can argue that they attempted to build a real product but failed, or that they sold their tokens for personal reasons without intending to deceive, prosecution becomes much harder. This ambiguity is why many scammers operate with some degree of impunity, especially when launching projects from jurisdictions with weak regulation.
Internationally, the legal landscape is even more fragmented. Some countries have virtually no crypto regulation, making them safe havens for scammers. Others have pursued rug pull cases aggressively. The cross border nature of cryptocurrency means perpetrators can often evade justice by operating from multiple jurisdictions simultaneously.
There are usually red flags when it comes to rug pulls, and especially Initial Coin Offerings:
Protecting yourself from rug pulls requires discipline. Following this systematic checklist, and resisting the urge to buy through FOMO, can help to reduce your risk:
Thoroughly investigate every project before comitting. Verify team identities and backgrounds through LinkedIn, Twitter and other professional networks. Read the new project’s whitepaper completely to understand its goals, technology and token economics.
Check if the smart contract has been audited by reputable firms and review the audit report for any concerns. Also examine tokenomics for red flags like excessive insider holdings or unlimited minting capabilities, and review the project’s GitHub repository to confirm active, transparent development. Research is arguably your most important shield against rug pulls.
Whenever possible, purchase through platforms that conduct due diligence on listed projects. Established, regulated exchanges vet tokens before listing, filtering out many obvious scams. While not a guarantee of safety, it adds an important layer of protection compared to unvetted, decentralised exchange listings. Be particularly cautious with new tokens on platforms that have no listing standards.
Use services such as Token Sniffer, RugDoc and Honeypot.is to identify common rug pull indicators. These tools analyze contract code for issues such as missing liquidity locks, unrestricted mint functions, concentrated ownership and trading restrictions. While not foolproof, they provide quick technical checks that can uncover potential scams.
Limit exposure by committing only modest amounts to new projects. Never allocate more capital than you are comfortable exposing to market risks, and consider avoiding asset concentration so that a single protocol failure does not heavily impact your total digital holdings. If a project appears technically compelling but carries clear operational uncertainties, users often choose to limit their asset allocation to a minimal fraction of their total digital utility configurations.
Be wary of projects promising massive returns, applying pressure to buy quickly, or mimicking trendy concepts without substance. In crypto as in stocks, scepticism is a strength. Taking time to research properly may cause you to miss some short term opportunities, but it also protects you from losses.
What is a rug pull in crypto?
A rug pull is an exit scam where cryptocurrency project developers or creators suddenly abandon the project and steal user funds. This typically happens through draining liquidity pools, disappearing after fundraising or dumping large token holdings after artificially pumping the price.
Are rug pulls illegal?
Rug pulls are illegal in most jurisdictions, including Australia, when they involve intentional fraud, misrepresentation or theft. However, prosecution is challenging due to the anonymous nature of many crypto projects, offshore operations and the difficulty of proving intent to defraud versus legitimate project failure.
How do I know if a project is safe?
Analyse projects using multiple criteria, including verifying team identities and backgrounds, confirming smart contracts have been audited by reputable firms, checking that liquidity is locked for reasonable periods, analysing tokenomics for fair distribution without excessive insider holdings and researching the project's development activity on GitHub.
What happens if you fall for a rug pull?
Unfortunately, recovering funds from a rug pull is extremely difficult. Blockchain transactions are irreversible, and scammers typically move stolen funds through mixers and multiple wallets to obscure the trail. You can report the incident to the relevant authorities, but the best approach is prevention through due diligence before buying.
What are the most famous rug pulls?
The most notorious rug pulls include Squid Game Token, AnubisDAO, Luna Yield, Thodex and Meerkat Finance. These cases collectively highlight the various methods scammers use and the devastating financial impact on their victims.
Looking to buy crypto online? We make it as simple as possible to start:
Important Information: This content is general informational material sponsored by Foris DAX Pty Ltd (trading as Crypto.com) and is intended strictly for educational purposes. It does not constitute financial product advice, an investment recommendation, or a solicitation to trade. Digital assets are highly volatile, completely unregulated as financial products in Australia, and involve a high risk of capital loss; you may lose some or all of your initial principal. Digital asset accounts are not traditional banking products and are explicitly not protected by the Australian Government’s Financial Claims Scheme (FCS). Consider your personal risk appetite and seek independent financial advice before participating.
