Rug Pull
What is Rug Pull?
Rug PullAn exit scam in which the developers of a crypto token, NFT collection, or DeFi protocol drain liquidity or treasury funds and disappear, leaving holders with worthless assets.
A rug pull typically begins with aggressive marketing for a new token, yield farm, or NFT mint that promises outsized returns. Once enough liquidity is locked or investor capital is committed, malicious operators remove liquidity from the trading pool, sell their pre-mined supply, drain the treasury, or activate a privileged function such as unlimited minting or pausing transfers. Rug pulls range from hard rugs (instant theft via code backdoors or owner keys) to soft rugs (gradual abandonment after dumping). Mitigations include reading audited code, checking timelocked and renounced ownership, verifying locked liquidity, reviewing token distribution, and using on-chain analytics for honeypot patterns.
● Examples
- 01
Squid Game Token (November 2021) blocked sells and developers drained roughly 3 million USD of liquidity.
- 02
AnubisDAO (October 2021) lost about 60 million USD when raised ETH was moved to private wallets.
● Frequently asked questions
What is Rug Pull?
An exit scam in which the developers of a crypto token, NFT collection, or DeFi protocol drain liquidity or treasury funds and disappear, leaving holders with worthless assets. It belongs to the Web3 & Blockchain category of cybersecurity.
What does Rug Pull mean?
An exit scam in which the developers of a crypto token, NFT collection, or DeFi protocol drain liquidity or treasury funds and disappear, leaving holders with worthless assets.
How does Rug Pull work?
A rug pull typically begins with aggressive marketing for a new token, yield farm, or NFT mint that promises outsized returns. Once enough liquidity is locked or investor capital is committed, malicious operators remove liquidity from the trading pool, sell their pre-mined supply, drain the treasury, or activate a privileged function such as unlimited minting or pausing transfers. Rug pulls range from hard rugs (instant theft via code backdoors or owner keys) to soft rugs (gradual abandonment after dumping). Mitigations include reading audited code, checking timelocked and renounced ownership, verifying locked liquidity, reviewing token distribution, and using on-chain analytics for honeypot patterns.
How do you defend against Rug Pull?
Defences for Rug Pull typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Rug Pull?
Common alternative names include: Crypto exit scam, DeFi exit scam.
● Related terms
- web3№ 1056
Smart Contract Security
The practice of designing, reviewing, and operating on-chain programs so they cannot be exploited to steal funds, freeze logic, or violate intended business rules.
- web3№ 1055
Smart Contract Audit
An independent security review of smart-contract source code, deployment configuration, and economic design to find vulnerabilities before launch or upgrade.
- web3№ 1221
Wallet Drainer
Malicious software or a phishing kit that tricks crypto-wallet users into signing transactions or approvals that hand over all valuable tokens and NFTs.
- web3№ 106
Blockchain Security
The discipline of protecting distributed ledgers, their consensus mechanisms, smart contracts, and surrounding infrastructure from compromise, fraud, and theft.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.