While the crypto industry has continued to reach new heights, recently hitting a market capitalization of $3.89 trillion, the decentralized finance (DeFi) landscape has witnessed a dramatic upsurge in the number of rug pull incidents.
On Nov. 14, the number of rug pull incidents peaked at an alarming 31 in a single day, while their monthly cumulative losses amounted to a sizable $15 million, signaling the escalating sophistication of scammers.
While most of these incidents involved relatively small amounts, with losses typically less than $100,000, the sheer volume and increasing complexity of these scams have posed a significant threat to the integrity of the DeFi market.
Allen Zhang, co-founder and chief technology officer of Web3 cybersecurity firm GoPlus, told Cointelegraph that the most prevalent type of rug pull is the “honeypot token” scam, which has been identified in over 5,688 tokens since November.
He said that modern scammers have adapted by implementing sophisticated multi-wallet control strategies, making it difficult to assess risk purely based on holder concentration metrics.
Crypto scammers change their tactics
From the outside looking in, the modern rug pull has evolved from a crude smash-and-grab operation to a sophisticated psychological campaign.
Michael Heinrich, co-founder of Web3 infrastructure provider 0G labs, told Cointelegraph that scammers now employ professional marketing strategies that would make legitimate startups envious.
“We’re seeing meticulously crafted narratives designed to lure unsuspecting investors,” he said, “The absence of stringent Know Your Customer protocols allows malicious developers to create and promote fraudulent tokens without revealing their identities, making it challenging for authorities to trace and hold them accountable.“
The recent launch of the Peanut (PNUT) memecoin serves as a perfect example. Within just seven days of its Nov. 1 launch, PNUT had seen a remarkable 161x price surge, attracting scammers who created fraudulent versions of the token. The scammers were able to rug pull over $103,000.
In this regard, the weaponization of front-running bots — applications monitoring transactions in a mempool to identify targets for a front-running attack — has become a particularly insidious method.
Recent: Microsoft’s Bitcoin dilemma: Ride $5T BTC wave or avoid risk
Zhang said malicious actors are beginning to develop automated token launch strategies specifically designed to exploit front-running bots.
This, in his view, has created a fascinating game theory dynamic where the competition between token issuers and automated trading tools has become increasingly mature and intelligent.
Steven Walbroehl, co-founder and chief technology officer of Web3 security firm Halborn, told Cointelegraph that front-running bots are aiding rug pull scams, especially during token launches.
“They often start with a ‘hype and demand’ cycle. Front-running bots automatically detect new token listings and execute rapid buy orders to front-run legitimate investors.”
“These actions artificially inflate token prices and volumes, creating an illusion of high demand and enticing more investors to participate.”As a result, security providers now need to conduct more detailed analyses using methods that go beyond simple concentration metrics and incorporate more sophisticated indicators of potential malicious activity.
Elaborating on the growing sophistication of these scams, Heinrich pointed out a recently evolving rug pull area: the “fair launch” of memecoin tokens. He said that 90% of wallets on Pump.fun — a Solana-based marketplace allowing users to create and distribute their own tokens, primarily memecoins — were interrelated.
This means that developers are injecting meme tokens on Pump.fun and utilizing bots alongside other tactics to drive up the price before liquidating on unsuspecting retail users. A recent example of this occurred when a 13-year-old was able to pocket $30,000 using this same tactic.
Kid makes a coin then dumps on people for $30k while live-streaming 😭pic.twitter.com/LoanyydtYX
— TTI (@TikTokInvestors) November 20, 2024Walbroehl said there has been a growing trend of fraudulent projects falsely associating themselves with well-known brands to gain credibility. “The ‘Lego rug pull’ involved a project that deceitfully linked itself to the popular Lego brand, attracting investors under false pretenses before executing the scam,” he added.
Detection, prevention and community defense
With memecoin scams on the rise, the blockchain security community has begun to mount a sophisticated counteroffensive.
Security research firm Anaxi Labs and Carnegie Mellon University’s CyLab have developed algorithms to simplify blockchain components and enhance transparency.
Kate Shen, co-founder of Anaxi Labs, told Cointelegraph that the coming months could be monumental for blockchain security and audibility, especially with VC firm Andreessen Horowitz launching its first major in-house product, Jolt, earlier this year.
“[Jolt’s] goal is to offer simpler, faster, more auditable toolings as compared to the current developer experience, which is often ‘effort-intensive’ and offers a large surface area for security-critical bugs to creep in,” she said.
GoPlus has introduced the SafeToken Protocol, providing standardized security templates to reduce the occurrence of rug pulls implemented through malicious code. “By providing these standardized, secure templates, we’re helping to establish a safer foundation for token launches in the Web3 ecosystem,” co-founder Zhang said.
Beyond such specific solutions, Nanak Nihal Khalsa, co-founder of Web3 security protocol Holonym, told Cointelegraph that crypto wallets should use automated code-scanning tools when the user interacts with a contract.
“This can’t be fixed on the user level, but it can on the wallet level. Wallet should start doing this in addition to transaction simulation,” he said.
Heinrich believes DeFi platforms should consistently engage reputable third-party firms for contract audits while encouraging open-source code development on platforms like GitHub. “Design contracts that cannot be altered after deployment, period,” he added.
The psychological aspect of rug pulls is understated
Rug pulls can employ sophisticated forms of psychological manipulation. Ben Caselin, chief marketing officer at digital asset trading platform VALR, told Cointelegraph that most crypto traders have internalized the high-risk nature of these markets, adding:
“They’re essentially gambling, investing in multiple low-market-cap tokens with the hope that one or two might succeed in the short term.”
This dynamic has helped lay the perfect breeding ground for scams where investors, driven by the fear of missing out (FOMO) and the allure of quick profits, have become vulnerable to scams.
Heinrich said today’s scammers have become adept at creating extremely professional facades. “I receive at least one email per week from an ‘investment fund’ claiming interest in my project,” he revealed.
The role of social media and influencer marketing has also become undeniable, with fake endorsements, fabricated success stories and coordinated marketing campaigns becoming standard tools.
“Scammers execute FOMO campaigns on social media to exploit impulsive investor behavior. Worryingly, some scammers repeat the same playbook across multiple projects, refining their tactics to target the next wave of victims,” Shen said.
Recognizing red flags
There are a number of signals that traders can look for to recognize a potential rug pull.
One is “token concentration.” Khalsa said scammers create the illusion of distribution by controlling multiple, seemingly independent wallets.
“The more centralized a token supply, the higher the likelihood and impact of a potential rug pull,” he said.
Recent: Why crypto needs to fix its ‘dangerously low’ knowledge gap
Scam projects frequently list tokens with low liquidity, making it easier for centralized holders to execute rug pulls. Projects with minimal community distribution are particularly vulnerable, as broader token dispersion dilutes manipulation risks.
It’s already easy to make a centralized token supply seem distributed, such as by splitting funds among several addresses that one person controls or writing a fake ERC-20 token contract that can lie about supply and user balances. “While these tricks can be caught, the average user won’t usually catch them,” Khalsa said
In this context, Shen said tools like Etherscan and Token Sniffer can help flag projects where a few top wallets dominate crypto ownership.
Khalsa said that while it’s impossible to eliminate all risks, it’s still possible to dramatically reduce them through education, technological innovation and a culture of collective responsibility.