How to Spot a Rug Pull: A Non-Developer’s Checklist
How to Spot a Rug Pull: A Non-Developer’s On-Chain Checklist (2026)
A friend once forwarded me a token in a Telegram group with three rocket emojis and the words “still early.” I almost clicked buy. Instead I spent ten minutes learning how to spot a rug pull, and those ten minutes are why I still have that money. I’m a Korean office worker, not a developer. I don’t read Solidity. I just run the same checks every time.
This post is the exact routine I use before I touch any token — five things, in order, on free tools. By the end you’ll know how to spot a rug pull in ten minutes flat, plus the one near-miss that taught me to slow down.
One honest line up front: this is educational, written for literacy, not advice on what to buy. These checks reduce risk; they don’t remove it.
What a Rug Pull Actually Is (and What a Honeypot Is)
A rug pull is when a token’s creators drain its value and disappear, leaving holders with something they can’t sell. The classic version: developers pull all the liquidity out of the trading pool, so the token still shows a price but nobody can convert it back to anything.
A honeypot is the meaner cousin. The contract lets you buy but not sell — or selling triggers a 99% tax. The chart looks alive. The exit door is welded shut.
Both are forms of exit scam, and both leave fingerprints on-chain before they happen. You’re not predicting anything; you’re reading patterns that are already public — the same literacy-first stance I took in how to read on-chain data, the prequel that defined the “fraud resistance” use-case I’m unpacking here.
I’m not teaching you to chase signals or time entries — only to ask, calmly, “is the exit door open?” before you walk in.
The Check I Run Before I Touch Any Token
Most rug pull guides hand you a flat list of twenty red flags in random order. That’s not how I think when a group chat is yelling “still early.” Here is how to spot a rug pull the way I actually do it: an ordered sequence I stop the moment something fails.
The order matters because the early checks are kill-switches. If liquidity isn’t locked, I don’t bother with the team’s Twitter — I’m already out. It’s the same framework-first habit I lean on in the no-code AI agent pillar: define the sequence once, run it the same way every time. A decision tree, not a scorecard:
- Liquidity — locked, burned, or I walk.
- Sellability — can I actually get out? (honeypot test)
- Holder concentration — does one wallet own everything?
- Contract & authorities — verified code, renounced ownership, no mint switch.
- Off-chain sanity — team, audit, socials, the human stuff.
Each step has a free tool, none require code, and the whole sequence takes about ten minutes once you’ve done it five times. Let’s walk down the ladder.
1 — Liquidity: Locked, Burned, or Walk Away
Liquidity is the pool of paired assets (usually a token plus ETH, SOL, or a stablecoin) that lets people trade. If the creator can withdraw that pool, they can rug you in one transaction. So the first question is always: can they pull the liquidity?
You want liquidity that is locked (held in a time-locked contract) or burned (sent to a dead address nobody controls). RugCheck.xyz for Solana, or GoPlus and the liquidity tab on GeckoTerminal, will flag this for you.
Here’s the trap almost everyone falls for. A project posts a screenshot of “liquidity locked for 12 months.” Screenshots are pixels, and pixels can be faked. Click through to the lock itself and read three things: the amount locked, the unlock date, and the lock hash on the actual locker contract. If a project can’t point you to that on-chain, treat it as unlocked.
I also watch how thin the pool is. A tiny liquidity pool relative to market cap can crater on one medium sell with no malice at all — not a rug, but the outcome on your screen looks identical.
This is step one for a reason: unlocked liquidity is a kill-switch. Walking away from a hundred maybes costs nothing; walking into one welded door costs everything you put in.
2 — Can You Actually Sell? The Honeypot Check
A honeypot crypto token is the scam that hurts most, because the chart keeps climbing while you’re trapped. You buy in, feel clever, and then the sell button reverts every time.
You don’t test this by buying. You simulate it. Free simulators like Honeypot.is (for EVM chains) and the GoPlus token security check run a fake buy-and-sell against the contract and report whether the sell would go through. They also surface the buy tax and sell tax — and a hidden 40% sell tax is its own slow rug.
What I’m looking for:
- Can sell: yes. A successful simulated sell is the green light.
- Buy/sell tax: low and symmetric. A 30% sell tax against a 2% buy tax is a flag, even if selling technically works.
- No blacklist function that lets the owner block your address later.
One honest limit: a clever contract can pass a simulation today and flip a switch tomorrow. A clean honeypot check is necessary, not sufficient — one door, not the whole house.
3 — Holder Concentration: Who Owns the Supply
Now I open a block explorer — Etherscan for Ethereum, Solscan for Solana — and go to the token’s Holders tab. The question is simple: if a handful of wallets own most of the supply, they can dump on everyone else whenever they like.
I read the top-10 wallet share, but I subtract the parts that are supposed to hold a lot: the liquidity pool address and the burn address. Those are healthy. What worries me is a few anonymous, non-pool wallets sitting on 40%, 60%, 80% of the supply between them.
A useful free helper here is Bubblemaps, which draws wallets as connected bubbles. When ten “different” top holders are all funded from one source wallet, the cluster jumps off the screen. That’s insiders wearing ten hats.
There’s no magic threshold, and I won’t pretend there is. But when non-pool insiders hold most of the supply, this is often the single step that teaches you how to spot a rug pull the rest of the checklist would miss.
4 — The Contract: Verified Source, Ownership, Authorities
This is where people think they need to be developers. You don’t — you’re reading labels, not code.
Verified source. On Etherscan, a verified contract shows its source code with a green check. Unverified code is a yellow flag — you can’t see what it does. But here’s the part the listicles skip: a verified contract is not a safe contract. Plenty of scams verify their code precisely because “verified” looks reassuring. Verification means visible.
Ownership. “Renounced ownership” means the deployer gave up special control of the contract. That removes some risks (the owner can’t change taxes on a whim) but not others (liquidity can still be unlocked). Renounced is a green-ish flag, not a guarantee.
Authorities (Solana). On Solana, the dangerous switches are mint authority and freeze authority. Active mint authority lets someone print unlimited tokens and crush the supply; active freeze authority lets someone freeze your wallet so you can’t move the token at all. On Solscan or RugCheck, you want both showing as revoked / disabled. Active authorities are a hard stop for me.
For a neutral reference on contract-address impersonation and explorer scam flags, the ethereum.org guide to identifying scam tokens is the calmest source I’ve found — and it isn’t trying to sell you a scanner.
5 — The Off-Chain Sanity Check
On-chain clean does not equal safe. A contract can pass every check above and still be run by people who plan to dump and vanish. So the last step looks at the humans — a few flat things, no detective work required:
- Team. Anonymous isn’t automatically a scam, but anonymous plus a fresh project plus heavy insider holdings is a pattern.
- Audit. If they claim an audit, find the actual report from the named auditor — not a badge image on their site. The artifact, not the screenshot.
- Socials. Look for organic conversation versus copy-paste shill replies and bots posting the same line. CoinGecko’s explainer on rug pulls walks through the patterns in plain language if you want the textbook version.
There’s a Korean office phrase I think about here — bbali bbali, “hurry hurry.” It’s a strength at work, where speed ships things, but a liability in a group chat that wants you to buy before you’ve finished reading. Manufactured urgency is the scammer’s favorite tool because it short-circuits exactly the slow checks above.
This step is fuzzy on purpose — the gut-check after the math. The same patience I wrote about in bases before bets applies here: if a token needs you to decide in the next ten minutes, that urgency is itself a flag.
The Red-Flag Checklist (Printable)
Here’s the whole framework as one table — the printable version of how to spot a rug pull that lives in my notes app. The rule I use for myself: three or more red flags and I walk, no matter how good the chart looks.
| Check | Green flag | Red flag | Kill-switch? |
|---|---|---|---|
| Liquidity | Locked (real lock hash) or burned | Unlocked, or “locked” only as a screenshot | Yes |
| Sellability | Simulated sell succeeds, low symmetric tax | Can’t sell, high sell tax, or blacklist function | Yes |
| Holder concentration | Distributed; big slices are LP/burn | Anon non-pool wallets hold the majority | Strong |
| Contract source | Verified (but verify ≠ safe) | Unverified code | Moderate |
| Ownership | Renounced | Active owner who can change taxes | Moderate |
| Mint/freeze (Solana) | Both revoked / disabled | Either still active | Yes |
| Off-chain | Named team, real audit report, organic socials | Anon team + bot socials + audit badge image only | Moderate |
A note on the tools: scanners disagree, so treat any single score as one opinion, not a verdict. The checklist is the framework; the tools just fill it in.
What Almost Got Me
Mandatory FLOW SEEKER LAB section, and the most useful part of this post. Knowing how to spot a rug pull on paper is one thing; here’s the time I nearly ignored my own checklist.
A token was making the rounds in a group I trust. Liquidity: locked, real hash, twelve-month timer. Sellability: simulated sell passed, taxes low. Contract: verified. Three green lights in a row, and I felt the pull — the “this one’s fine, skip the rest” feeling. That feeling is the danger.
I almost stopped there. Then I ran step three out of habit. On Bubblemaps, the top eight “independent” holders were all funded from one wallet two hops back. Same person, eight costumes, holding well over half the supply. The locked liquidity was real — it just didn’t matter, because the insiders could dump into that pool and leave everyone else holding dust.
I walked. A few weeks later the token did exactly that — the locked liquidity stayed locked while the price went to nothing, because a lock on the pool says nothing about who owns the tokens around it.
It cost me nothing because I ran the full sequence. Two lessons: never stop early just because the first checks pass — that’s when overconfidence does the rug’s job for you — and no tool catches everything, so run all of it, every time. The checks reduce risk. They never delete it.
FAQ
What is a rug pull in crypto? A rug pull is when a token’s creators drain its value — usually by removing the trading liquidity or dumping their holdings — and disappear, leaving other holders with something they can’t sell.
What is a honeypot token, and how is it different from a rug pull? A honeypot is a contract written so you can buy but can’t sell, or selling triggers an extreme tax. A rug pull drains value and exits; a honeypot traps you from the start. A honeypot is one method a rug pull can use.
How do I know if a token’s liquidity is locked? Don’t trust a screenshot. Click through to the locker contract and read the locked amount, unlock date, and lock hash on-chain. If a project can’t show you that, treat the liquidity as unlocked.
How can I check token holder concentration without coding? Open the token on Etherscan or Solscan and read the Holders tab. Subtract the liquidity-pool and burn addresses, then see how much a few anonymous wallets hold. Bubblemaps shows whether those wallets share a funding source.
Does renounced ownership or a revoked mint authority guarantee a token is safe? No. They remove specific risks, but liquidity can still be unlocked and insiders can still dump. They’re green-ish flags, not guarantees.
Can a verified contract still be a scam? Yes. Verification means the source code is visible, not that it’s safe. Scammers often verify their code because “verified” looks trustworthy. Read what the code allows; don’t stop at the green check.
Are free rug-pull checkers like GoPlus, Honeypot.is, and RugCheck reliable? They’re useful but imperfect. Scanners frequently disagree, and a contract can pass today and flip a switch tomorrow. Treat any single score as one opinion and run the full checklist yourself.
Can on-chain checks guarantee a token is safe? No. This routine reduces risk; it does not remove it. The goal is literacy and risk-screening, not certainty — and never a recommendation about what to buy.
Closing
Learning how to spot a rug pull isn’t about predicting which token wins. It’s about reading the exit door before you walk in. That’s the whole reason I run this on-chain due diligence sequence: liquidity, sellability, holders, contract, humans — in that order, every time. Frameworks, not forecasts.
Next in this series — On-chain Digest #3: How to Track a Crypto Wallet (Without Coding) — the free, no-code four-step loop I run to follow one wallet over time: find it, read it once on an explorer, set alerts, and read each move as observation, not a trade signal. Tracking a team wallet is the live version of this rug-pull checklist.
One last time, because it matters: this is educational and for literacy. It reduces risk; it doesn’t remove it; and it’s never advice on what to buy.
About the author
seonjae — Korean office worker documenting his transition into AI systems, agents, and vibe coding — without a CS background. Shipping in public.
