Crypto rug pull warning signs UK 2026

DeFi rug pulls extract billions globally each year. Three distinct patterns — hard rug, soft rug, liquidity drain via smart contract. This page covers each pattern, the 7 red flags to spot before you invest, and what to do (realistically) if you've been caught. Aimed at UK retail investors entering meme coins, launchpad sales, and yield-farming pools.

Last reviewed: 14 May 2026 · ScamSupport research

The 3 rug-pull patterns

1. Hard rug

Developers withdraw the entire liquidity pool in a single on-chain transaction. After the withdrawal, holders can no longer sell at any meaningful price — the token has effectively zero market depth. Often happens within minutes; victims may not even see the price drop before it's done. Detectable post-hoc on Etherscan / BscScan / Solscan as a single large withdrawal from the liquidity pair to a developer-controlled wallet, often within hours of token launch hitting a market-cap threshold.

2. Soft rug

Developers gradually sell their reserved token allocation over days or weeks, depressing the price slowly without a single dramatic event. Often disguised as "team payment", "marketing wallet", "treasury operations". Less obviously fraudulent — the developers may even argue they're operating legitimately — but the end result is the same: tokens drained to near-zero value, holders left with worthless bags.

3. Liquidity drain via smart contract

Developers retain administrative control over the smart contract. After raising sufficient liquidity, they deploy a "feature" — often hidden in a contract upgrade or admin function — that lets them:

  • Mint unlimited new tokens (diluting existing holders to zero)
  • Pause all trading (preventing holders from selling)
  • Blacklist seller wallets (selective blocking)
  • Modify transfer fees to 99% (extracting value on every transaction)
  • Disable the token's burn or buyback function

Coordinated with a sell-off of the developer's own allocation. The contract upgrade itself is the rug; victims discover it when their sells start failing or returning impossible values.

The 7 red flags — check BEFORE investing

  1. Anonymous developers. No real names; no LinkedIn or GitHub history; no past projects. Legitimate projects have public teams who put their reputation on the line. Anonymous is not always fatal (e.g., Bitcoin) but in 2026 it correlates strongly with rug-pull risk for new tokens.
  2. No audit by a recognised firm. CertiK, Trail of Bits, ConsenSys Diligence, Halborn, OpenZeppelin, Quantstamp, PeckShield are the major reputable audit firms. "Self-audited" or "audited by [unknown firm]" doesn't count. Audit is necessary but not sufficient — bad actors have been audited.
  3. Liquidity not locked, or locked for under 12 months. Liquidity locks (via Unicrypt, Team Finance, DxLock) prevent the developers from withdrawing the LP tokens. Unlocked = hard rug possible at any moment. Short locks = soft rug possible the day after expiry.
  4. Developer wallet holds >20% of token supply. Check Etherscan / BscScan / Solscan top-holders list. High developer concentration enables soft rug (gradual sell-off) trivially.
  5. Smart contract has dangerous functions. Mint (developer can create new tokens), pause (developer can disable trading), blacklist (developer can block specific wallets from selling), variable transfer fees (developer can change taxation). Use TokenSniffer, RugDoc, De.Fi, or Quick Intel to scan automatically. Any of these flagged = high risk.
  6. Marketing heavy on hype, light on technical detail. Telegram groups full of moon-emoji posts, Twitter influencer shilling, "next 100x" framing, no concrete use case or technical innovation. Real projects can describe what they do without crypto-jargon hype.
  7. Tokenomics rely on continuous new buyer inflow. Rewards paid in the project's own token rather than ETH/BTC/stablecoins; staking yields above 50% APY; referral or pyramid-style incentives. Any token whose value depends entirely on new buyers arriving is mathematically a Ponzi structure.

Two-three of these together = high rug-pull risk; all seven = near-certain rug pull.

Pre-investment 5-step due diligence

  1. Verify the team. Search names, LinkedIn, GitHub. Anonymous teams: avoid for tokens under 12 months old.
  2. Read the audit report. Not just check whether one exists — actually read the report. Note any unresolved high-severity findings.
  3. Verify liquidity lock. Use Unicrypt, Team Finance, or DxLock dashboards. Verify both that there's a lock AND the lock duration is appropriate (12+ months minimum).
  4. Check token distribution. Etherscan top-holders list. Anything above 20% in developer wallet, or top-10 holders together holding above 60%, is high risk.
  5. Scan the smart contract. TokenSniffer.com is free; RugDoc has DeFi-specific scanners; De.Fi has comprehensive smart-contract risk analysis. Look at the automated red-flag list.

If any step fails, decision is "don't invest". If all five pass, you've eliminated obvious rug pulls but not all crypto risk — price volatility, market crashes, and individual project failure remain.

If you've been rug-pulled — realistic next steps

Don't expect recovery

Industry recovery rates for rug pulls are very low. Decentralised infrastructure, anonymous perpetrators, cross-jurisdictional execution, and rapid mixing of funds mean most rugs are unrecoverable in practice. We won't promise otherwise. The next steps below maximise your chance, but the realistic baseline is "the funds are gone".

Same-day actions

  1. Save all evidence. Transaction hashes, wallet addresses (developer + LP), screenshots of project Twitter/Telegram before they disappear, the smart contract address, your purchase records.
  2. Bank fraud line if applicable. If you bought the token via UK bank transfer to a UK exchange that then routed to crypto, the bank-transfer leg may qualify for PSR Mandatory Reimbursement. Time-critical.
  3. File Report Fraud report at reportfraud.police.uk. 15 minutes online.
  4. Report to FCA at fca.org.uk/contact — if the project was marketed to UK consumers, financial-promotions rules apply even if the token itself was unregulated.

Within 30 days

  1. Specialist crypto-tracing solicitor. TLW, CEL, Hugh James handle these cases on no-win-no-fee. Blockchain forensics firms (Chainalysis, TRM Labs) can follow funds to known exchange clusters where seizure orders may be possible.
  2. Start a PSR claim with our PSR claim wizard if bank-transfer leg applicable.
  3. Watch for recovery scams. Rug-pull victims are heavily targeted by follow-up scammers offering to recover funds for an upfront fee. All such offers are scams. Recovery scam warning.
  4. Add CIFAS Protective Registration if you shared ID with the project's KYC process. Walkthrough.
  5. Tax loss — UK HMRC treats crypto losses as Capital Gains losses; can offset other capital gains in same or future years. Speak to an accountant for specifics.

Longer-term

Most rug-pull losses are permanent. Recovery work focuses on emotional + financial rebuild rather than chasing perpetrators. See financial rebuilding guide and mental-health recovery routine.

Frequently asked questions

What is a crypto rug pull?

A rug pull is when the creators of a crypto token deliberately drain its liquidity pool, sell their reserved supply into the market, or modify the smart contract to make holders unable to sell — all leaving the token effectively worthless. Coined in DeFi (decentralised finance), the term applies to new tokens, meme coins, yield-farming protocols, and NFT projects. Chainalysis estimates billions in annual rug-pull losses globally. UK retail investors entering low-cap tokens, launchpad sales, or LP staking are the primary target group.

What are the 3 rug-pull patterns?

(1) Hard rug — the developers withdraw the entire liquidity pool in a single transaction, after which the token price crashes to near-zero. Happens fast, often in minutes. (2) Soft rug — developers gradually sell their reserved token allocation over days/weeks, depressing price slowly. Less obviously fraudulent but produces similar end result. (3) Liquidity drain via smart contract — developers retain ability to modify the token contract, then deploy a 'feature' (often hidden in a contract upgrade) that lets them mint unlimited new tokens, freeze trading, blacklist sell wallets, or otherwise extract value. The contract upgrade is the rug; coordinated with a sell-off of the developer's allocation.

What are the red flags before investing?

Seven strong signals. (1) Anonymous developers — no doxxed team, no LinkedIn profiles, no public history of past projects. (2) New token (under 90 days) with no audit by a known firm (CertiK, Trail of Bits, ConsenSys Diligence). (3) Liquidity not locked, or locked for <12 months. (4) Developer wallet holds >20% of token supply. (5) Smart contract has 'mint' or 'pause' functions, or admin-controlled blacklist. (6) Marketing is heavy on Telegram/Twitter hype, light on technical detail. (7) Token economics rely on continuous new buyer inflow ('rewards' paid in same token rather than ETH/BTC/stablecoins). Any 2-3 of these together is high rug-pull risk; all 7 together is near-certain rug pull.

How do I check a token before investing?

Five-step due diligence, takes 30-60 minutes. (1) Check team — search names + LinkedIn; verify past projects. Anonymous = high risk. (2) Read the audit report from a recognised firm. No audit = high risk. (3) Check liquidity lock — use Unicrypt, Team Finance, or DxLock dashboards; verify lock duration. (4) Check token distribution — Etherscan / BscScan / Solscan show top holder wallets; developer concentration above 20% = high risk. (5) Read the smart contract — at minimum, check for mint, pause, blacklist functions using a tool like TokenSniffer, RugDoc, or De.Fi. Any single check failing isn't conclusive; combined with red flags above, build a confidence assessment.

Can I recover from a rug pull?

Generally very difficult. Crypto rug pulls are typically: (a) executed by anonymous teams; (b) on decentralised infrastructure outside any single jurisdiction's enforcement reach; (c) involving funds routed through mixers and converted to other tokens within minutes. Industry recovery rates are low — most documented recoveries involve law-enforcement seizure orders against specific identified individuals (rare). UK-specific routes that may help: (1) PSR Mandatory Reimbursement on the bank-transfer leg if you bought through a UK exchange. (2) Specialist crypto-tracing solicitors (TLW, CEL, Hugh James) on no-win-no-fee. (3) FCA reporting to add the project to Warning List. Crypto losses generally don't qualify for FSCS or FOS. Watch carefully for recovery scams — rug-pull victims are heavily targeted.

Is rug-pulling illegal?

In the UK and most major jurisdictions: yes, fraud. The criminal offence varies — typically fraud by false representation (Fraud Act 2006), money laundering, or in some cases market manipulation. The challenge is enforcement: rug pullers are usually anonymous, the smart contracts are immutable, and the funds move across jurisdictions. The legal status doesn't help individual victims recover money, but it does mean specialist solicitors can pursue civil claims if the perpetrators can be identified (sometimes via blockchain forensics tracing to identified exchange accounts). The FCA's stance: cryptoassets themselves are largely outside FCA scope, but firms 'marketing' crypto in the UK do fall under financial-promotions rules — rug-pull promotion may breach FCA rules even where the underlying asset is unregulated.

Related scam guides

Related scam guides