A rug pull is when a token’s creators drain liquidity, abandon the project, and leave holders with worthless tokens. A honeypot is a token you can buy but can never sell. Both are the most common scams in crypto — and both leave clear on-chain fingerprints.

Why On-Chain Analysis Catches Scams

Scams happen on-chain, which means every malicious action is recorded permanently. The deployer’s address, the contract code, the liquidity pool creation, the token transfers — all of it is public data you can inspect before buying.

The key principle: if you check the chain before you buy, you can avoid 90%+ of scams.

Rug Pulls: Anatomy and Red Flags

A typical rug pull follows this sequence:

  1. Developer deploys a token smart contract
  2. Developer creates a trading pair on a DEX and adds initial liquidity
  3. Users buy the token, creating demand
  4. Developer removes all liquidity (or mints unlimited tokens and dumps them)
  5. Price crashes to zero; holders can’t exit

Red Flag 1: Unlocked Liquidity

The most critical check. If the developer can remove liquidity pool tokens at any time, a rug pull is one click away.

How to check:

  • Go to the token’s liquidity pool on Etherscan or a block explorer
  • Check who holds the LP tokens — if the deployer’s address holds them, liquidity is unlocked
  • Look for liquidity locking services (Team Finance, UncxNetwork, PinkLock) — these time-lock LP tokens so they can’t be withdrawn early
  • Verify the lock duration — a 1-week lock is meaningless; look for 6+ months

Red Flag 2: Mint Function with No Cap

If the smart contract can mint new tokens, the developer can create unlimited supply and dump it.

How to check:

  • Read the token contract on Etherscan (Contract → Read Contract)
  • Check if maxSupply equals totalSupply — if there’s room to mint, the supply isn’t truly capped
  • Look for a mint() function accessible by the owner — this means unlimited inflation is possible
  • Verify the token’s max supply against its circulating supply

Red Flag 3: Owner Can Halt Trading

Some contracts include functions that let the owner pause trading or blacklist addresses. This power can be used to prevent sells — turning the token into a honeypot.

How to check:

  • Check for pause(), setBlacklist(), or canTransfer modifiers in the verified Solidity source code
  • A legitimate token rarely needs the ability to halt trading on a DEX

Red Flag 4: Concentrated Supply

If one or a few addresses hold a large percentage of the total supply, they can dump and crash the price.

How to check:

  • Check the token’s holder distribution on Etherscan (Token Holders tab)
  • If the top 10 holders (excluding exchange and LP addresses) control > 30% of supply, that’s high risk
  • Trace the top holders using token flow analysis — see if they can send to exchanges

Red Flag 5: Anonymous or Zero-Reputation Deployer

How to check:

  • Look at the deployer’s address history on a block explorer
  • Has this address deployed other tokens? Were those tokens rugged?
  • Check wallet labels for known scammer flags

Honeypots: How They Work

A honeypot is a token where the buy function works normally but the sell function always fails. You can buy in, but the contract blocks your sell — your funds are trapped.

How Honeypots Are Engineered

The smart contract includes hidden logic that prevents sells:

// Simplified honeypot logic
function transfer(address to, uint256 amount) public {
    if (to == liquidityPoolAddress) {
        require(msg.sender == owner, "Cannot sell");
    }
    // Normal transfer for buys...
}

To the buyer, everything looks fine — they buy on a DEX, see the balance in their wallet, but when they try to sell, the transaction reverts.

Red Flags for Honeypots

  • No verified source code. If the contract isn’t verified on Etherscan, you can’t read the logic. Never buy unverified contracts.
  • Complex transfer logic. Legitimate tokens use standard ERC-20 implementations. If the transfer function has extra conditions, flags, or modifiers beyond the standard, be suspicious.
  • No sells in transaction history. Check the token’s recent transactions. If you see dozens of buys but zero sells, it’s likely a honeypot.
  • Tax mechanisms. Some tokens charge a fee on sells (legitimate for some DeFi tokens). But if the sell tax is set to 99% or 100%, it’s functionally a honeypot.

Quick Scam Check Checklist

Before buying any new token, run through this checklist:

  • Is the contract source code verified on Etherscan?
  • Is liquidity locked for at least 6 months?
  • Is there a mint function accessible to the owner?
  • Can the owner pause trading or blacklist addresses?
  • Do top 10 holders control more than 30% of supply?
  • Are there both buys AND sells in recent transactions?
  • Has the deployer’s address been flagged as a scammer?
  • Is there a legitimate contract audit from a reputable firm?
  • Does the project have a credible team (not anonymous)?

If any of these fail — especially liquidity lock, mint function, or verified source code — do not buy.

Tools for Scam Detection

ToolWhat It DoesCost
Token SnifferAutomated contract risk scoringFree
Honeypot.isDetects honeypot tokens by simulating sellsFree
RugCheck.xyzAnalyzes token contracts for rug riskFree
GoPlus Security APIOn-chain security data for any tokenFree
EtherscanManual contract reading and holder analysisFree
DexScreenerToken analytics + quick risk indicatorsFree

Beyond direct rug pulls and honeypots, watch for:

The Bottom Line

Most scams are avoidable. The chain records everything — contract code, liquidity status, holder distribution, transaction patterns. Five minutes of checking before buying saves you from becoming a statistic.

For more on tracing suspicious token movements, see our token flow analysis guide. For understanding the full analysis workflow, see our on-chain analysis workflow guide.