A rug pull is when the team behind a token, NFT, or DeFi protocol withdraws the project's liquidity or treasury and disappears. The "rug" is the liquidity pool, and "pulling" it leaves holders with worthless tokens they can't sell.
Rug pulls split into a few patterns:
- Liquidity drain: the team owns the liquidity tokens and withdraws them, collapsing the price.
- Mint exploit: the contract has a hidden mint function and the team prints unlimited tokens to dump.
- Hidden owner privileges: backdoors in the contract that allow draining user-deposited funds.
- Slow rug: the team progressively sells their allocation while pretending to build, then abandons the project.
Rug pulls are usually detectable in advance: locked liquidity that isn't really locked, ownership not renounced when the team claims it is, mint and pause functions still callable by an EOA, suspicious tokenomics, anonymous teams with no track record. Reading the contract, or paying someone to read it, is the only real defense.