How to Avoid Rugpulls as a Crypto Native

Rugpulls are everywhere in crypto, and they can wipe out your funds fast. It might seem easy to avoid them, but without the right tools and knowledge, you could be next. Previously, we discussed how tricky Crypto Twitter can be and how to avoid rugpulls from a developer’s perspective. This time, I’m going to teach you how to avoid rugpulls as a crypto native. You’ve seen it happen to others on Crypto Twitter — don’t let it happen to you. Here’s how to spot the warning signs and protect your investments.

1. Team Transparency: Why It Matters

When evaluating a crypto project, always check if the team is doxxed (i.e., have they revealed their real identities?). Anonymity might appear appealing in decentralized finance (DeFi), but it raises serious concerns. Ask yourself why they wouldn’t want to be publicly associated with their project.

Take Kokomo Finance as an example. This project had an anonymous team, and before rug-pulling for $4.5 million, they wiped all traces of their social media and websites. Without accountability, it’s easy for these scams to happen​

Pro Tip: Check the team’s history. Use platforms like LinkedIn or Google to verify their claims. If you can’t find any verifiable information, take that as a red flag.

2. Using On-Chain Tools: Etherscan & Bubblemaps

On-chain tools like Etherscan and Bubblemaps are vital for assessing the legitimacy of a crypto project. Here’s how you can use them:

Etherscan:

• View the project’s contract on Etherscan.
• Check the “Holders” tab to see how many tokens are concentrated in the top wallets.
• If a small number of wallets hold most of the tokens, that’s a red flag, as these holders could sell their tokens and crash the project.
• Watch for large transfers between wallets that appear to be the same entity, which can indicate a pump-and-dump scheme.

Bubblemaps:

• Use Bubblemaps to visualize how wallets interact with each other.
• If you see a lot of closely linked bubbles, this could indicate manipulation, where the project’s tokens are concentrated among a few key players. Sometimes it could also be the team themselves so make sure to check what is the label or related wallets to it!

The bubbles with lines are the wallets that has done transactions with each other

Pro Tip: Bubblemaps is useful for tracking tokens across wallets. If you notice that multiple large bubbles are connected, it’s often a sign that the project is moving tokens around to create a false sense of decentralization.

3. Liquidity: How to Actually Check It

Liquidity plays a significant role in a project’s stability. It’s not enough to see that liquidity exists — you also need to check whether it’s locked or unlocked.

How to Check Liquidity:

Use tools like Dexscreener to search for the token and check its Liquidity Lock section. If the liquidity is unlocked, the team could withdraw it at any time, which poses a huge risk for a rugpull. For instance, Merlin DEX suffered a rugpull that drained $2 million from their liquidity pool. Their liquidity was unlocked, meaning the team could pull the funds without warning​

Pro Tip: Never invest in a project with unlocked liquidity — it’s one of the easiest ways for a team to execute a rugpull.

4. Audits Aren’t Foolproof: The CertiK Example

CertiK audits are often viewed as a benchmark for security, but an audit alone doesn’t guarantee safety. Even Merlin DEX, which passed a CertiK audit, ended up rug-pulling its investors​.

What You Should Do:

• Always read the full audit report. Look for centralization risks where a single wallet or team has too much control over the contract.
• Consider using other auditing firms like Hacken or Quantstamp, which may provide a more thorough review.
• Self-auditing is another option — learn to analyze contract code for hidden permissions that allow developers to change the rules or withdraw funds without user input.

Here’s a simple example of a risky function you should be aware of:

// Example of a contract function you should look out for in self-audits

function withdrawAll() public onlyOwner {
    // Transfers all tokens or funds to the owner
    uint256 balance = address(this).balance;
    payable(owner).transfer(balance);
}

// This function allows the contract owner to withdraw all funds
// It's a red flag in projects as the owner can drain the contract at any time

This function allows the contract owner to withdraw all funds, which is a huge red flag.

Steps to Self-Audit on Etherscan

If you want to get deeper, here’s a quick guide on self-auditing using Etherscan:

1. Go to the contract page on Etherscan.
2. Check the “Contract” tab to access the smart contract code.
3. Look for functions that give the owner too much control, like withdraw, pause, or setOwner. These are indicators of centralization risks.
4. Review if the contract is upgradeable. If it is, the devs could change the contract’s rules after deployment, potentially rugging you later.

Pro Tip: If you see contracts that are easily upgradeable or have hidden withdrawal functions, stay away. These are clear signs of rugpull potential.

5. Wallet Distribution: What To Watch For

Centralization of tokens in a few wallets is a red flag for any crypto project. Here’s how to analyze wallet distribution:

Etherscan:

• Check the top token holders. Ideally, no single wallet should hold more than 5% of the total supply.
• If a few wallets control the majority of the tokens, you’re looking at a risky situation where they could dump their holdings.

For example, in the Day of Defeat (DOD) rugpull, two wallets controlled most of the token supply and dumped $1.3 million worth of tokens in a single transaction, crashing the token value​

Pro Tip: Use Etherscan and Bubblemaps to track wallet movements. If tokens are being moved between multiple wallets in smaller chunks, it could be an attempt to disguise concentration.

6. Red Flags: The Warning Signs You Can’t Ignore

Here are some key warning signs that should make you think twice about investing:

• Silent developers: If the team stops communicating or dodges tough questions, that’s a serious concern.
• Overpromised returns: Be wary of projects that guarantee high returns without substantial evidence. DeFi can offer significant rewards, but there are always risks.

Take SushiSwap’s Chef Nomi incident as an example. The anonymous founder suddenly withdrew $14 million from the project’s development fund, which sparked widespread panic and accusations of an exit scam. The move caused the price of SUSHI to crash by over 50%. After intense backlash from the community and key figures like Sam Bankman-Fried, Chef Nomi eventually returned the funds and apologized to the community​. However, this incident still serves as a cautionary tale: when devs make unexplained moves with large sums, the risk of a rugpull is real.

Pro Tip: If a project is generating hype without a working product, it’s a red flag. Many scam projects rely on FOMO (fear of missing out) to lure investors in. Always stay skeptical and evaluate based on facts, not promises.

7. Stay Updated: Use Crypto Twitter to Spot Rugpulls Early

Staying updated with crypto news is critical if you want to avoid falling for a rugpull. Crypto Twitter is one of the best places to catch wind of potential scams early, especially when you follow the right people. Here are a few accounts that consistently provide valuable insights on crypto scams, rugpulls, and suspicious activity.

Some People to Follow:

• @zachxbt: Known for exposing scams and bad actors in the crypto space. Zachxbt has a solid track record of investigating and revealing projects that are high-risk or fraudulent.
• @BubbleMaps: The official Twitter account of Bubble Maps. They share updates on wallet movements and highlight token manipulation by visualizing connections between wallets.
• @Cryptocadetapp: Focuses on education and tips. They provide tools and insights for navigating the crypto space safely.

Turn on notifications for these accounts. This way, you’ll get real-time updates about suspicious projects or activity. Following reliable sources keeps you informed and helps you make better decisions about where to put your money. Crypto Twitter isn’t just noise. By following the right people, you stay in the loop and reduce your chances of falling victim to scams.

Stay Alert and Protect Your Investments

Rugpulls are not going away anytime soon. However, by using on-chain tools like Etherscan and Bubblemaps, verifying liquidity, scrutinizing audit reports, and monitoring wallet distribution, you can greatly reduce your risk. Always trust your instincts, stay skeptical, and never invest more than you can afford to lose.

Paraea is an analyst with a rich background in finance, having worked at various research firms where he gained deep insights into investments and corporate strategies. Now, he blends this expertise with a unique perspective, crafting content for those venturing in finance, tech, or crypto. For more information check out ascendant.finance or join the Discord.

https://twitter.com/ascendantfi
https://twitter.com/cryptocadetapp
https://twitter.com/thetechjd