How to Spot a Rug Pull on Solana: 7 Red Flags Every Crypto Investor Must Know

A rug pull is the most common and devastating scam in cryptocurrency. It works like this: a scammer creates a token, promotes it heavily to attract buyers, waits until the liquidity pool is filled with buyers' SOL, and then either withdraws all the liquidity or dumps their massive token holdings — crashing the price to zero and stealing everyone's money. On Solana, rug pulls happen fast. A token can launch, attract $50,000+ in liquidity, and get rugged within hours. The speed of the Solana blockchain, which is normally an advantage, also means scammers can execute and disappear before anyone realizes what happened. The good news: almost every rug pull follows the same pattern, and with the right tools, you can spot them before you invest a single SOL.

This is the single biggest red flag in Solana tokens. Freeze Authority gives the token creator the power to freeze tokens in any wallet, preventing the holder from transferring or selling. How the scam works: 1. Scammer creates a token with Freeze Authority enabled 2. Promotes the token and attracts hundreds of buyers 3. Once enough SOL is in the pool, the scammer freezes every buyer's wallet 4. Only the scammer can sell, crashing the price while everyone else is locked out This is called a "honeypot" — you can buy in but you can never sell. It is the most common Solana scam and it is 100% detectable. How to check: Paste the token's mint address into the [MinTools Token Scanner](/scanner). If "Freeze Authority" shows as "ACTIVE" with a red warning, do NOT buy that token under any circumstances.

Mint Authority allows the creator to print unlimited new tokens at any time, directly increasing the circulating supply and diluting every existing holder's value. How the scam works: 1. Scammer creates a token with 1 Billion supply and Mint Authority enabled 2. Promotes the token until it reaches a high price 3. Mints 10 Billion additional tokens directly to their wallet 4. Dumps the new tokens on the market, crashing the price by 90%+ How to check: The [Token Scanner](/scanner) will show "Mint Authority: ACTIVE" in red if this risk exists. Legitimate projects revoke Mint Authority to prove their supply is permanently capped.

When a creator sets up a Raydium liquidity pool, they receive LP (Liquidity Provider) tokens. These LP tokens represent ownership of the SOL and tokens in the pool. If the creator holds these LP tokens in their wallet, they can withdraw all the liquidity at any moment. How the scam works: 1. Scammer creates a pool with 10 SOL and their token 2. Buyers swap SOL for the token, adding more SOL to the pool 3. Pool grows to 50+ SOL from buyer activity 4. Scammer uses their LP tokens to withdraw ALL the SOL from the pool 5. Token price crashes to zero — classic rug pull How to check: Look for "100% LP Burned" on DexScreener or security scanners. If LP tokens are sitting in the creator's wallet, the rug pull risk is extremely high.

If a single wallet (or a small group of wallets) holds 20-50%+ of the total token supply, they have the power to crash the price at any moment by dumping their holdings. How the scam works: 1. Creator keeps 30% of the supply in their own wallet 2. Distributes only 70% into the liquidity pool 3. Promotes the token and lets the price rise naturally 4. Dumps their 30% all at once, crashing the price and pocketing massive SOL How to check: The [MinTools Token Scanner](/scanner) analyzes the top 10 holders and shows exactly what percentage each wallet controls. If the top wallet holds more than 10-15% of supply (and it is not a liquidity pool contract), be very cautious.

Every legitimate crypto project has an active Twitter/X account, a Telegram community, and ideally a website. If a token has zero social presence, it is almost certainly a pump-and-dump. Warning signs: • Token metadata has no social links (Twitter, Telegram, Website fields are empty) • The Twitter account was created within the last 24 hours • Zero community engagement — the Telegram group has bots but no real people • The "team" refuses to show faces or share any identifying information While anonymous teams are not automatically scams (Bitcoin was created anonymously), the vast majority of anonymous meme coin projects with no social presence are exit scams.

Mutable metadata means the token creator can change the token's name, symbol, logo, and description at any time after launch. How the scam works: 1. Scammer creates a token called "SAFE MOON 2.0" with a legitimate-looking logo 2. Token gets traction and people buy in based on the name and branding 3. Scammer changes the metadata to something completely different 4. The token is now untraceable and the scammer launches a new version to repeat the process While mutable metadata is normal for young projects that are still developing their brand, be cautious if a token has been live for months and still has mutable metadata.

Scammers are masters of artificial urgency. Watch out for these manipulation tactics: • "Launching in 10 minutes!" posts in random Telegram groups with zero build-up • Fake Elon Musk or celebrity endorsement screenshots • Paid bot comments flooding Twitter replies with rocket emojis • Promises of "100x guaranteed" or "next WIF confirmed" • Countdown timers and artificial scarcity ("only 100 spots for presale!") Legitimate projects build communities organically over days and weeks. If a token appeared out of nowhere 30 minutes ago and is already being shilled in 50 Telegram groups, it is almost certainly a coordinated rug pull. The best defense is always to scan before you invest. Use the [MinTools Token Scanner](/scanner) to run a full on-chain audit in 2 seconds. It checks every single red flag mentioned in this guide automatically and gives you a clear Safety Score.

Q: Can a token with a 100/100 safety score still be a scam?

A: A perfect on-chain safety score means the smart contract has no technical vulnerabilities (authorities revoked, LP burned, good distribution). However, it cannot predict if the creator will stop marketing the project, sell their remaining tokens slowly over time, or abandon the community. On-chain safety is the first check, but always do your own research on the team and community.

Q: What should I do if I already bought a suspicious token?

A: If the token still has active Freeze Authority, try to sell immediately before the scammer freezes wallets. If you can still sell, do so and cut your losses. If the token is already frozen (honeypot), unfortunately the tokens are locked and cannot be recovered. Report the contract address on social media to warn others.

Q: Are all new tokens scams?

A: Absolutely not. Thousands of legitimate projects launch on Solana every month. The key is to verify the on-chain security before investing. A new token with revoked authorities, burned LP, and an active community is far safer than an old token with active freeze authority.

Q: How can I protect myself as a token creator?

A: Revoke Freeze and Mint authorities immediately after creation using the Revoke Authority tool. Burn your LP tokens after creating the liquidity pool. Add social links to your metadata. These steps will earn you a high safety score and build immediate trust with potential buyers.