You've probably seen the scene. Somebody in a group chat is shouting about a "100x gem, presale closing soon," the chart is all green, and people around you are posting screenshots of their balance doubling. So you buy a little. It climbs for a few days, you decide to take some off the table, you hit sell — and it just won't go through. Or you wake up one morning and the coin is worth zero, the team's X account, website, and group are all gone. That's a rug pull, and its meaner cousin, the honeypot. This piece won't teach you how to trade. It'll teach you where the trap is and what you can actually check before you put money in.
- A honeypot is "buy yes, sell no." The contract is rigged so only the team's own addresses can sell; your sell gets blocked at the door.
- "Rug pull" is the bigger umbrella. Besides honeypots, it covers the team simply pulling the liquidity and vanishing (a hard rug), or slowly dumping to cash out over time (a soft rug).
- Once your money is in, your odds of getting it back are tiny — on-chain transactions are irreversible and anonymous teams just walk. The check you run before buying matters a hundred times more than anything you can do after.
First, sort out what each term means
People use these two words interchangeably, but they aren't quite the same thing — and keeping them straight helps you see where the trap actually sits.
A rug pull is the broad one. It means the team makes off with investors' money and disappears. You buy a new project's token, all that money pools into a trading pool, and at some moment the team either drains the pool or dumps its own huge stash onto the market to cash out. The price craters to zero and they're gone with the money. The rug gets yanked, and everyone standing on it goes down. That's a rug pull.
A honeypot is a particularly nasty, particularly common form of it. The name fits: it's sweet bait you can crawl into but can't crawl back out of. This kind of token lets you buy in but won't let you sell. The problem isn't the market — it's the token's own smart contract. The code has rules baked in so that a regular holder's sell gets blocked, or has nearly the whole amount skimmed off, while only the team's addresses can sell normally. You watch the number in your account climb, but it's a number you can never withdraw.
In one line: a honeypot is a trap built into the contract; a rug pull is the bigger idea that includes honeypots, plus teams that just drain liquidity or dump and run.
The honeypot trap: money goes in, can't come out
The first time people hear "you can buy but can't sell," they don't believe it — aren't exchanges and DEXs public, so how can a sell not go through? Here's the key: in decentralized trading, the token you're buying and selling has its rules written into the token's own contract code, and that code was written by the project team. They can rig it.
An everyday analogy: think of the token as a concert ticket. A normal ticket, once you buy it, you can resell to someone else. But a honeypot issues a "special" ticket with a line of fine print: "This ticket may only be redeemed by the organizer; no resale by anyone else." You paid for the ticket, the system even registered it to your name, but the moment you try to resell, that one rule slaps your hand away. You think you're holding an asset; you're actually holding a voucher that's void on use.
Common tricks baked into the contract (you only need the concept, not the code)
- Selling blocked: every sell except from a whitelist (the team's addresses) simply fails.
- Absurd sell tax: you can sell, but the moment you do, 90% or 99% is skimmed off — which means you effectively can't.
- Mint / rule changes at will: the contract has a back door, so the team can mint unlimited new tokens to dump, or change the tax rate and the sellable list whenever they like.
- A pause switch: the team can freeze trading for everyone with one tap while still trading themselves.
What all these tricks share is asymmetry. On the surface everyone's trading as equals in one market; underneath, the team holds a set of hidden powers that only ever favor them.
Soft rug vs. hard rug
Rug pulls come in fast and slow. Once you can tell them apart, you'll understand why a project that "looks like it's still running" can also be a scam.
Hard rug: drained overnight
The blunt version. The team pulls the liquidity straight out of the pool (or dumps every reserved token), the price hits zero in an instant, then the website goes dark, the community dissolves, and the social accounts get deleted. From the moment you notice something's wrong to the moment it's all over might be just a few minutes.
Soft rug: bled out slowly
Sneakier. Instead of running all at once, the team keeps up the appearance of an active project while quietly dumping in small batches — shave a little off the holdings today, announce some "good news" to pump it and sell again tomorrow. By the time they've offloaded most of their stash, the project just quietly dies. Victims often don't realize until very late that they've been the team's exit liquidity the whole time.
Soft rugs are especially good at lowering your guard, because they satisfy the very thing you wanted to believe — that "the team keeps shipping, the community's still buzzing." But active isn't the same as honest. Keeping the hype alive can be part of the dump itself.
Where you're most likely to run into them
Honeypots and rug pulls don't show up at random. They cluster in a few kinds of places. Know them in advance, and your guard goes up on its own when you walk in:
New-coin presales and "early launches"
"Presale closing soon, miss it and it's gone forever," "early-bird price, room to double" — manufacturing scarcity and urgency to push you to send money before you've verified a single thing. A presale means you hand over cash when the project has almost nothing yet, which is exactly when running off costs the scammer the least.
Meme coins and "shitcoins"
Tokens with no real use, riding purely on community hype and emotion, cost next to nothing to create — thousands can spawn in a day. This is the most fertile soil for honeypots, and the vast majority go to zero within days.
New tokens on obscure DEXs
Anyone can create a new token and spin up a trading pool on these DEXs, with zero review. A contract that launched a few hours ago and that nobody has audited — you know nothing about what its code actually does.
"100x" calls in groups and signal channels
"Insider info," "whales are loading up," "100x minimum" — these calls are really recruiting the bag-holders the team needs. The louder the shilling and the more outrageous the promised multiple, the more you should take a step back.
Red-flag checklist
Any one of these on its own is reason to be wary; stack up several and you should just turn around and walk:
- Fully anonymous team, with no verifiable real identity or track record — when it goes wrong, there's literally no one to find.
- Promised returns, especially "100x," "guaranteed," or "principal-protected." Legitimate projects won't — and dare not — talk that way.
- Liquidity isn't locked, or is locked for a very short time, meaning the team can pull the pool's money out anytime.
- No audit, or an "audit report" you can't verify on the auditor's own website (faked audits are extremely common).
- Holdings are heavily concentrated: a handful of addresses hold the bulk of the supply, so one sell can crater the price.
- You can buy but can't sell, or others report failed sells / a huge fee skimmed off — the most direct, ironclad sign of a honeypot.
- Extreme urgency: "presale ends in 10 minutes," "get in now or miss out" — no time left for you to verify anything.
"It has an audit" doesn't mean it's safe
Scammers fake audit reports, or paste one that doesn't match the contract actually deployed. Don't relax just because you see "audited": go to the auditing firm's own website and confirm the report genuinely exists and corresponds to this exact contract address. An audit you can't verify counts as no audit. Note too that the US SEC and CFTC have repeatedly flagged crypto projects making impossible return promises — a verifiable third-party stamp is the floor, not the ceiling.
Quick checks you can run before you buy
Be clear up front: no check can guarantee a coin is 100% safe. Scammers' methods keep evolving, and malicious code can be buried deep. The steps below are just a first pass — they'll knock out a good share of the obvious traps. If you can't read it or can't verify it, the safest move is to not touch it.
Look at holder distribution on a block explorer
Paste the token's contract address into the block explorer for its chain and look at the Holders list. If the top few addresses hold the overwhelming majority (still concentrated even after you exclude the lock-up and pool addresses), a small number of people can crater the price easily — high risk.
Test that a tiny sell goes through
If you're really going to take part, buy with a tiny amount you wouldn't miss, then immediately try to sell part of it. If the sell fails, or an abnormally high fee gets skimmed off, you can basically call it a honeypot — stop right there.
Check whether liquidity is locked
Find out whether the project's pool liquidity is locked and for how long. Unlocked or about to expire means the team can pull out and run anytime. Note that "locked" can be faked too, so this step is also only a reference.
Check that the team and audit are verifiable
Is the team anonymous? Is the contract audited by a firm you can verify on the firm's own site? Any "endorsement" you can't independently verify is not a safety credential.
The easier road
These checks aren't trivial, and reading contract code is well beyond what most people can casually do. If your goal is simply to hold mainstream crypto assets — not to gamble on unknown new coins — then trading assets already listed and basically vetted on a major, regulated exchange sidesteps this entire category of honeypot risk. An exchange isn't going to list a "buy but can't sell" contract. Spending your energy on "picking the right place to enter" is far more realistic than vetting shitcoins one by one.
Already caught: the reality and what to do
The most important — and least pleasant — thing first: honeypot and rug-pull money is, in the vast majority of cases, gone for good. These teams are usually anonymous, use throwaway wallets, move and obscure the funds fast, and on-chain transactions can't be reversed. No "support agent" can claw back the transaction, and no one can "unfreeze" your coins. Anyone claiming they can recover it is almost always the next scam in line.
Given that reality, here's what you can still do:
- Stop putting more in, right now. Don't "average down to lower your cost," and don't believe "pay one more fee and the sell will unlock."
- Preserve evidence. Screenshot the contract address, transaction hashes, the project's marketing page, the group chats and shill posts, and the transfer records. These are the basis for any later report and for warning others.
- Revoke wallet approvals. If you granted any token approvals to join the project, revoke those contracts' allowances as soon as you can so you don't get drained further.
- Warn the people around you and the community. Share the contract address and what happened — one fewer bag-holder is a win.
- Report it. In the US, file with the FBI's IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov); you can also flag fraudulent securities offerings to the SEC. In the UK, report to Action Fraud.
Watch for the "second-wave" scam right behind it
After a rug pull, someone will soon DM you claiming they can "recover your stolen coins," asking for a "fee" or "deposit" first. This is a second-wave scam built specifically to prey on victims — see USDT "recovery / unfreeze" scams. For how to gather evidence and report after being scammed, see what to do after you've been scammed.
FAQ
Are a honeypot and a rug pull the same thing?
Not exactly. A honeypot is a token whose contract is rigged so you can buy but can't sell — the problem is in the token's own contract. A rug pull is broader: a team that runs off with the money or dumps and disappears, covering honeypots as well as teams that simply drain the pool's liquidity or slowly sell out. You can think of a honeypot as one classic form of rug pull.
How can I tell if a coin is a honeypot before I buy?
Nothing makes it 100% safe, but a few quick checks filter out many obvious traps: look at holder distribution on a block explorer (heavy concentration is high risk); check whether the pool's liquidity is locked and for how long; and buy a tiny amount, then immediately try to sell to see if it goes through. These are first-pass checks only. Judging whether a contract hides malicious code takes real tools and experience — if you can't read it, don't touch it.
The project has a website, a whitepaper, and an active community — does that make it safe?
You can't draw that conclusion. A website, a whitepaper, and a buzzing community can all be staged; soft-rug teams will deliberately keep up the "still building" act to keep dumping. These are just a basic storefront and constitute no safety guarantee. What actually matters is whether the team is verifiable, whether the contract's powers are symmetric, and whether liquidity is locked.
I got rug-pulled — can I get my money back?
The reality is harsh: in most cases, no. These teams are usually anonymous, use throwaway wallets, and move funds fast, and on-chain transactions can't be reversed. What you can do is immediately preserve evidence (contract address, transaction hashes, marketing and chat logs), stop putting money in, and stay alert to the "we'll recover your losses" second-wave scam. In the US, report to IC3 (ic3.gov) and the FTC.
Instead of vetting shitcoins one by one, pick the right place to enter
Honeypots and most rug pulls bet on the same thing: an obscure new coin plus you not having time to verify. If all you want is exposure to mainstream crypto, trading assets that are already listed and basically vetted on a major, regulated exchange sidesteps this whole category of "buy but can't sell" contract traps. OKX is one mainstream exchange; you can reach it through the official sign-up link below, and its official domain is okx.com.
Read next
- Fake airdrops & wallet-approval theft — a lot of shitcoins use "airdrops" as bait; sign one approval and your wallet gets drained.
- Fake high-rebate & Ponzi schemes — they recruit the same way, on a "promised high return," and run on later money too.
- The 7-step scam-check framework — the general routine to run on any "100x opportunity" before you act.