A global, evidence-first guide to spotting rug pulls, fake “DeFi” platforms, and polished investment fraud — using what you can verify in minutes.
The uncomfortable truth about crypto scams
Scam projects rarely fail on “tech” first — they fail on verifiability. Real teams leave evidence you can corroborate: consistent identity, explainable money flows, transparent code, and constrained admin powers. Scams lean on design polish, urgency, and unverifiable claims — then trap you with “withdrawal issues,” extra fees, or a sudden liquidity drain.
This post gives you a workflow to test three things:
- Website tells (identity and credibility signals you can actually verify)
- Wallet trails (where the money came from and where it goes)
- Smart-contract red flags (permissions, upgradeability, liquidity, and holder reality)
Disclaimer: This is educational and risk-focused — not financial advice. Your goal here is simple: don’t risk money you can’t independently verify.
The 60-second kill switch (use this before you “do more research”)
If you see two or more of these together, treat it as high-risk and walk away:
- A brand-new domain for a project claiming years of history
- A “team” with no verifiable footprint (no track record you can corroborate outside their own channels)
- A professional website but withdrawals are “pending” or require extra fees/taxes to “unlock” funds
- Token/contract source code not verified on a major explorer
- Upgradeable proxy with upgrades controlled by a single wallet (no multisig, no timelock)
- Liquidity can be pulled (or LP tokens are controlled by insiders) — classic rug pull mechanics
- Wallet activity shows multiple FATF-style red flags with no plausible explanation
Step 1: Identify the scam pattern (because each leaves different evidence)
Most crypto “projects” that wipe people fit a few repeating patterns:
- Relationship-based investment fraud (often mislabeled “pig butchering”): trust-building, then a fake platform where withdrawals “break.” Interpol has urged shifting language because victim-shaming terms reduce reporting — focus on mechanics, not labels.
- Rug pulls: a token launches, liquidity appears, hype builds, then insiders drain the liquidity pool and disappear.
- Professional-looking fake platforms: slick dashboards, fake profit graphs, “support” pushing bigger deposits, then withdrawal friction. The UK FCA explicitly warns about scam ads leading to professional sites with manipulated prices/returns.
- Cross-border laundering networks: large fraud rings operate internationally and move funds through layered pipelines; Europol regularly reports multi-country disruptions tied to crypto fraud and laundering.
Why it matters: rugs scream in contracts + liquidity. Fake platforms scream in website behavior + withdrawals + wallet trails.
Step 2: Website tells — “polished” is not “legit”
A scam site can look better than a real startup. Design is cheap. Traceability isn’t.
High-signal website red flags (global, repeatable)
- New domain + big history claims (a classic mismatch)
- Clone/imposter behavior: lookalike domains, fake trust badges, fake “warnings,” or copycat branding. Regulators have warned about imposter sites using fake warning banners specifically to create legitimacy.
- No verifiable footprint: no real company trail, no named leaders with an externally verifiable history, no consistent presence across time (not just a fresh X account + Telegram)
- Over-optimized persuasion: urgency, guaranteed returns, vague “AI trading,” heavy referral mechanics, minimal technical detail
- Support-driven funnel: “account managers” pushing deposits (especially via WhatsApp/Telegram) and discouraging withdrawals
What to do (fast, evidence-first)
- Check domain registration data via ICANN Lookup (don’t overthink it — you’re looking for obvious mismatches).
- Search the exact project name + contract address + “scam” (and also search the contract address alone).
- If they claim licensing or endorsements, verify directly via official sources — scammers often impersonate institutions and regulators.
Practical rule: A new domain isn’t proof of fraud. But new domain + unverifiable identity + aggressive pitch is a high-risk combo.
Step 3: Logic checks — the story must match reality
Scams collapse under simple questions because the “business” can’t be explained without hand-waving.
Pressure-test the core claims
- Where does yield come from? If it’s “trading,” you should see coherent risk disclosure and a believable mechanism — not magic. Regulators warn scammers can manipulate software to fake returns.
- Who controls user funds? If you deposit to addresses you don’t control and withdrawals are “manual,” “pending,” or require extra payments, that’s a classic extraction ladder.
- What can you verify independently — right now? If the answer is “trust us,” stop.
Step 4: Smart-contract triage — the 10-minute on-chain sanity check
You don’t need to be a smart-contract auditor to spot deal-breakers. You just need to look for transparency + dangerous permissions.
A) Is the contract verified?
If the token/contract source code isn’t verified on a major explorer, you can’t reliably inspect what it does. Etherscan explicitly frames verification as transparency for users interacting with contracts.
Rule: Unverified code + heavy marketing = walk away unless there’s a compelling, checkable reason.
B) Is it upgradeable (proxy)?
Upgradeable proxies are common — and risky if controlled by a single key. Proxies can allow the implementation logic to change after you buy.
Red flag: upgrades controlled by one wallet with no multisig, no timelock.
C) Scan for “god-mode” powers (function names vary — intent doesn’t)
Look for categories like:
- Minting / supply changes (owner can create new tokens)
- Blacklist / freeze (can block sells or transfers)
- Pause (can halt transfers)
- Fee/tax setters (can spike fees and trap buyers)
- Withdraw/skim (can drain treasury or liquidity)
D) Admin key hygiene: multisig + timelock beats “trust me”
If sensitive actions exist, you want:
- Multisig control (no single-person key)
- Timelock delays on upgrades/parameter changes (gives users time to exit)
Step 5: Liquidity and holder reality — where rugs usually show up
Rug pulls typically show up in liquidity control and concentration.
What to check
- Who holds LP tokens and whether liquidity is truly locked (and for how long)
- Top holders: extreme concentration means dump risk — especially if linked to deployer/team wallets
- Trading restrictions: honeypot behavior (can buy but can’t sell) often ties to blacklist/fee logic
Chainalysis describes rug pulls as developers draining funds from the liquidity pool, collapsing the token’s value.
Step 6: Wallet trails — follow the money, not the marketing
Wallet trails are where hype meets physics. Even simple checks expose contradictions.
High-signal wallet red flags
- Deployer/team wallet funding comes from fresh wallets with no history (or messy chains that don’t make business sense)
- Circular flows among a small cluster (possible wash activity or fake traction)
- Rapid dispersal after marketing spikes (money leaving when attention peaks)
- Patterns consistent with illicit typologies (multiple indicators stacking with no legitimate explanation)
The FATF’s global red-flag indicators emphasize that multiple red flags with no logical explanation warrant deeper scrutiny.
Step 7: Audits and “security theater” — real assurance vs decoration
An “audit badge” can be pure marketing.
Audit reality checks
- Is there a named auditor, a public report, and evidence fixes were implemented?
- Does the audit scope match what you’re buying (token contract vs full protocol)?
- Are there ongoing controls (multisig, timelock, monitoring, bug bounty)?
OpenZeppelin explicitly warns against treating audits as a silver bullet — audit effectiveness depends on code quality and human review.
Quick scorecard (save this)
| What you’re checking | Green looks like | Red looks like |
|---|---|---|
| Identity + website | Long-lived footprint, consistent records | New domain + unverifiable team + pressure |
| Withdrawals | Clear, automated, normal friction | “Fees/taxes” to unlock; “pending” forever |
| Contract transparency | Verified source code | Unverified contract |
| Admin powers | Multisig + timelock | Single-key upgrades/mint/fees |
| Liquidity | Locked/credible LP control | Liquidity removable; LP held by insiders |
| Wallet trails | Explainable flows | Stacked FATF-style red flags |
If you already deposited money
Do this immediately:
- Stop sending funds — especially “fees/taxes” to release withdrawals.
- Preserve evidence: transaction hashes, wallet addresses, emails/chats, screenshots, website URLs, timestamps.
- If you used an exchange, bank card, or bank transfer path, contact them fast and provide the evidence.
- Report to the relevant authorities in your jurisdiction (fraud reporting is often time-sensitive, and these rings are frequently cross-border).
Conclusion: the walk-away threshold that actually works
If you want one rule that holds globally:
Don’t trust what you can’t verify.
Walk away when you see any two of the following together:
- New domain + big history claims
- Professional site + unverifiable team/company trail
- Withdrawal friction (extra fees/taxes to unlock funds)
- Unverified contract code
- Single-key control of upgrades/fees/minting
- Wallet trails stacking multiple red flags with no legitimate explanation