Project and token scams manipulate investor trust through fake projects, rug pulls and giveaway scams, often leaving victims with worthless tokens or irreversible transfers.
When analyzing cases of loss of funds in crypto, we often focus on direct attacks on the user: phishing, theft of a seed phrase, or signing malicious transactions. However, a significant share of losses comes from a different category: project or token scams.
These are situations where the user does not make an obvious “mistake”, but instead invests in something that is already designed as a scam at the token project level.
The most common forms of these scams are:
- rug pull or exit scam,
- fake giveaway or livestream scam.
In both cases, the key element is manipulation of investor trust and structuring the project itself in a way that allows rapid extraction of funds from the project, rather than exploiting a technical vulnerability.
1. Rug pull / exit scam
At first glance, a rug pull looks like a classic “dump”: the token price suddenly drops, as if someone massively sold it.
However, the mechanism is often different. Instead of developers selling the token, they remove the funds that give the token its value through mechanisms controlling the liquidity pool. If in a dump the price falls, in a rug pull the market effectively disappears.
A rug pull in practice almost always takes place on decentralized exchanges, where trading happens via a so-called liquidity pool.
This basically means that the user does not buy a token from another person, but exchanges it for funds already stored in a shared pool. This pool contains two things: an established cryptocurrency (e.g. ETH) and a new token.
When a user buys the token, what actually happens is the following: they send ETH into the pool and receive the token from the pool. This ETH does not disappear, but remains in the pool, where other users can exchange it again for the issued token.
The key question is who actually provides the funds in the liquidity pool. Initially, this is of course the developers, but as the project grows, more and more established cryptocurrencies are contributed by users.
As the project gains attention, users gradually fill the pool with ETH through purchases. This ETH represents the real, realized value that the project has collected from the market.
At this point, the essence of the rug pull occurs.
From the very beginning, the project is structured in a way that gives developers control over liquidity, which they typically do not have in legitimate projects. When they create the liquidity pool, they receive LP tokens in return, which allow them to reclaim funds from the pool at any time. Usually, to prevent rug pulls, developers commit via smart contracts that prevent them from removing established cryptocurrencies (e.g. ETH) from the liquidity pool entirely or in majority. This is done by locking the majority of LP tokens (so-called liquidity lock). If they do not lock these LP tokens, they retain full control over the funds in the pool, including the ETH contributed by users. It is precisely this lack of restriction that allows them to unilaterally withdraw liquidity and extract real value from the system.
The developers redeem their share in the pool and withdraw the accumulated ETH. By doing so, they remove the only real value from the system. What remains in the pool is mostly their token, which without ETH no longer has a functional market.
For the user, this has a very concrete result:
The token remains in the wallet, but it can no longer be meaningfully sold because there is no liquidity on the other side. The price therefore effectively drops to zero.
Why most people do not detect this in time
These scams rarely reveal themselves through the basic appearance of the project. They often have a professional website, an active Discord or Telegram, and even some level of “community engagement”. In the early stage, the price can actually rise, further reinforcing the sense of legitimacy. At this stage, scammers put real effort into making the project look legitimate to the masses, not just a few individuals, since success depends on it.
The problem is that users often do not understand the basic structure – who controls the liquidity and who actually has influence over the market.
Psychological factors play an important role. The sense of early opportunity, community pressure, and rapid price movement reduce critical judgment. The user does not see centralized control in the background, but rather a “decentralized project in growth”.
How to recognize a rug pull in practice
The most reliable indicators are not visual, but structural. If liquidity is not locked or is locked only for a short time, there is a real possibility that developers will remove it. Similarly, if a large share of tokens is concentrated in one or a few addresses, it means one party can unilaterally influence the price.
How can this be checked with actual, simple steps?
The first step is to review the liquidity pool on a decentralized exchange (e.g. Uniswap, PancakeSwap) or via a blockchain explorer (Etherscan, BscScan). There, LP tokens can be identified. The key question is: where are the LP tokens located?
If LP tokens are locked in a verified smart contract (e.g. Unicrypt, Team Finance), this means developers cannot unilaterally remove liquidity (at least until the lock expires).
If LP tokens are:
- still in the developers’ wallet, or
- concentrated in one or a few related addresses,
this means developers have direct access to liquidity and can withdraw it at any time. This is one of the most reliable risk indicators.
An important signal is also the functionality of the smart contract itself. If it allows special privileges such as additional minting, restricting sales, or changing trading conditions, the risk increases significantly.
In practice, risk often also appears more indirectly: aggressive marketing without a clear product, promises of high returns, and lack of transparency regarding the project’s core mechanisms.
What to do when a rug pull has already happened
Once liquidity is removed or the price collapses due to massive selling, recovery of funds is no longer trivial. Transactions are valid, signed, and, importantly for further action, recorded on the blockchain.
Due to the nature of blockchain, certain steps can help in the early stage:
First, it is necessary to identify the initial addresses linked to developers, and then track the flow of funds: especially movements toward centralized exchanges or other points where funds can be converted.
In some cases, this enables further action, such as attempting to freeze funds or preparing a basis for legal proceedings. The problem is that funds are often quickly dispersed across multiple addresses and networks, so time is crucial.
Fake giveaway / livestream scam
Fake giveaway scams operate much more directly.
The user encounters a “livestream” or another form of promotion allegedly run by a well-known project or individual. The video is often a real recording (interview, keynote), over which a graphic layer is added with instructions for participating in a giveaway. The entire presentation appears convincing, often also due to a large number of viewers and comments that create a sense of legitimacy.
In the age of artificial intelligence, deepfakes make these scams much easier to execute, and even experienced and technically literate users often have difficulty distinguishing between fake promotional content and legitimate campaigns.
The core idea of the scam is always the same: the user is asked to send a certain amount of crypto and is promised to receive more in return.
The logic is obviously flawed, but the combination of trust in a known name, a sense of limited opportunity, and visual credibility is often enough to trigger an impulsive reaction.
The most basic rule that exposes such scams is simple: no legitimate project will require you to send funds first in order to receive more.
If you follow this basic rule, even if scammers try to present “proof” such as graphically altered screenshots of fund transfers and similar, you will be completely safe from this type of scam.
The scam also lacks logical foundation: if a person needed a certain percentage of additional funds to “pay a withdrawal fee” or similar excuses, they could easily take that percentage from the existing funds they already have and transfer the remaining (fee-reduced) amount.
What to do after the transaction is executed
Since the user sends funds themselves, without an intermediary, the transaction cannot be reversed. However, this does not necessarily mean the situation is over.
It is possible to analyze where the funds were sent and track further movements: especially whether there is interaction with regulated entities such as exchanges. At this point, space for further action may open. Such tracking requires much more than basic transaction review and in practice involves structured analysis of fund flows, similar to other forms of crypto fraud, where it is advisable to involve experts.
Conclusion
Rug pull and giveaway scams may appear very different at first glance, but they operate on a similar principle, where scammers invest significant time and effort into making a project, already structured for fraud, appear as legitimate as possible.
In one case it is an investment, in the other direct transfer of funds, but the result is the same: funds are transferred and, without a fast and structured response, often lost.
Therefore, understanding these mechanisms is crucial, as only with this knowledge can we avoid scams that, in the current era of rapid development, will become increasingly sophisticated over time.