A new token chart pumps 400% in an afternoon. Two hours later, the same chart goes vertical the wrong way. The difference between joining the pump and joining the rug is usually about ten minutes of homework.
This tutorial walks through five concrete checks any buyer can run before clicking swap. Time to complete: 10 to 15 minutes per token. No paid tools, no Telegram alpha, no influencer signal. Just the public on-chain trail every project leaves behind.
Prerequisites
Before you start, have ready:
- A laptop or phone with a normal browser. No wallet connection required for any of these checks.
- The token's contract address. Get it from the project's official channel, not from a chart screenshot in a group chat.
- The chain it lives on (Ethereum, BSC, Solana, Base, etc.). The explorers differ; the logic does not.
- About 12 minutes and zero FOMO. The token will still exist in 12 minutes. If it will not, that is data too.
What is a rug pull and why is 2026 still full of them?
A rug pull is when the team behind a token drains its own liquidity pool, dumps its supply into retail bids, or weaponises the contract so holders cannot sell. The mechanics vary: removed LP, malicious mint function, hidden trading tax set to 99%, blacklisted seller wallets. The outcome is identical, which is a chart that drops to a candle wick the depth of a parking garage.
According to CoinGecko's global tracker, 17,406 cryptocurrencies are actively listed as of May 27, 2026. The long tail below the top 500 is where most rugs live. BSC alone holds $5.55B in DeFi TVL per DefiLlama's BSC chain page, up 1.39% week over week, much of it in obscure farms that did not exist last quarter. The volume is real. The vetting is optional.
The panda watches. The panda judges.
The 5-check pre-buy walkthrough
Work through each step in order. If two checks fail, stop. The token is not worth the gas.
Step 1: Verify the contract on the right explorer
Open BscScan for BSC tokens or Etherscan for Ethereum. Paste the contract address. Click the "Contract" tab.
- Green checkmark icon means source code is verified. Good.
- "Contract Source Code Not Verified" means the team will not show you the engine. Bad.
- Search the code for
mint,pause,blacklist, orsetFeesfunctions. They are not auto-fatal, but they need an owner-renounced or multisig setup behind them.
Step 2: Check liquidity depth and lock
Open the token pair on DexScreener. Liquidity below $50,000 means a $10,000 sell will halve the price. Liquidity above $200,000 with the LP tokens locked at Unicrypt or Team Finance, and the unlock date in your calendar, is the floor of acceptable. Our full walk-through on how to check a liquidity lock covers the exact UI steps.
Step 3: Read the holder distribution
On the explorer, click "Holders". Two numbers matter:
- Top wallet share. If wallet number one holds more than 5% (excluding the LP and burn addresses), the project is one transaction away from a dump.
- Cluster overlap. Paste the top 50 holders into Bubblemaps. If a single cluster owns 30% across 12 wallets, the float is theatre. We unpack that pattern further in how to spot a honeypot token on BSC.
Step 4: Simulate a sell
Plug the contract into Honeypot.is or TokenSniffer. These tools simulate a buy followed by an immediate sell. If the sell fails, the contract is a honeypot. If the sell tax is 25% or higher, the team is rugging slowly through fees. Either way: do not buy.
Step 5: Trail the deployer wallet
Click the deployer wallet on the explorer. Read its transaction history. A wallet funded four hours ago via Tornado Cash or a fresh CEX withdrawal is a stranger. A wallet with a year of legitimate dev activity is a person. Pair that with the team's Twitter, Telegram, and Discord. Real accounts have follower history older than yesterday.
Troubleshooting common dead-ends
| Symptom | Likely cause | Fix |
|---|---|---|
| Explorer shows "Source Code Not Verified" | Team has not published source | Pass. Verified code is free. |
| DexScreener shows liquidity but no lock proof | LP tokens sit in a hot wallet | Pass. Locks are public on-chain. |
| Honeypot.is says "no liquidity to simulate" | Pool too thin to test reliably | Wait or pass. Both are signal. |
| Top holders all show "Lock contract" | Distribution is healthier than it looks | Verify each lock address before relaxing. |
| Twitter handle is 6 days old with 40k followers | Bought engagement | Pass. Real growth shows in reply patterns. |
FAQ
Is a high market cap proof of safety?
No. According to Decrypt's rug coverage, several 2024 to 2025 rugs cleared $50M fully diluted valuation before unwinding. Market cap is a story, not a check.
Can a renounced contract still rug?
Yes, if liquidity is unlocked or the original code shipped with a hidden owner override. Renounce is one signal among five, not a free pass.
How long does the full check actually take?
About 12 minutes on a familiar chain, longer on a chain you have never used. The cost of skipping it is the entire position.
Do these checks work for Solana tokens?
Same logic, different tools. Use Solscan for contract and holder data, and DexScreener for liquidity. Bubblemaps and honeypot-style simulators are catching up on the SVM side.
What if everything looks clean and it still rugs?
It happens. The five checks lower the failure rate, they do not zero it. Position sizing handles the residual.
For builders watching the memecoin ecosystem, the cleanest tokens are the ones that pass these five checks at launch, not after. The Dadacoin team treats the same questions as the public bar to clear before any project asks the community for liquidity. Same rules, same arithmetic, no fans.
The numbers say yes. The panda raises an eyebrow.
