The 7 Ways to Spot Scams and Rug Pull Guide

6 min readJul 2, 2021

The whole cryptocurrency performance is exceedingly outstanding over the past few years. However, the platform still receives stereotypes regarding its volatility and vulnerability to hacks and alike up to this date. In addition, tokens with small market caps are the ones that are most prone to such threats. That is why it is good to know how to spot scams and know what rug pull is and its role.

Some philosophy in life also applies to blockchain technology, such as “looks can be deceiving.” Therefore, being vigilant is necessary to avoid future scams when you engage yourself with crypto. To help you with that, PrivacySwap is here to expose what scammers do and enlighten you on how to spot a possible scam.

Smart Contract Scanning

As you engage with crypto every day, you will interact with tokens such as ERC20 and BEP20, to name a few. These tokens function as transactions, tax system, swap protocol, and total supply.

There are tools available online where you can help you identify scam contracts. For example, looks out for frequent frauds and concerns such as the following:

  • The honeypot.code controls whether you may purchase but not sell.
  • Owner of the contract — Respond to the inquiry, “Has ownership been renounced?” If not, the smart contract’s owner can change it later, potentially adding a new fraud code.
  • Do the developers have a lot of coins in their wallets? Then, they may dump all of their liquidity on the market.
  • Is liquidity burnt according to LP (liquidity) data? For example, is the developer still in possession of the LP tokens? If that’s the case, it’s a problem since they can withdraw liquidity at any time.
  • Top token holders — are there any vast whales who own a large percentage of the tokens? They may dump the entire token value in a second.

If the result turns out negative, then you may consider looking for another platform that has a much more positive result. Still, if you still wish to proceed, then do so with caution. In short, “invest what you can afford to lose.”

Sample result from BSCheck.EU

Rug Pull

A Rug pull is when the liquidity of a token traded on a DEX like Uniswap or PancakeSwap gets “pulled” away. As a result, investors will be unable to buy or sell the token, rendering it useless. To protect your tokens from being pulled away, developers would either burn or lock your tokens. This information might sound TMI, so we will explain it bit by bit, starting with how liquidity works.

Liquidity may be supplied by anybody, although token developers are frequently the ones to do it. For instance, the PrivacySwap developers can transfer BNB + PRV to PancakeSwap to create liquidity for the BNB/PrivacySwap token combination. When users trade on PancakeSwap, they either add BNB and receive PRV in exchange (buying PRV with BNB) or adding PRV and receiving BNB in exchange (they sell PRV with BNB).

As a result, everyone who wants to trade on a DEX like PancakeSwap or Uniswap needs this liquidity. Therefore, the provider receives LP tokens in exchange for providing liquidity. These tokens serve as “proof” that they hold a piece of the liquidity pool, and they may trade these LP tokens for a share of the liquidity pool.

Consider what would happen if the liquidity provider lost access to the LP tokens: the liquidity would not be withdrawn, and investors would be able to continue trading.

Since you now know how liquidity works, We’ll discuss the burning and locking of tokens.

Burning LP Tokens.

Token creators should burn their LP tokens to a burn address since it is the safest and reliable method. For example, 0x000…00dEad is a commonly used burn address. As evidence, you might request that the developers send LP tokens to this or a similar address to prevent them from redeeming their LP tokens and removing liquidity. As of the moment of writing, PrivacySwap has a total of 1,456 total tokens burned.

Locking LP Tokens.

The other option for token developers is to lock their LP tokens within a smart contract, which would be inaccessible for six months. For example, websites such as DeepLock Locker showcase the tokens that use DeepLock liquidity at a locker. You can also check here what percentage of the token supply is locked and for how long. Most importantly, inquire with the token developers about the token’s locked liquidity; they should be able to offer proof.

Check Their Websites and Social Media Accounts.

Platforms use social media to promote their businesses. Checking their accounts on various forums (e.g. Telegram, Twitter, Reddit, and Discord) will help you understand the platform more and identify how they interact with their customers. By doing so, you can identify which one is a scam, as scammers often put less effort into creating an appealing website with a lot of information than real projects. Additionally, you should also be careful with websites with only one page of smart contract and a telegram link. You can also use websites such as to see all the legit web pages of the platform you’ll be engaging.

CoinGecko, CoinMarketCap, and Exchange Listings

You can also identify that a website is credible if they are listed on CoinGecko and CoinMarketCap. The approval does not happen overnight and has multiple requirements, so being listed into such aggregators is a plus point. However, some scams might still be listed, so always still be careful. You can also verify if a platform is listed on CMC and CG right away by looking on and see if they have the logo of the said aggregators.

Furthermore, CMC and CG are not the only aggregators in the DeFi space, which means the more listings, the more legit the platform shows.

Screenshot of PrivacySwap’s profile on with CMC and CG icons

Smart Audits

The complexity of smart contracts is really beyond expectation. It requires proper knowledge to avoid being scammed and know which one is the most profitable platform we can engage in without compromising security. Fortunately, web pages such as provide a paid service for checking smart contracts. Moreover, they also have a GitHub account listing all of the platforms they audited so everyone can check.

PrivacySwap’s Smart Contract Audit

Doxxed Devs

“Doxxed” Is the way of exposing someone else’s identity. Revealing oneself might sound wholly absurd and illegal, but crypto developers can use this to prove their platform’s legitimacy. In that way, aspirants and enthusiasts will know more about the platform itself and its backbone. In addition, it will value-add trust to its customers.

Too Good to be True

After analyzing everything using the steps and options provided above, there is still an essential tool that you can use to check if a platform is a scam or not, your common sense. If you think that the platform you see is too good to be true or if it shows unbelievable numbers obtain with a short period of time, be careful! At the end of the day, your instinct matters. So when in doubt, always do research first before diving into the platform.


In a nutshell, this article might still sound too much to digest. But that is why PrivacySwap is here to help you learn while you earn. The platform will also guide you on your way to financial independence by following them and listening to their webinars, which will help you know more about them, spot a scam by yourself quickly, and more.

What do you think is PrivacySwap the perfect platform for you? Let them know

| Website | Gitbook | Telegram | Telegram Announcements

Medium | Twitter | YouTube | Privacy Pools Application Form |




Be a part of PrivacySwap, be a part of a better DeFi.