How to Spot a Solana Rug Pull: 12-Point Checklist Before You Buy Any Token

Peer-reviewed research across 34,988 Solana meme coins found that 82.8% of tokens returning over 100% had been artificially inflated — through wash trading, liquidity pool manipulation, or both. Documented rug pull losses across a single three-month dataset totalled over $6 million.

Solidus Labs analyzed over 188,000 crypto token launches between 2020 and 2024 and found that approximately 24% exhibited characteristics of rug pulls or exit scams — with Solana's permissionless token creation model accounting for an outsized share of new launches and therefore new scams. On-chain detection tools have closed the gap: these 12 checks identify 95%+ of rug pull patterns before execution.

Risk disclaimer: These checks reduce your exposure to obvious rug pulls but do not guarantee safety. Tokens can fail for reasons unrelated to fraud. Never invest more than you can afford to lose entirely. This is not financial advice.

Transparency note: This guide mentions Stratium, built by the same team behind this publication. Rug pull detection content is sourced from peer-reviewed research and on-chain methodology — none of it is Stratium-specific.

Most of those losses were preventable. Not all of them — but most. The tokens that rugged hardest had specific, visible, on-chain signals that were there before the exit. The problem is that most traders never check.

This guide gives you a 12-point checklist you can run in under 5 minutes before buying any Solana token. Each check is specific: the tool, what to click, and what "pass" versus "fail" looks like.

---

What Are the 5 Checks That Filter Out the Most Obvious Solana Rugs?#

If you have 60 seconds and need to decide fast:

Check	Where	Pass	Hard Fail
Mint authority	RugCheck.xyz or Solscan	Revoked	Not revoked
Freeze authority	RugCheck.xyz or Solscan	Disabled	Enabled
Liquidity	DexScreener or RugCheck	Locked / burned	Unlocked and large
Top 10 holders	Solscan → Holders tab	Under 30% combined	Over 50% combined
Deployer history	Solscan → deployer wallet	Mixed or clean	Multiple prior rugs

If a token fails any of these five, stop. The remaining 7 checks exist for tokens that pass the basics and you want to go deeper before sizing up.

flowchart TD
    Start["New Token Found"] --> A{"Mint Authority\nRevoked?"}
    A -->|No| FAIL["HARD FAIL\nDo not buy"]
    A -->|Yes| B{"Freeze Authority\nDisabled?"}
    B -->|No| FAIL
    B -->|Yes| C{"Liquidity\nLocked or Burned?"}
    C -->|No| FAIL
    C -->|Yes| D{"Top 10 holders\nunder 30%?"}
    D -->|No| FAIL
    D -->|Yes| E{"Deployer history\nclean?"}
    E -->|No| FAIL
    E -->|Yes| PASS["PASSED\nProceed to full\n12-point checklist"]

---

What Are the Two Types of Solana Rug Pulls?#

Before the checklist: the mechanics differ depending on where the token is.

Type 1: Pump.fun bonding curve rugs (most common)#

Tokens on pump.fun live on a virtual bonding curve before graduating to Raydium. The most common rug here is a bundle bot rug: the developer deploys the token while simultaneously buying a large position across multiple wallets in the same block as launch. Once retail buys in and the price rises, the developer dumps everything. The chart spikes and crashes within minutes.

There is no "liquidity pool" to drain on pump.fun — the bonding curve is the mechanism. The rug is always an early-wallet dump, not a liquidity removal.

Type 2: Graduated token rugs (Raydium, Orca)#

Once a token graduates to a real AMM liquidity pool, a different risk emerges: liquidity drain. The developer added real SOL to create the trading pair. If that liquidity isn't locked, they can withdraw it at any time — making the token untradeable overnight. This is the classic rug pull most people picture.

The checks below cover both types. The liquidity and contract authority checks matter most for graduated tokens; the holder distribution and deployer checks matter most for pump.fun tokens.

---

What Is the 12-Point Solana Rug Pull Checklist?#

Check 1: Mint Authority — Is It Revoked?#

What it is: On Solana, every SPL token has a "mint authority" — a wallet address that can create new tokens at any time. If the developer retains mint authority, they can silently inflate the supply by billions of tokens and dump them into the market while you're holding.

Why it matters: An unrevoked mint authority means the total supply shown on the chart is not the actual maximum supply. New tokens can be minted at will, diluting every existing holder.

How to check:

1. Go to rugcheck.xyz
2. Paste the token's contract address
3. Look for "Mint Authority" — it should say Revoked or None
4. Alternatively, on Solscan: search the token address → click the token name → look for "Mint Authority" under Token Info

Pass: Mint authority is revoked or set to null
Fail: Mint authority shows a wallet address (means someone can still mint)

---

Check 2: Freeze Authority — Can Your Tokens Be Frozen?#

What it is: Freeze authority allows the token issuer to freeze any wallet holding their token — making it impossible to sell. A token with active freeze authority is technically a honeypot: you can buy, but the developer can prevent you from selling.

Why it matters: This is the Solana-specific honeypot mechanism most traders miss. It's different from Ethereum honeypots (which trap you via smart contract logic) — on Solana, freeze authority is a native feature that can be weaponized.

How to check:

1. Same place as mint authority: RugCheck.xyz or Solscan token page
2. Look for "Freeze Authority" — it should say Disabled or None

Pass: Freeze authority is disabled
Fail: Freeze authority shows a wallet address

Note: Some legitimate stablecoin issuers (like USDC) retain freeze authority for regulatory compliance. For meme coins, there is no legitimate reason to retain it.

---

Check 3: Liquidity Lock — Can the Pool Be Drained?#

What it is: For tokens traded on Raydium or Orca, the liquidity pool contains the SOL (or USDC) that gives the token its trading depth. If a developer never locked that liquidity, they can withdraw it at any moment — making the token instantly untradeable.

Why it matters: An unlocked liquidity pool is an open exit door. The developer leaves it unlocked specifically so they can use it.

How to check — graduated tokens:

1. Go to DexScreener.com and search the token
2. Click the trading pair → look for "LP Locked" or check for a lock icon in the pool info
3. For more detail: RugCheck.xyz shows lock percentage and unlock date

What to look for:

• Liquidity locked for at least 6 months via a reputable locker (Team Finance, Unicrypt) = green flag
• Liquidity burned (sent to a dead address) = the strongest possible signal — it can never be removed
• Unlocked, no lock information, or locked for under 30 days = red flag

How to check — pump.fun tokens:
Pump.fun tokens don't have a traditional liquidity pool until graduation. The bonding curve contract holds funds, and it's governed by the protocol itself rather than the developer. The relevant check here is the dev wallet's SOL position (Check 7 below) rather than liquidity locking.

Pass: Liquidity locked 6+ months or burned
Fail: No lock, lock expires in days/weeks, or developer controls the LP tokens

---

Check 4: Top Holder Concentration#

What it is: The percentage of total token supply held by the top wallets. Extreme concentration means a small number of wallets can crash the price any time they choose to exit.

Why it matters: Research across 34,988 meme coins flagged tokens where the top 10 holders control more than 30% of supply as showing "problematic concentration." Tokens where top holders control 50%+ are structurally set up for a dump — the question is only when, not whether.

How to check:

1. Solscan → search the token address → click "Holders" tab
2. Look at the cumulative percentage held by the top 10 addresses
3. Exclude the liquidity pool address from the count (it will appear as a holder — that's normal)

Pass: Top 10 wallets hold under 30% of supply (excluding LP address)
Caution: 30–50% — elevated risk, proceed carefully
Fail: Over 50% concentration, or any single non-LP wallet holds over 10%

One more check while you're here: Look for wallets that hold large percentages and were funded from the same source. If five wallets each hold 5% and all were created on the same day and funded from the same wallet, that's one entity with 25% — not five independent holders.

---

Check 5: Deployer Wallet History#

What it is: The wallet that deployed the token contract. A deployer who previously rugged other tokens will likely rug again. This check takes 90 seconds and catches repeat offenders.

How to check:

1. On Solscan, search the token address → click the token name → find "Token Creator" or "Deployer"
2. Click on that wallet address
3. Look at the transaction history — specifically the SPL tokens they've created
4. For each prior token they deployed: search that token on DexScreener and check if it went to zero

Pass: Clean history or mixed (some that failed naturally, not dumps), or wallet is newly created with no history
Fail: Multiple prior tokens that spiked and crashed in the same pattern, particularly if the chart shows a clean pump followed by instant drop to zero

Bonus check: If the deployer's wallet is the same as the project's "team" wallet that's loudly promoted in the Telegram group, watch for this wallet's transactions in real time on Solscan. Any outbound SOL movement from it is a sell signal.

---

Check 6: Trading Volume vs. Unique Wallets#

What it is: High volume with few unique buyers is a wash trading signal — the same wallets creating artificial activity to make a token look popular.

Why it matters: Wash trading is the precursor to the pump phase of a pump-and-dump. Peer-reviewed research found that on average just 3.92 actors are responsible for wash trading activity, with a single actor responsible in 49% of documented cases. It doesn't take many wallets to fake a busy chart.

How to check:

1. DexScreener → token page → look at the "Makers" count (unique wallets that have traded)
2. Compare Makers count to the transaction volume. If 500 SOL in volume came from 8 wallets, that's a red flag.
3. RugCheck.xyz shows a "Top Traders" section — check whether the same wallets appear repeatedly in both buy and sell positions

Pass: Volume spread across many unique addresses with diverse histories
Fail: High volume from 5–15 wallets, especially if those wallets have no other trading history

---

Check 7: Dev Wallet SOL Balance and Behavior#

What it is: How much SOL the developer holds in wallets connected to the project, and whether they're moving it out.

Why it matters: On pump.fun, the developer's early buys are the most important thing to track. If they hold a large position and that position starts moving, you will be exit liquidity. A developer who took profits early (small position remaining) has less incentive to dump on you than one who is sitting on 15% of supply.

How to check:

1. Solscan → token → Holders tab → find the wallet labeled as "dev" or the deployer wallet
2. Check its current token balance — if they hold a very large position, note it
3. Watch the wallet's recent transactions for any outbound moves of the token

On pump.fun specifically:
The dev's initial buy is visible on the bonding curve. A dev who bought 5–10% of the initial supply and hasn't sold is acceptable. A dev who bought 20%+ is a significant dump risk. Under the bonding curve mechanics, their sell pressure has outsized impact on the price before graduation.

Pass: Dev wallet holds under 5% of supply, or has already partially exited at reasonable prices
Fail: Dev wallet holds 10%+ and has made no outbound transactions since launch — they're waiting

---

Check 8: Liquidity Depth vs. Price Movement (LPI Detection)#

What it is: Checking whether the price chart reflects real buying or liquidity pool manipulation (LPI — Liquidity Pool-Based Price Inflation).

Why it matters: In a shallow pool, tiny amounts of SOL can move the price dramatically. A 10x chart that came from $500 of total buys into a $200 liquidity pool is not a "10x token" — it's an empty pool being manipulated to look like price discovery.

How to check:

1. DexScreener → token → check the "Liquidity" figure in the pair info
2. Compare liquidity depth to the price percentage gain
3. If a token shows 500% price gain but the total liquidity is under $5,000, the price reflects pool mechanics, not real demand

The specific LPI signal: Price appreciation with flat or minimally growing liquidity. Genuine buying increases liquidity because buyers add SOL to the pool. Manufactured price movement does not.

Pass: Price appreciation accompanied by meaningful liquidity growth
Fail: Large price gain with under $10,000 in total liquidity, especially if no new liquidity has entered since the initial price movement

---

Check 9: Token Age and Contract Creation Date#

What it is: How old the token is and whether the metadata matches the narrative around it.

Why it matters: A token claiming to be a "community project that's been building for months" but whose contract was deployed 3 days ago is lying. Social engineering is a prerequisite for most rug pulls — and one of the easiest lies to check.

How to check:

1. Solscan → token address → "Token Created" timestamp
2. Cross-reference with any claims made in the Telegram or Twitter about the project's history

Also check: The social media account creation dates. A Twitter account with 10,000 followers that was created 6 days ago bought its followers. Check when the Telegram group was created.

Pass: Token age matches claimed history, social accounts have organic growth over time
Fail: Token is days old but claims months of development; follower counts look purchased (large number, low engagement, joined in a spike)

---

Check 10: Telegram and Social Community Quality#

What it is: An assessment of whether the project's community engagement is real.

Why it matters: Fake communities are manufactured specifically to trigger herding behavior — you join a Telegram and see thousands of members posting bullish messages, which creates the illusion of legitimate adoption. Research found comment bots in meme coin Telegram groups to be the most common form of attention manipulation across a sample of 6,000 tokens.

Red flags to look for:

• Messages that post in rapid sequence, all with similar phrasing ("TO THE MOON 🚀", "GEM", "LFG", "100x incoming")
• Members joined in spikes rather than gradually
• Zero critical or analytical discussion — only hype
• Pinned messages that are mostly price predictions and not project information
• Admins who immediately ban or mute anyone asking basic due diligence questions

The most telling check: Ask a simple, neutral question in the Telegram: "Can you share the deployer wallet address?" or "Is the liquidity locked?" Legitimate projects will answer clearly. Projects hiding something will deflect, mute, or ban.

Pass: Active discussion with a mix of sentiment, mods who answer factual questions
Fail: Uniformly positive messages, context-free hype, questions that get deleted

---

Check 11: RugCheck.xyz Overall Risk Score#

What it is: An aggregated risk score from a tool specifically built for Solana token safety analysis.

How to use it:

1. Go to rugcheck.xyz
2. Paste the token address
3. Read the "Risk" assessment — it aggregates mint authority, freeze authority, LP lock status, holder concentration, and several other signals into a summary

Important caveat: RugCheck is a starting point, not a final verdict. Tokens can pass RugCheck and still be manipulated (because RugCheck measures structural risk, not trading behavior). And RugCheck can flag legitimate tokens for minor issues. Use it as a first filter, not the only one.

What to pay attention to: The individual risk factors flagged, not just the aggregate score. A token that fails on "Mint Authority Not Revoked" is a hard pass regardless of overall score.

---

Check 12: The Price Chart Shape#

What it is: Visual pattern recognition of rug behavior.

Why it matters: Certain chart patterns are specific to rug setups. You don't need technical analysis skills to read them.

The three rug chart shapes:

The instant rug: Price goes vertical in minutes, then falls straight back to zero within an hour. This is a bundle bot dump. The developer took a large position at launch and sold into your buy pressure before you finished reading the Telegram announcement.

The slow rug: Price rises over days or weeks, developer sells gradually (so the chart doesn't show a cliff), then at some point all remaining liquidity is removed. The chart looks like a slow peak and a slow descent until it suddenly goes to zero.

The honeypot pattern: Price only ever goes up. No sells visible on the chart. This is the freeze authority rug — buyers can't sell because the contract prevents it, so only buy transactions appear. On DexScreener, a token where every candle is green and no sells appear in the transaction log is a red flag, not a reason to buy.

On DexScreener, look for:

• Transaction log that shows both buys and sells from different wallets — healthy
• Transaction log with only buys, or sells only from one wallet — dangerous
• A large single-wallet sell that accounts for 30%+ of the token's trading volume — the developer exiting

---

What Is the Pump.fun-Specific Rug Pull Checklist?#

Pump.fun tokens have a different risk profile from graduated tokens. Use these additional checks for anything still on the bonding curve:

Bot activity ratio: Look at the early transactions on the token. Trades executed directly via smart contract interaction (without going through the pump.fun frontend) are likely bot trades. If the first 50 transactions are all direct program calls with no frontend-routed buys, sniper bots and bundle bots took the entire early supply. You have no edge here.

Bonding curve progression: How fast did it move? Tokens that go from 0% to 90% of the bonding curve in under 5 minutes moved on bot activity, not organic retail discovery. Genuine interest builds over 30–120 minutes with varied transaction sizes.

Unique buyer count: Legitimate tokens accumulate at least 50–100 unique buyers before graduation. Under 30 unique addresses at any bonding curve percentage is a red flag. On DexScreener or Solscan, count distinct wallet addresses in the transaction history.

Creator account age: Pump.fun tokens created by wallets that have deployed 10+ tokens in the past week — especially if those tokens all died on the curve — are serial rug operators.

---

What Is the One Factor That Overrides All 12 Rug Pull Checks?#

A token can pass every check on this list and still go to zero.

Legitimate tokens fail because of execution (no marketing traction, creator lost interest), because of market conditions (the broader market sold off), or because genuine communities simply ran out of momentum. The checklist filters out fraud — it cannot filter out failure.

The deeper problem: peer-reviewed research found that 82.8% of tokens that achieved 100%+ returns had been artificially inflated. This means the most visible, fastest-moving tokens you encounter are disproportionately likely to be the ones where manipulation drove the chart. The tokens that look the best, the ones generating the most Telegram buzz, the ones with the strongest recent performance — those are exactly the tokens where this checklist matters most, and where passing it means the least.

The structural alternative is not doing more checks — it's removing yourself from the process of picking tokens entirely. Copy trading from strategy wallets with verified, multi-month on-chain track records means the rug pull screening has already been done, on every trade, algorithmically, before execution. Stratium's curation process flags tokens based on the same signals this checklist covers: holder concentration above 30%, LPI detection, wash trading patterns, and deployer history. Strategies with more than 15% of their trades in flagged tokens are excluded regardless of headline returns.

That's not a sales argument against doing your own checks. If you're trading manually, this checklist is the minimum. It's a factual point about what changes when the screening happens before the emotional state activates — not when you're deciding whether to FOMO into a token that's already up 200%.

---

Quick Reference: What Does the Full 12-Point Checklist Cover?#

#	Check	Tool	Pass	Fail
1	Mint authority revoked	RugCheck / Solscan	Revoked	Active
2	Freeze authority disabled	RugCheck / Solscan	Disabled	Active
3	Liquidity locked or burned	DexScreener / RugCheck	Locked 6m+ or burned	Unlocked
4	Top 10 holders under 30%	Solscan Holders tab	Under 30%	Over 50%
5	Deployer wallet history clean	Solscan → deployer	No prior rugs	Multiple rugs
6	Volume from many unique wallets	DexScreener Makers count	Many diverse wallets	Few repeated wallets
7	Dev wallet not holding large position	Solscan Holders tab	Under 5%	Over 10%
8	Liquidity matches price growth (LPI check)	DexScreener	Liquidity grew with price	Price moved, pool flat
9	Token age matches claims	Solscan creation date	Age matches narrative	Newly deployed, old story
10	Community engagement is genuine	Telegram manual review	Mixed, analytical	Uniform hype, bans questions
11	RugCheck overall risk	rugcheck.xyz	Low risk, no critical flags	Any critical flag fails
12	Chart shape isn't a rug pattern	DexScreener chart	Both buys and sells visible	Only buys, or cliff drop

---

Frequently Asked Questions#

What is a rug pull on Solana?#

A rug pull is when a token creator abandons a project after collecting investor funds — typically by draining the liquidity pool (making the token untradeable), dumping a large pre-held position into retail buyers, or both. On Solana, the most common mechanisms are bundle bot dumps (developer buys a large position at token launch via multiple wallets in the same block, then sells into buying pressure) and liquidity removal (developer adds SOL to a Raydium pool to create the trading pair, then withdraws it when enough retail has bought in).

How do I check if a Solana token is safe to buy?#

Run these five checks minimum: (1) mint authority revoked on RugCheck.xyz or Solscan, (2) freeze authority disabled, (3) liquidity locked at least 6 months or burned, (4) top 10 holders under 30% of supply on Solscan, (5) deployer wallet with no history of prior rugged tokens. A token passing all five is not guaranteed safe — but a token failing any one of them carries significantly elevated risk.

What is mint authority on Solana and why does it matter?#

Mint authority is the ability to create new tokens after the initial supply is set. If a developer retains mint authority, they can increase the token supply at any time — diluting every existing holder and dumping the new tokens. Revoking mint authority means the maximum supply is fixed and cannot be changed. For any meme coin, mint authority should be revoked before you buy. It costs the developer nothing to revoke it; retaining it serves no legitimate purpose.

What is freeze authority on Solana?#

Freeze authority allows the token issuer to freeze specific wallets, preventing them from selling their tokens. It's a native SPL token feature on Solana that can be weaponized as a honeypot: buyers can purchase but cannot sell if the developer freezes their wallet. Freeze authority should be disabled on any token you consider buying. Check this on RugCheck.xyz or Solscan's token page.

What is a honeypot on Solana?#

A Solana honeypot is a token where buyers can purchase but cannot sell — either because freeze authority is active (the developer freezes selling wallets) or because the smart contract logic prevents sell transactions. The chart will show price only ever going up because no sells can execute. Checking for active freeze authority on Solscan or RugCheck.xyz is the primary way to detect Solana honeypots.

Can I get rugged on pump.fun?#

Yes, but the mechanism is different from graduated tokens. On pump.fun's bonding curve, the most common rug is a bundle bot deployment: the developer buys a large position across multiple wallets in the same transaction block as the token launch, before any retail buyers can react. Once retail buys in and prices rise, the developer dumps. There's no liquidity pool to drain — the rug is an early-wallet dump. Check the first 20–30 transactions of any pump.fun token for wallet clustering (many buys from different addresses all created the same day and funded from the same source wallet) and dev wallet position size in the Holders tab.

What is the difference between a rug pull and a pump-and-dump?#

In a pump-and-dump, the developer or an organized group inflates the price through coordinated buying and social hype, then sells into the demand they created. The liquidity pool remains — other holders can still trade, just at a rapidly declining price. In a rug pull, the developer goes further: they also drain the liquidity pool, making the token untradeable entirely. You're left holding tokens you cannot sell at any price. Research found that 62.9% of tokens that executed exit scams had been artificially inflated through wash trading or LPI in the phase before the exit — the manipulation sets up the rug pull.

Does RugCheck.xyz catch all rug pulls?#

No. RugCheck measures structural risk factors — mint authority, freeze authority, liquidity lock, holder concentration — that are visible before a rug pull happens. It cannot detect intent, wash trading, or LPI, and it cannot predict whether a legitimate-looking token will fail due to lack of traction. A token with a clean RugCheck report can still be rugged if the developer dumps a large wallet position that didn't trigger concentration flags, or if the "locked" liquidity was locked in a fake locker. Use RugCheck as a first filter, not the only filter.

Related Reading#

• Solana Meme Coin Manipulation: 82.8% of Winners Were Faked — on-chain proof of wash trading and LPI schemes
• Meme Coin Fragility: 3 On-Chain Risk Scores — measurable signals that predict crashes before they happen
• How to Copy Trade on Solana — copy verified wallets whose Solscan history proves real trading discipline
• On-Chain Performance Report: 26,704 Verified Trades — 59% win rate across wallets that passed every check on this list