Not every loss comes from a hacked wallet — many come from buying a token that was a scam by design. The two classic forms are the rug pull and the honeypot, and both leave you holding something worthless.
The rug pull
A rug pull is when a token's creators abandon it and take the value: they pull the liquidity out of the pool, or dump a huge insider allocation, collapsing the price to near zero. They're most common with brand-new, anonymous projects promising outsized returns and aggressive hype.
The honeypot
A honeypot is sneakier: the token's contract is written so you can buy but not sell. The chart looks like it only goes up — because no one can exit. You watch a paper gain you can never realize, until the creators cash out and you're stranded.
A textbook case: the SQUID token
In late 2021 a token riding the "Squid Game" hype rocketed to around $2,861 on 1 November 2021. Buyers had piled in — but the contract blocked selling: a honeypot. The developers then pulled the liquidity, and the price crashed to effectively zero within minutes. Estimates of the take vary (reported around $3.3 million). It combined both scams: a honeypot that trapped buyers, ended by a rug pull.
Warning signs
- Liquidity that isn't locked, so creators can withdraw it at will.
- A tiny number of wallets holding most of the supply.
- A chart of only green candles with no normal selling — a honeypot tell.
- Anonymous team, frantic hype, and pressure to buy "before it's too late".
- No real audit, no real product, vague promises of guaranteed returns.
The next lesson turns these into a concrete pre-purchase checklist. The short version: if a token can only be bought in a frenzy and the team is hiding, assume the worst.
- Buying a hyped new token without checking whether you can actually sell it.
- Trusting a chart of pure green candles — often the signature of a honeypot.
- Ignoring that liquidity isn't locked, leaving creators free to pull it.