The definitive guide to detecting rug pulls, auditing contracts, securing wallets, and surviving DeFi. 70+ pages of battle-tested security knowledge.
Spot exit scams before they happen โ liquidity locks, team wallets, token distribution red flags, and real-world case studies
Read and audit Solidity contracts for hidden mints, backdoors, honeypot functions, and malicious proxy patterns
Hardware wallet setup, seed phrase storage, multi-sig configurations, and hot wallet hygiene for daily use
Safely navigate DEXs, lending protocols, yield farms, and bridges โ with step-by-step approval management
Comprehensive catalog of 50+ documented scam types with signatures, patterns, and real examples from 2024-2026
What to do after a compromise โ revoke approvals, trace funds, report to authorities, and rebuild securely
A rug pull follows a predictable lifecycle. Understanding each phase gives you the ability to identify scams while there is still time to exit โ or better yet, never enter.
Phase 1: The Setup. The team creates a token with a professional-looking website, whitepaper, and social media presence. They deploy a liquidity pool on a DEX like Uniswap or Raydium, often with $10K-$50K in initial liquidity. The contract may include hidden functions โ a mint() that allows unlimited supply creation, a blacklist that prevents selling, or modified transfer() logic that charges 99% tax on sells.
Phase 2: The Pump. Paid influencers and bot networks create artificial hype. Trading volume is fabricated through wash trading between team-controlled wallets. The chart shows a clean uptrend. FOMO drives real buyers in. During this phase, the team's token allocation (often 30-60% of supply, split across dozens of wallets to appear distributed) remains untouched.
Phase 3: The Pull. Once enough real liquidity enters, the team executes. In a hard rug, they remove all liquidity in a single transaction โ the token becomes untradeable and worthless instantly. In a slow rug, they sell their holdings gradually over days or weeks, cratering the price while maintaining the illusion of an active project.
Your wallet is the front door to your entire crypto portfolio. Most losses do not come from sophisticated exploits โ they come from poor key management, reused passwords, and careless approval signing.
Hardware wallets are non-negotiable for any holding above $1,000. A Ledger Nano X or Trezor Model T keeps your private keys on an air-gapped secure element chip. Even if your computer is fully compromised with malware, your keys never leave the device. Every transaction requires physical button confirmation on the device itself.
Seed phrase storage is the single most critical security decision you will make. Never store your 12 or 24-word recovery phrase digitally โ not in a notes app, not in cloud storage, not in a password manager, not in a screenshot. Use a steel seed plate (titanium or stainless steel) that can survive fire, flood, and corrosion. Store it in a location separate from your hardware wallet. Consider splitting your seed using Shamir's Secret Sharing (supported by Trezor) across multiple secure locations.
Approval hygiene: Every time you interact with a DeFi protocol, you sign a token approval granting that contract permission to spend your tokens. These approvals persist indefinitely unless revoked. Use revoke.cash or etherscan.io/tokenapprovalchecker monthly to audit and revoke any approvals you no longer need. A single compromised protocol with an active unlimited approval can drain your entire token balance.
The most dangerous attack vector in crypto is not code โ it is people. Social engineering bypasses every technical safeguard by manipulating the human holding the keys.
Discord compromise is the leading cause of NFT theft. Attackers gain access to a project's Discord server (often through a compromised moderator account or webhook exploit), then post a fake "surprise mint" or "airdrop claim" link in the announcements channel. The link leads to a drainer contract that requests wallet approval. Because the message appears to come from an official channel, victims connect without hesitation. In 2025 alone, over $120M was stolen through compromised Discord servers.
Fake customer support remains devastatingly effective. Scammers monitor Twitter and Discord for users posting about wallet issues. They respond within minutes from accounts mimicking official support (e.g., @MetaMask_Supp0rt), offering to "help." The resolution always requires the victim to enter their seed phrase into a fake "recovery tool." No legitimate service will ever ask for your seed phrase.
Address poisoning is a newer technique where attackers send zero-value transactions from addresses that closely resemble your frequently-used addresses (matching the first and last 4-6 characters). When you copy a recent address from your transaction history, you accidentally copy the attacker's lookalike address. Always verify the full address, not just the beginning and end.
Enter your email to download the complete 70+ page Crypto Safety Bible.
No spam. Unsubscribe anytime.
No credit card. No upsells. No paywalled chapters. We earn through affiliate partnerships with security tools we'd recommend anyway. Your safety is the priority.