What exactly is a rug pull, and how does it differ from a token simply falling? A rug pull is the team "actively and maliciously" zeroing out your assets, not natural market movement. The typical flow: the team pumps price and liquidity to draw retail in, and once enough money accumulates, pulls the pool's liquidity all at once or dumps heavily and leaves, so the token instantly loses any counterparty to sell to and collapses near zero. The difference: in an ordinary drop you can still sell to cut losses; a rug pull often leaves you unable to sell at all, because the pool has already been drained.
What types of rug pulls are there, and what's the key to spotting each? Roughly three. One, hard liquidity pull: the team directly removes pool funds — the key is whether liquidity is locked; unlocked can be pulled anytime. Two, a malicious contract backdoor: code lets only the team sell, mint infinitely, or freeze your trades — the key is whether there's a credible contract audit. Three, a soft rug: the team doesn't grab outright but abandons ship and offloads slowly — the key is whether the team is doxxed and shows ongoing development and communication. The shared early warning across all three is "anonymous team + unlocked liquidity + no audit."
Before buying into a new project, what exactly should due diligence check? One, team: is it doxxed with verifiable past work and track record — pure anonymity warrants much higher caution. Two, liquidity: is it locked, for how long, and by whom — unlocked can be drained anytime. Three, contract: has it been audited by a reputable firm, and does the report have unresolved high-risk items. Four, holder distribution: use a block explorer to see whether tokens are highly concentrated in a few wallets — over-concentration means a few people can dump. Five, value: what real need does it solve, versus just a "next 100x" narrative. The more thoroughly you check these five, the less likely you become the bag holder.
Even with thorough due diligence, how else do you protect yourself? The core is position sizing. However careful your DD, it can't rule out risk 100% — a team can turn bad later, an audited contract can still have holes, the market always has new tricks. So the real safety net is: for any new project not validated over time, commit only an amount you can fully afford to lose, one whose going to zero wouldn't affect your life. Spread your funds; don't heavily bet a single new token at once. DD decides the odds of stepping on a mine; position size decides the damage when you do — do both together, neither alone.