Rug pull

Rug pull is the situation where the team behind a token cashes out at the expense of every other holder and leaves the project for dead. It is not a code exploit or an external hack — it is a deliberate action by the creators themselves. On TON the most common form is a memecoin or low-quality jetton hyped through marketing.

Types of rug pull

• Hard rug — liquidity drain. The team lists the token on a DEX (STON.fi, DeDust), some retail buys into the LP, and the team yanks all the liquidity out of the pool. Price collapses to zero instantly.
• Hard rug — allocation dump. The team kept 30 to 80 percent of supply for “marketing”, with no lockup. Once price rises they sell the entire stack into the order book; price falls many times over.
• Soft rug — slow walkaway. No public scam moment. The team quietly sells its allocation over several weeks, stops shipping updates, deletes its socials, and stops answering. Technically not theft, practically an exit scam.
• Mint rug. The jetton contract leaves an unlimited mint function on the owner. A month after listing the owner mints another billion tokens and sells them.
• Honeypot. The contract is wired so that buying works but selling does not (or only works for whitelisted addresses). Victims see a “rising price” but cannot exit.

Risk signals on TON

• Anonymous team. No public faces, no LinkedIn, no verified Telegram identity. Not a verdict on its own, but it raises the risk.
• Holder concentration. Tonviewer shows the top holders of a jetton. If 70 to 90 percent of supply sits on one to three wallets outside the LP, that is a powder keg.
• No audit. A serious jetton project publishes a report from CertiK, Halborn, Slowmist, or a TON-focused security team. The absence of a report is a warning, especially if the contract is not the standard TEP-74 template.
• Mint authority still held by the deployer. In the jetton contract the admin_address field should be empty or transferred to a burn address after launch. Check it in Tonviewer or Tonscan via the get_jetton_data get-method.
• Liquidity is not locked. Professional teams send LP tokens to a time-lock contract or burn them. If LP tokens sit on the team’s regular address, they can physically pull them at any time.
• Suspicious marketing. “100x in a week”, “Binance listing soon”, and promises with specific yield numbers are almost always rugs in the making.
• Very young project. Contract age of one or two days, thousands of holders appearing within hours — the classic pump-and-dump pattern.

What to check before buying

• Open the token page on Tonviewer; review distribution, age, activity, and contract verification.
• Confirm via the get-method that the admin address is empty or burned.
• Find the LP pool on STON.fi or DeDust and verify whether the LP tokens are locked.
• Read the audit if one exists. Pay particular attention to the mint authority and upgrade authority sections.

What to do if you get caught

Unfortunately, very little. On-chain the transactions are final and pursuing an anonymous team legally is extremely hard. The one useful action is to document the relevant addresses and report them on Tonviewer or Tonscan so future users see a warning.

Rug pull is the dominant risk for low-quality jetton projects. The defence is not technical but behavioural: keep position sizes small, be sceptical of “100x” pitches, and work mostly with projects that have a public team and a real product.