Bitcoin on-chain analysis, market cycles, and holder behaviour at The Markets Unplugged. Creator of Alt Sector Radar and Bitcoin Barometer. Maps on-chain signals to cycle phases.
This guide covers what rug pulls and honeypots are, the distinct patterns each uses, the on-chain signals that appear before an exit, and the workflow to run before touching any new token.
For quick definitions of terms used here, the Crypto Glossary covers liquidity, LP tokens, admin keys, and token approvals. For the broader pre-investment research process, the token research workflow is the companion piece.
Rug pulls and honeypots are two of the most common ways crypto buyers lose money. A rug pull is when insiders drain liquidity or dump a large token allocation, collapsing the price and leaving buyers with illiquid holdings. A honeypot lets you buy but blocks selling through contract mechanics. Both look like opportunities before they detonate. The checklist in this guide can be run in under 10 minutes and catches most of them before any capital is committed.
Key points
A hard rug is a fast exit event. A soft rug is a slow wind-down where the team stops building and insiders sell over weeks or months. Both patterns are detectable on-chain before they complete.
Honeypots use contract mechanics to allow buying but block or heavily tax selling. Some are total traps. Some are partial traps that pass basic tests but still drain capital over time.
The most important contract checks are: admin key powers, changeable taxes, trading pause functions, and mint capabilities. Each one is a lever that can be turned against buyers.
Unlocked or insider-controlled liquidity is a hard pass. Liquidity that can be removed at will can be removed at will.
A tiny buy and tiny sell on a fresh wallet before sizing confirms the exit actually works. Honeypots fail this test. Most rug setups survive it but the other checks catch them first.
Most losses are predictable. The contract surface, the liquidity structure, and the insider wallet behaviour almost always give advance warning to anyone who looks.
What Is A Rug Pull?
A rug pull is when insiders extract value from a project in a way that collapses price and leaves other holders unable to exit at any meaningful price. Rug pulls come in two distinct forms with different timelines and on-chain signatures.
Hard Rugs
A hard rug is a fast, deliberate exit. The team or insider wallets drain the liquidity pool directly, removing the asset backing the token's price. Price collapses immediately. Buyers are left holding tokens that cannot be sold for any meaningful amount because there is no liquidity left to sell into.
Hard rugs can also occur through a mint function: the team mints a large new supply and sells it against available liquidity, diluting all existing holders and draining the pool simultaneously.
Hard rug on-chain pattern: A large LP token transfer or burn event followed by the token price going to near zero within minutes. Mint events from the deployer address followed by immediate exchange inflows from the same wallet. These events are fully visible on a block explorer in real time.
Soft Rugs
A soft rug is slower and harder to identify in the moment. The team does not vanish overnight. Instead, development stalls, commitments are walked back, and insider wallets begin quietly selling into retail interest over weeks or months. Price erodes gradually as insider supply enters the market.
Soft rugs are common in projects that looked legitimate at launch but had no real product ambition behind the narrative. They are also common when insider allocations vest and early participants sell consistently.
Soft rug on-chain pattern: Insider-labelled or early-allocation wallets receiving unlocked tokens and moving small consistent amounts to exchanges, often timed around positive news or community events. No single event triggers suspicion. The pattern only becomes clear when you track the wallets over time.
Both types are worth checking for before entering any position. Hard rugs are caught by the liquidity and contract checks. Soft rugs are caught by the unlock schedule, vesting verification, and insider wallet monitoring.
What Is A Honeypot?
A honeypot is a contract designed to allow buying but block or severely restrict selling. The mechanics vary but the effect is the same: capital goes in and cannot come out.
Total Honeypots
Total honeypots block selling entirely. The contract's transfer function contains hidden rules that cause sell transactions to revert for all addresses except a whitelist controlled by the deployer. You buy successfully. When you try to sell, the transaction fails.
Partial Or Slow-Drain Honeypots
These are more sophisticated and pass casual testing. Sells succeed, but taxes are set to 80-90% or the contract limits sell size to tiny amounts. You can technically exit but you recover only a fraction of your capital. Some partial honeypots also impose escalating taxes: the longer you hold, the worse the terms when you eventually try to sell.
Honeypot contract mechanics to look for: Transfer functions that check whether the caller is on a whitelist before allowing full transfers. Tax functions (setTax, setFee, setMaxTx) that can be called by the owner at any time. Separate buy-side and sell-side logic that imposes different rates. Any function that allows the owner to blacklist an address from selling.
Why basic tests can miss partial honeypots: A tiny buy and sell test with minimal capital may succeed because the honeypot's restrictions only trigger above a threshold amount, or because the test happens before the owner activates the trap. Always test with the actual amounts you plan to use, not just with the minimum.
On-Chain Pre-Signals Before The Exit
Most rug events give advance warning on-chain. The warnings are only visible to people who look. These are the patterns worth tracking after you enter a position.
On-chain warning patterns
LP lock expiry approaching: If a liquidity lock expires in the next 30 to 60 days, watch the LP wallet closely. Many rugs happen within days of a lock expiry. A team that plans to continue building extends the lock before it expires.
Insider wallets moving to exchanges: Watch the top 10 to 20 non-LP wallets. If wallets that received early allocations or insider distributions begin moving tokens to exchange-tagged addresses, the pattern matters regardless of what the team is saying publicly.
Deployer wallet activity: Any movement from the original deployer address is worth investigating. Teams with legitimate projects rarely need to move deployer wallet funds. Active deployer wallets in live projects are a flag worth tracking.
New wallets accumulating large positions: Wallets created recently that accumulate significant supply before a marketing push are often team-controlled sybil positions. The accumulation happens quietly, the marketing creates the exit liquidity.
Ownership transfer or upgrade events: If the contract ownership changes or an upgrade is deployed without a governance announcement, investigate immediately. Renouncing ownership just before a suspected exit can also be a signal rather than a reassurance.
These signals are not definitive on their own. A single insider wallet moving tokens could be a personal decision by one holder, not a coordinated exit. The concern grows when multiple signals appear together within a short window.
Weekly analysis live now
Knowing how to read on-chain signals for individual tokens is part of the broader skill of reading cycle health. Where capital is moving, which sectors are attracting genuine inflows, and when conditions favour adding risk are covered in the weekly member update.
Run these five sections in order before touching any new token. The order matters: contract powers first, then liquidity, then mechanics, then supply, then the team. Most failures appear in sections 1 and 2.
1
Contract sanity
Verify the contract address from the project's official channels, not from social posts or DMs. On the block explorer, confirm the source code is verified. Check contract ownership: renounced, or held by a clearly governed multisig. Review privileged functions: mint, pause, blacklist, setFee, setTax, upgrade. Each one is an admin key lever that can change the rules after you buy.
2
Liquidity and holders
Is liquidity locked, for how long, and with which locker? Is the lock proof verifiable on-chain? What percentage of tokens sit with the top 5 wallets? Are any labelled as exchanges or vesting contracts? Does a single wallet dominate LP tokens or the treasury? Unlocked LP or insider-controlled LP is a hard pass.
3
Taxes, transfers, and trading mechanics
What are the buy and sell taxes, and are they fixed at the contract level or changeable by the owner? Is there a trading enable/disable function that lets the owner pause trading? Does the transfer function contain whitelist logic or role-based restrictions? Run a tiny buy and tiny sell before any size to confirm the exit path actually works.
4
Unlocks, emissions, and supply
What is total supply versus circulating supply, and what is actually tradable now? What is the unlock schedule with dates, amounts, and recipients? Are there mint and burn functions, and who controls them? Draw the unlock timeline. A project with a large team or investor allocation unlocking in the next few months needs additional scrutiny regardless of the other checks.
5
Team, docs, and provenance
Are there public docs, a roadmap, and an accessible repository, or just a landing page and a Telegram? Are team members tied to previous projects and, if so, what is the track record? Have audits been done, by whom, covering what scope, and are there any unresolved critical findings? Audits from unknown outfits with recycled PDF templates are not audits.
Red Flags That Should End Your Analysis
Any single flag from the list below is enough to stop and re-evaluate. Multiple flags at once is a clear pass.
Contract-level red flags: Owner can call setTax, setFees, or setMaxTx to extreme values at any time. Proxies or upgradeable contracts with no time-lock or governance process for upgrades. Unverified source code with no way to inspect the logic. Mint function callable by the owner with no cap or governance restriction.
Liquidity red flags: "Liquidity burned" claimed with no verifiable proof or only a link that does not confirm the actual lock. LP unlocked or controlled by a single insider wallet. Liquidity below what would be needed to absorb any meaningful exit. Lock proofs pointing to unknown or recently created locker contracts.
Project conduct red flags: Telegram-only presence with a new domain and zero independent coverage. Paid influencers running coordinated campaigns with no organic interest. Fake audits or "KYC badges" from organisations that do not appear to exist outside this project. No shipping history, only promises and roadmap language.
Insider behaviour red flags: Top wallets moving tokens to exchange-tagged addresses while the project is still being promoted. Deployer wallet becoming active without any governance explanation. LP lock expiry approaching with no extension announcement from the team.
Test With Pennies, Every Time
Before committing any meaningful capital to a new token, confirm the exit path works end to end.
1
Use a fresh wallet
A wallet with no other holdings and no history of interactions with this project. Fresh wallets remove the possibility that a honeypot is using address history to selectively block or allow transactions.
2
Small buy, immediate small sell
Buy a small but representative amount, then sell it immediately. Both should complete. If the sell fails or reverts, this is a honeypot. If the fees on the sell are far higher than the stated tax, this is a partial honeypot or a tax-switching trap.
3
Use custom spend limits on approvals
When approving the token for the DEX, set a custom spend limit to the exact amount you plan to trade. Never grant unlimited token approvals to unfamiliar contracts.
4
Revoke approvals after testing
If you decide not to size up after testing, revoke the approval. If you do size up, revoke the approval after you exit. Stale approvals to contracts you no longer use are a long-tail risk.
Tools That Help (Free To Start)
These are the tool categories. Use well-known, established options in each category. Avoid sites that request unnecessary wallet permissions or ask you to sign anything.
Tool categories
Block explorers: Verify source code, ownership, events, mint history, and transfer patterns. Essential for the contract sanity check in section 1 of the workflow.
Token safety scanners: Flag common honeypot patterns, changeable taxes, and dangerous owner functions automatically. Useful for a fast first-pass, but never a substitute for reading the contract yourself.
Token unlock calendars: Confirm upcoming unlock dates and amounts per recipient category. Knowing when large unlocks occur is part of timing a position and monitoring for soft rug risk.
Liquidity locker dashboards: Verify LP lock duration and the identity of the locker contract. Confirm the lock is real and the expiry date matches what the team claims.
Approval managers: Review and revoke active token approvals. Run after any testing session and after exiting any position.
Quick Decision Tree
If everything else in this article gets compressed to a single page, this is it. Run through in order. The first "pass" ends your analysis.
1
Privileged functions with no governance?
Owner can change taxes, pause trading, mint supply, or blacklist wallets without a time-lock or multisig process. Pass.
2
Liquidity unlocked or insider-controlled?
LP tokens are not locked, or they are held by a wallet that could remove liquidity at any time. Pass.
3
High or changeable taxes, or sell blocks?
Taxes are set to levels that destroy any realistic profit on exit, or the owner can change them without restriction. Pass.
4
Opaque team, no docs or audit, hype-only?
No verifiable team, no real documentation, no independent coverage, and the primary signal is promoter activity. Pass.
5
All checks clean?
Tiny test buy and sell succeed. Fees are sensible. Locks are verified. Contract is clean. Start small. Size up only after the position survives two clean weeks.
Frequently Asked Questions
Yes, but the bar of other evidence rises. If there is no audit, you need stronger supporting signals: verified source code, open governance, a track record of shipping, and transparent team history. An audit reduces risk. Its absence does not automatically make a project fraudulent, but it does remove one layer of protection.
Safer from a hard liquidity pull, but not fully safe. Owners can still change taxes to extreme levels, blacklist holder wallets, mint new supply into the circulating pool, or pause trading entirely, depending on what functions the contract contains. Locked liquidity addresses one specific risk. The contract surface check addresses the others.
High fixed taxes that are written into the contract immutably are a fundamental economics problem. High changeable taxes are a control lever that can be weaponised. The combination of changeable taxes and an owner who can call the setter function at any time is the dangerous pattern, not the tax level alone.
No. Renouncing ownership removes certain admin powers from the original owner, but if backdoors already exist in the contract or the contract is upgradeable through a proxy, renouncing the surface-level ownership may not remove the actual control. Read the contract code or a verified scanner summary before treating renouncement as protection.
A hard rug is a fast, deliberate exit event: liquidity drained, tokens minted and sold, or contract functions weaponised to destroy value quickly. A soft rug is a slow wind-down: development stalls, team commitment fades, and insider wallets sell steadily into whatever retail interest remains. Hard rugs are more obvious in hindsight. Soft rugs are more common and harder to identify until the pattern is already well underway.
Some honeypots only activate above a certain trade size, or only after a certain number of blocks, or only against wallets that have held for more than a certain period. Others are activated by the owner after they see a meaningful buy. The tiny sell test is a necessary check but not a sufficient one. Use it alongside the contract surface check, not instead of it.
The live application of these frameworks, how on-chain signals are reading right now, and what the current cycle environment means for risk sizing will be covered in the weekly member update. Alpha Insider members get this analysis in real time every week across KAIROS timing, on-chain data, and macro signals.
This guide is for education only, not financial, investment, legal, accounting, or tax advice. Nothing here is a recommendation to buy, sell, or use any product or service. Cryptoassets are high risk and prices can go to zero. Only use amounts you can afford to lose. Availability and legality vary by country, so check your local rules before acting. You are responsible for your own decisions.
Bitcoin on-chain analysis, market cycles, and holder behaviour at The Markets Unplugged. Creator of Alt Sector Radar and Bitcoin Barometer. Maps on-chain signals to cycle phases.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Technical analyst and macro researcher at The Markets Unplugged. Creator of KAIROS v6 cycle-timing, the Delta Engine (6-factor weekly BTC signal), the BTC/VIX framework, and the Apex Macro Dashboard. Publishes the Cycle Read every Monday.
Discussion