How to Spot a Solana Rugpull Before It Happens

What is a rugpull — and why Solana is its favorite home

A rugpull is a coordinated exit scam in which a token project's creators drain liquidity, dump their holdings, and abandon the project — usually within hours of launch, sometimes within minutes. The term comes from the image of pulling a rug out from under buyers who thought they were standing on solid ground.

Solana has become the preferred chain for rugpull operators for three specific reasons: transaction fees below $0.01, block finality under 400 milliseconds, and a permissionless token creation system that allows anyone to deploy a new SPL token in under two minutes with no review, no audit, and no accountability.

In the Solana ecosystem, the question is never whether rugpulls exist — it's whether the specific token you're looking at has been designed to become one.

This guide gives you a systematic process for identifying the most common rugpull signals before you commit capital. These are not opinions or gut feelings — they are measurable on-chain data points that any buyer can verify independently.

Signal 1 — Mint authority is not revoked

Mint authority is the permission that allows a token's creator to generate new supply at will, without any announcement or on-chain governance vote. When mint authority remains active after a token launches, one wallet can inflate the supply by billions of tokens in a single transaction.

1. Project launches with a defined supply of, say, 1 billion tokens
2. Early buyers accumulate — price rises
3. Creator mints 10 billion additional tokens (10× the original supply)
4. Creator dumps all newly minted tokens into the liquidity pool
5. Price collapses; original buyers cannot exit at a meaningful price

How to verify: Look up the token's mint address on Solscan. Under "Token Info," the "Mint Authority" field will show either a wallet address (dangerous — still active) or "None" (safe — revoked).

What legitimate projects do

Any project that wants to earn trust should revoke mint authority before or immediately after the token generation event (TGE). Revoking is a one-way, irreversible action — it cannot be undone.

Signal 2 — Freeze authority is active

Freeze authority is less commonly discussed than mint authority but arguably more dangerous from a holder's perspective. If freeze authority is active on a token, the creator can freeze any individual wallet — permanently preventing it from selling or transferring tokens.

How to verify: On Solscan, under "Token Info," check the "Freeze Authority" field. As with mint authority, a wallet address means it's active; "None" means it's been safely revoked.

Signal 3 — Wallet concentration is extreme

Important nuance: always exclude the liquidity pool wallet from your concentration calculation. Liquidity pools typically hold a large percentage of supply, but those tokens belong to the pool — not to insiders.

Signal 4 — Liquidity is unlocked or minimal

• Lock duration: a 24-hour lock is meaningless. Minimum acceptable is 30 days; 6–12 months is credible; "permanent" burns are best
• Locked percentage: if only 10% of liquidity is locked, the remaining 90% can still be drained immediately
• Lock platform: verify the lock exists on a recognized platform (Streamflow, Vaultx, Raydium's own lock mechanism). Screenshots from the team are not verification

Signal 5 — The contract was deployed minutes ago

Token age is not a guarantee of legitimacy — but it is a useful filter. The overwhelming majority of rugpulls execute within 24–48 hours of token creation. A token less than one hour old with aggressive social promotion should trigger maximum skepticism.

Signal 6 — Social channels are manufactured

• Telegram members joined within a narrow time window
• All positive comments, zero substantive questions answered by the team
• Members banned for asking about mint authority, freeze authority, or lock status
• Team identity is fully anonymous with no verifiable history in any prior project
• Website was registered days ago (check WHOIS / RDAP — Hannisol does this automatically)

The Hannisol rugpull score — what it measures

A score above 75 in this dimension means the token exhibits multiple high-confidence rugpull signals simultaneously. Hannisol does not tell you whether to buy — it shows you the evidence so you can decide.

A practical checklist before every buy

1. Search the token on Hannisol — check the overall risk score and all eight dimensions
2. Open the token on Solscan — verify mint authority and freeze authority are both "None"
3. Check the Holders tab — confirm top 10 wallets (excluding LP) hold less than 50% of supply
4. Find the liquidity pool on Raydium or Orca — verify a lock exists with meaningful duration
5. Check the project's domain age via Hannisol's WHOIS integration or manually via a RDAP lookup
6. Look at the Telegram or Discord — ask directly about mint authority revocation and observe how the team responds

Key takeaways

• Rugpulls on Solana are fast, cheap to execute, and extremely common — skepticism is the default correct position
• The four most reliable on-chain warning signals are: active mint authority, active freeze authority, extreme wallet concentration, and unlocked liquidity
• All four signals are publicly verifiable on Solscan in under 5 minutes
• Hannisol automates this verification and weights each factor into a composite risk score

Analyze any Solana token on Hannisol to see its full risk profile.