Crypto Scams via Ethereum & Stablecoins
How pump-and-dump operators, rug-pull projects, and NFT scams exploit Ethereum and stablecoin liquidity pools to exit with victim funds.
Part of: Crypto Scams
Last reviewed: 1 June 2026
Ethereum's programmable smart contracts and deep stablecoin liquidity create an environment where fraudulent token projects can launch, attract capital, and exit in a matter of hours. Pump-and-dump operations, rug-pull DeFi protocols, and fraudulent NFT projects have all become endemic on Ethereum because the tooling for deploying a token or an NFT collection is now accessible to anyone and launch costs are low.
Victims who deposit USDT, USDC, or ETH into a fraudulent liquidity pool or token presale watch the value crater as the deployers drain the pool and disappear. Because Ethereum transactions are irreversible, victims have no recourse through the payment rail.
How this scam works on Ethereum & stablecoins
A new token project is promoted aggressively through Twitter/X, Discord, and Telegram, promising high APY yield, exclusive NFT membership benefits, or early-access returns. Investors purchase the token with ETH or stablecoins on a decentralised exchange. The project team holds a large proportion of the supply and, once trading volume peaks, sells all holdings simultaneously — collapsing the price to near-zero while the deployers exit with the pooled ETH and stablecoins.
In rug-pull variants, the smart contract contains a hidden function allowing the deployer to drain the liquidity pool directly. Victims find their position worthless and the project's social accounts deleted within hours of the exit.
Common red flags
- Token presale or launch promoted exclusively through social media with no verifiable team identity
- Smart contract not audited by a recognised third-party security firm
- Deployer wallet holds an unusually large percentage of the total token supply
- Liquidity pool unlocked or with a very short lockup period allowing the deployer to withdraw at any time
- Guaranteed APY of hundreds of percent with no explanation of sustainable revenue
- Discord or Telegram server that removes critical questions or bans sceptical members
How to protect yourself
- Check the project's smart contract on Etherscan for any mint or drain functions that give the deployer unilateral power
- Verify that liquidity is locked for a credible period using liquidity-lock verification tools
- Research the team — anonymous teams with no verifiable identity carry significantly higher risk
- Check token distribution: projects where the team holds more than 20% of supply warrant extreme caution
- Only participate in DeFi protocols with published, recognised third-party audits from firms such as OpenZeppelin or Trail of Bits
How to report it
- Report the fraudulent contract to Etherscan's scam/phishing flag tool at etherscan.io/report
- Submit the project to the DeFi rug-pull tracking communities such as rug.ai or rug.doc for public documentation
- File with the FBI IC3 at ic3.gov or your national financial regulator with transaction hashes
Frequently asked questions
Is there any way to tell whether a DeFi project is a rug-pull in advance?
No method is foolproof, but several indicators significantly raise risk: anonymous teams with no prior verifiable history, unaudited contracts, very short liquidity lock periods, and deployer wallets holding a large supply percentage. Tools such as Token Sniffer and honeypot.is can scan contracts for known malicious patterns before you invest.