pump.fun launches thousands of tokens every day. Most of them are worthless within minutes. A small number are outright scams — engineered to extract money from traders the moment they buy in.
After scanning tens of thousands of tokens on Solana, we've identified five patterns that appear repeatedly in rug pulls. They look different on the surface — different names, different stories, different communities — but the on-chain fingerprints are identical. Here's each one, what it looks like in real data, and how to catch it before the dump.
🔴 The Dev Wallet Dump
The creator launches the token, quietly acquires 15–25% of the supply in the first block through the same wallet that deployed the contract, then waits for organic buy pressure to push the price up. Once they see momentum — usually within 20 to 40 minutes of launch — they sell everything in a single transaction. Price drops 85–95% instantly.
The tell is always visible on Solscan before the dump: the deployer wallet holds a disproportionate share of supply, and that wallet has done this before.
🔍 Pumpora detects
- DANGER — Creator wallet holds >10% supply
- DANGER — Deployer has 3+ prior rug history
- WARN — Dev wallet acquired tokens in launch block
🔴 The Bundled Launch
Instead of one dev wallet holding supply, bundlers distribute it across 8–20 wallets that all buy in the same millisecond window at launch. Each wallet holds 2–4% of supply — small enough to look normal individually. Combined, the cartel controls 30–60% of the float before anyone else can buy.
This pattern is harder to spot manually because no single wallet looks suspicious. But on DEXScreener, you'll see the first 10–15 trades all arriving in an identical timestamp cluster.
🔍 Pumpora detects
- DANGER — Bundled supply: 14 wallets, same block, 47% combined
- DANGER — Top 10 holders control >60% of supply
- WARN — Wallet cluster shares funding source
🔴 The Honeypot (You Can Buy, You Can't Sell)
This one is the most insidious. The token looks completely normal — price is going up, there's volume on DEXScreener, people are posting gains in Telegram. But when you try to sell, the transaction fails. Every time. The creator has used Solana's freeze authority to disable outgoing transfers, or has written a transfer hook that silently blocks sells.
The freeze authority flag is visible on-chain before you buy — but you have to know to look for it. On pump.fun launches, the token program should have freeze authority revoked immediately. If it hasn't been, treat it as a red flag.
🔍 Pumpora detects
- DANGER — Freeze authority not revoked
- DANGER — Transfer hook present on token program
- WARN — Mint authority not renounced
🟡 The Copy-Paste Scam
When a legitimate memecoin gets traction — say it's trending on pump.fun and being shared in alpha groups — scammers immediately deploy a near-identical token: same name, same ticker symbol, same description, often even the same image URI pointing to the same file. Traders rushing to buy the trending token accidentally buy the fake one.
The pattern is obvious in metadata: the description is a character-for-character copy of another token, and the deployer wallet was created within the last 24 hours.
🔍 Pumpora detects
- DANGER — Description duplicated from another token
- WARN — Deployer wallet age <24 hours
- WARN — Image URI matches existing token
🟡 The Fake Liquidity Lock
More sophisticated scammers know that experienced traders check for liquidity locks. So they lock LP tokens — but only for 24 or 48 hours. They advertise it as "liquidity locked" in their Telegram, technically true, functionally useless.
A legitimate project locks liquidity for a minimum of 6 months, usually longer. Anything under 30 days is not a lock — it's a countdown timer. You can verify lock duration directly on Solscan by checking the LP token's unlock timestamp.
🔍 Pumpora detects
- DANGER — Liquidity lock duration <7 days
- WARN — Liquidity lock duration <30 days
- WARN — Lock covers <80% of LP tokens
Quick Reference: 5 Patterns at a Glance
Before you buy any token on pump.fun, run through this checklist:
- ✅ Dev wallet holds <5% of supply
- ✅ No coordinated multi-wallet buying in launch block
- ✅ Freeze authority revoked, mint authority renounced
- ✅ Token description is unique (not copied)
- ✅ Deployer wallet older than 7 days with clean history
- ✅ Liquidity locked for 6+ months
Checking all six manually takes 10–15 minutes per token. If you're trading fast-moving launches on pump.fun, you don't have that time.
Why These Patterns Keep Working
The common thread across all five patterns is speed and information asymmetry. Scammers are fast — a copy-paste token can be deployed in under a minute, a bundled launch is pre-planned before the token even goes live. Traders are under pressure — a token trending in a Telegram alpha group creates FOMO that overrides careful analysis.
The only reliable counter is automated on-chain analysis that runs faster than you can trade. For a deeper look at each of the 10 signals we check, read our earlier guide: How to Detect a Rug Pull on Solana Before You Lose Money.
Check Any pump.fun Token in 3 Seconds
Pumpora scans all 10 signals automatically — dev wallet history, bundle detection, freeze authority, liquidity lock, and more.
🔍 Scan on TelegramSAFE for 3 extra free scans