1) Rug pull — what, how, why

What it is: the project team (or someone with power) removes liquidity or drains funds, crashing the token price and exiting with the money.

How it works (step-by-step):

1. Project issues token and creates a liquidity pool (token/ETH or token/stable).
2. Liquidity looks large and tempting. Users add funds.
3. Team retains admin rights or upgradeability (proxy) that allow them to later withdraw or change logic.
4. At “exit time” they call a function or upgrade a contract and remove liquidity or mint/transfer tokens out.
5. Token liquidity collapses; buyers can’t sell; attackers withdraw and vanish.

Example: Meerkat Finance — team upgraded vaults, obtained backdoor, drained large value.

User checklist to avoid:

• Verify whether liquidity is locked (look for irrevocable timelock or locked LP tokens).
• Check ownership/admin keys: is there a renounceOwnership or multisig (and who controls it)?
• Look for proxy upgrades or recent admin changes.
• Research team history and social proof; anonymous isn’t automatically bad, but lack of any on-chain checks is riskier.
• Prefer projects where LPs can’t be removed by a single key.

Builder defenses:

• Lock liquidity (or use community-controlled multisig); publish timelocks for upgrades.
• Minimize privileged roles; use multisigs with distributed signers.
• Use immutable contracts or require multi-day governance timelocks for critical changes.