LEGALAUDIT
Cyber Coach

Financial fraud

Crypto rug-pulls and wallet drainers

Tokens that vanish in 24h, dApps that drain a wallet with one signature. The code is the evidence, not the marketing.

13 min readExpert

Red flags to recognize

  • Token with very low liquidity, contract unverified on Etherscan/BscScan
  • Contract functions like setTaxFee at 99%, unlimited mint(), arbitrary blacklist
  • Liquidity pool not locked or locked for very few days
  • Anonymous team, vague roadmap, bot-heavy Telegram
  • Suspicious airdrops in MetaMask with unknown tokens and a 'claim' signature request
  • Wallet popups asking for setApprovalForAll on NFTs or ERC-20 tokens
  • Clone pages of Uniswap, OpenSea or Blur on near-identical domains

What to do now

  • Read the contract on Etherscan: check owner, privileged functions, liquidity lock
  • Use a separate 'burner' wallet for interacting with new dApps
  • Regularly revoke approvals with revoke.cash or the Etherscan checker
  • Never sign setApprovalForAll requests you did not initiate
  • Hardware wallet (Ledger, Trezor) mandatory for significant funds
  • Cross-check tokens with DEXScreener, GoPlus Security and De.Fi Scanner

Real case

Meme-token rug pull 'SwissDoge', BSC 2025

A project sponsored by Italian crypto influencers launches 'SwissDoge' on Binance Smart Chain with an initial liquidity pool of 80,000 BUSD. Within 36 hours market cap exceeds 4 million, sustained by bot-generated volume.

After 48 hours the deployer calls renounceOwnership and then, via a hidden function in the contract, reassigns itself as owner and drains the entire pool. Over 1,200 retail wallets lose 4.2 million combined. The main site is dismissed within 12 hours.

Mythos forensic analysis of the contract had already flagged the backdoor: function _updateOwner(address) was marked internal but reachable via assembly. The deployer was on-chain linked to three previous rug-pull projects. The cluster was reported to Chainabuse and exchanges notified to freeze destination wallets.

What Mythos can do on this case

  • Smart contract analysis: ABI, privileged functions, hidden backdoors
  • Liquidity lock, ownership, mintable supply, blacklist verification
  • On-chain deployer tracing and linkage to other projects
  • Site and frontend script analysis for known drainers
  • Technical report for complaint and exchange notification

Next steps

Analyze the contract with MythosCheck on Chainabuse