BSC is the most rug-heavy chain in crypto. Low fees mean anyone can deploy a token for under a dollar. Over 5,000 new tokens launch every day — most of them are scams.
But here's the thing: almost every BSC rug pull leaves the same on-chain signals before the exit. If you know what to look for, you can avoid 90% of them.
1. LP not locked
This is the single most common rug mechanic on BSC. The deployer creates a PancakeSwap trading pair, adds liquidity, but never locks the LP tokens. When enough buyers have entered, they withdraw all liquidity and disappear with the BNB.
Checking LP lock status takes 5 seconds. If it's not locked — don't buy. Period.
Over 70% of BSC rug pulls involve unlocked liquidity pools. This one check alone filters out the majority of scams.
2. Owner not renounced
If the contract owner hasn't renounced ownership, they can change the rules at any time. They can:
- Enable a mint function and print billions of new tokens
- Pause all transfers so nobody can sell
- Add your wallet to a blacklist
- Change the sell tax from 0% to 99%
- Upgrade the contract logic via a proxy
3. Top wallet holds 20%+ of supply
If a single wallet (not a DEX contract, not a burn address) holds more than 20% of the total supply, they can crash the price by selling. On a thin-liquidity BSC token, a 20% supply dump will wipe 80-90% of the price.
DexScanner automatically filters out burn addresses and DEX contracts from the concentration calculation — so when we say a wallet holds 20%, it's a real wallet with real dump risk.
4. Contract not verified on BscScan
If the deployer didn't verify (open-source) the contract on BscScan, you have no way to read what the code actually does. It could contain hidden mint functions, transfer restrictions, balance manipulation, or backdoor admin functions.
Legitimate projects verify their contracts. Scammers don't, because the code would reveal the trap.
5. Deployer wallet has deployed honeypots before
Serial ruggers reuse wallets. GoPlus maintains a database of deployer addresses linked to known honeypots, phishing, and malicious contracts. DexScanner checks this automatically and flags it as a critical risk signal.
If the deployer has created even one honeypot before, the odds of this token being legitimate are near zero.
The compound effect
Any one of these signals is a warning. Two or more together is a pattern. DexScanner's scoring algorithm detects combinations:
- Unlocked LP + thin liquidity = classic rug setup
- Active owner + mint function + low liquidity = dilution dump risk
- High concentration + thin liquidity = whale-controlled exit
- Price crashing 50%+ + unlocked LP + new contract = live rug signature
The 5-second habit: paste the contract address into DexScanner before every buy. If the score is below 40, walk away.
Ready to scan?
Paste any contract address. Risk score in 5 seconds. Free.