99% of tokens launched on Pump.fun will rug. Not most of them — nearly all of them. And if you've been buying Solana meme coins without checking the on-chain data first, you've almost certainly been exposed to at least one.
Most retail buyers don't know what to look for. They see a Twitter thread, a Telegram group, a chart going green, and they buy. That's exactly what rug pull operators count on.
This guide fixes that. In the next 10 minutes you'll know exactly what to check before buying any Solana token — and how to do it in 60 seconds using RegPilot's free scanner.
Check Any Solana Token in 60 Seconds — Free
Check a Token Free →The Problem Is Worse Than You Think
Research from Solidus Labs confirmed that 98.7% of tokens launched on Pump.fun exhibited characteristics of pump-and-dump or rug pull activity. On Raydium, that number sits at 93%. These aren't edge cases — they're the default outcome.
The mechanics are brutally simple:
- Deploy token for $0.50 in gas
- Buy up your own supply in the same block as launch (Jito MEV bundles make this trivial)
- Build hype on Telegram and Twitter
- Let retail buy in
- Drain the liquidity pool and vanish
The entire operation can take 48 hours. Most buyers never see the warning signs because they don't know where to look.
You don't need to be a blockchain developer. You need to know what to check — and check it before you buy.
The 10-Step Pre-Buy Checklist for Solana Tokens
Run through these 10 checks before every Solana token purchase. Most rugs fail 3 or more of these tests. If a token fails 5+, the probability of a rug pull is high enough that you should walk away.
1 Liquidity Lock
Unlocked liquidity is the most reliable rug pull signal. When a team adds liquidity to a DEX pool (SOL + token), they can withdraw it in one transaction — collapsing the price to zero and making the token untradeable.
What pass looks like: LP locked for 12+ months on a verifiable third-party platform. Lock verifiable on-chain, not just claimed in a Telegram message.
2 Dev Wallet Concentration
If the deployer wallet still holds more than 5–10% of the total supply weeks after launch, they can sell into any retail rally and crash the price. Scammers often split allocations across 10–20 wallets to disguise concentration.
What pass looks like: No deployer-linked wallet holds more than 5% of supply. Team tokens are locked in a vesting contract with a publicly verified schedule.
3 Mint Authority
Mint authority allows the token creator to create unlimited new tokens at any time — instantly diluting every holder's position to near zero. On Solscan, check the Mint Authority field. If it's not a null address, mint authority is still active.
What pass looks like: Mint authority revoked. Total supply fixed at creation.
4 Freeze Authority
Freeze authority lets the token creator permanently freeze any wallet — blocking them from selling or transferring. Most legitimate projects revoke it immediately. If it's still enabled, the team can freeze your position whenever they choose.
What pass looks like: Freeze authority revoked (null address). Both mint and freeze authority disabled.
5 Top Holder Concentration
If two or three wallets collectively own more than 40–50% of the circulating supply, every retail buyer is exposed to a coordinated dump. No single wallet should hold more than 5–10% of supply (excluding LP pools).
Red flags: Top 3 wallets hold 60%+ combined. Multiple wallets funded from same source. No vesting schedule for founder allocations.
6 Audit Status
A third-party audit isn't a guarantee — but audited tokens are materially less likely to contain honeypot functions, hidden mint capabilities, or backdoor admin functions. CertiK, Hacken, and Paladin are the most recognized. RugCheck aggregates audit data for Solana-native tokens.
What pass looks like: Published audit from a recognized firm covering mint/freeze authority and contract-level permissions. Audit linked to the project and verifiable on-chain.
7 Social Signals
Social proof manipulation is the psychological layer that makes everything else work. Real projects build communities organically. Scammers buy Telegram members and pay micro-influencers.
Red flags: Telegram group with 30K members but 0 messages in 7 days. Twitter account created in last 30 days with 10K+ followers. Team refuses to doxx with real identities.
8 Contract Age
Over 60% of rug pulls execute within the first 7 days. Also check the deployer wallet's history — if the same address launched three other dead tokens, you've found a serial rug operator.
What pass looks like: Token live 30+ days with consistent trading activity. Deployer wallet has a clean, single-project history.
9 Honeypot Test
A honeypot contract lets anyone buy freely but prevents non-owner wallets from selling. This cannot be detected from marketing materials — it requires contract simulation.
What pass looks like: Simulated sell from a non-deployer wallet succeeds. Multiple non-team wallets have verified sell history on-chain.
10 Slippage Trap (Token-2022)
Token-2022 Solana tokens can use transfer hooks to impose asymmetric taxes: 1% on buy, 50–90% on sell. This isn't a honeypot but the economics make it equivalent.
What pass looks like: No transfer taxes, or symmetric low taxes (under 5%) disclosed transparently.
Want these 10 checks done automatically?
Run a Free Trust Score →Real Examples from RegPilot's Scoring System
Token A — Meme Coin
RegPilot Score: 23/100Red flags found:
- Mint authority: Still active. Team can mint unlimited tokens.
- Freeze authority: Not revoked. Team can freeze any wallet.
- Top holder: 47.3% held by a single wallet linked to deployer via launch-block funding transaction.
- Liquidity: LP tokens held by deployer wallet. No lock record.
- Contract age: 6 days old. No audit.
- Social signals: 18K Telegram members. 0 messages in last 7 days. Twitter account created 5 days ago.
- Honeypot: Sell function accessible but high sell tax (31%) makes exit economically prohibitive.
Token B — Utility DeFi
RegPilot Score: 41/100Red flags found:
- Holder concentration: Top 3 wallets control 58.4% of supply. No vesting schedule.
- Liquidity: Locked — but lock expires in 28 days. Short-duration locks are effectively no lock.
- Audit: None. Contract not verified on Solscan.
Yellow flags:
- Mint authority revoked (good)
- Freeze authority revoked (good)
- Contract age 47 days — old enough to be less new-scam, but holder concentration and short lock remain critical risks.
The Window Between Signal and Collapse Is Everything
On-chain warning signs — whale wallets starting to move, liquidity declining, mint authority invoked — appear on-chain hours or days before the price reacts. That window is where most rug pull damage is preventable.
Wallet Watchdog monitors any token you've bought and alerts you the moment risk factors change. $14/month — the first alert it saves you from a rug pull pays for a year.
Check Your Token Against the Same Criteria
Paste any Solana mint address into RegPilot's free trust score checker. All 10 checks run automatically — mint authority, freeze authority, holder concentration, liquidity lock, honeypot simulation, and more — in under 60 seconds.
Run a Free Trust Score → 🛡️ Wallet Watchdog