什麼是Rug Pull詐騙？如何辨識：7大關鍵警訊

加密貨幣以去中心化、開放及全球交易的承諾徹底革新了金融可能性，但同時也因其開放特性，成為高明詐騙的溫床。詐騙分子利用技術本身的特質，發展出一套複雜的騙局。

在眾多詐騙手法中，「Rug Pull」（抽地毯式詐騙）已成為加密圈最具破壞力的騙局之一，在短時間內就造成投資人損失數十億美元。

加密革命為金融創新帶來了全新局面，從可編程貨幣到去信任金融服務無不推動技術進步。但在這場盛世底下，匿名、監管有限以及FOMO（錯失恐懼症）人性弱點交織，成就了掠奪性騙局的溫床。

2024年，Comparitech的區塊鏈鑑識團隊就記錄了92起Rug Pull成功案例，總共竊取了1.26億美元，受害最慘的是DeFi協議與迷因幣。

隨區塊鏈技術發展遠超監管腳步，投資人必須培養自己的風險防範能力。本指南將深入分析Rug Pull的運作原理、警示徵兆與其不斷變形的詐騙手法，無論是新手還是老手，都能在高風險高報酬的市場中提升保護意識。

什麼是Rug Pull：加密詐騙解剖

Rug Pull指的是特定類型的退出詐騙，開發團隊創建看似正規的加密貨幣或NFT項目，透過行銷手法建立信任，等資金進入後便撤走流動性或兌換投資人資金，最終棄置項目。

此名稱源於英文諺語「pulling the rug out from under someone」，比喻受害者原本以為穩固的投資，卻在一夕間化為烏有，只剩下幾乎毫無價值的數位資產。

與技術漏洞或協議攻擊不同，Rug Pull是由項目的內部團隊精心策畫的詐騙。因此，受害社群常因投入情感及信任而格外受到打擊。

這類詐騙大多按照以下四個階段精心佈局：

項目啟動與基礎建設

開發者會打造一個新的代幣，通常部署在如以太坊、BNB鏈（前稱幣安智能鍊）、Solana或Avalanche等主流、擁有完善智能合約功能的鏈上。接著，將該代幣與主流穩定幣（如USDC、USDT）或鏈原生幣（ETH、BNB）組成流動性池，並在Uniswap或PancakeSwap等去中心化交易所開放交易，建立基礎市場。

團隊往往會建立專業網站、白皮書與社群媒體帳號以增加可信度。這些資料通常吹捧革命性技術、宣稱與知名機構合作（多為虛構），並規劃雄心壯志的進度藍圖勾勒投資人想像。

製造熱潮與社群經營

基礎打好後，詐騙者會展開多管齊下的行銷操作。Discord及Telegram社群被用來提升用戶參與感，Twitter/X動態與公告營造高人氣。加密媒體的付費發文、以及與KOL「合作」更擴大聲量。2023年Fintoch騙局就是典型案例，宣稱每日高達1%的收益、假冒高盛背景，迅速吸金3160萬美元後銷聲匿跡。

現代Rug Pull日益仰賴AI生成團隊照與偽造資歷營造專業形象。2024年「MetaFi Protocol」騙局就是全AI產生Google與JP Morgan資歷假團隊，募集420萬美元後崩盤。

集資與價格操縱

當投資人資金大量湧入，代幣價格水漲船高——有時自然成長，但多數是詐騙者背後自導自演。洗售（團隊自我買賣）製造成交假象與價漲幻覺，低流動性更使價格湧動劇烈，投機者進一步推高幣價。

此期間，開發團隊經常以「券鎖機制」或設高交易費（懲罰賣出者）限制售出流動，確保資金能單向流入。這些限制常被包裝成「反巨鯨機制」或創新代幣經濟模型。

精心出場與善後

最後一階段，詐騙團隊協同撤出所有項目資產。手法高超者隱藏於智能合約的暗門，啟動特殊功能繞過流動性鎖、無限制增發、或直接清空資金池。其他則選在高價時賣光全部持有，令幣價崩盤。

善後多為社群帳號刪除、官網停擺、所有聯絡方式消失。部分大膽如2021年Defi100出場，甚至留下嘲諷訊息：「我們騙了你們」，帶著3200萬美金消失。

技術與心理操弄共存的Rug Pull

隨著投資人警覺提升，Rug Pull手法也在不斷演化，主要可分為以下幾種：

硬Rug Pull：技術操控型詐騙

這類利用智能合約後門或隱藏參數直接動手腳，讓開發者繞過防護機制，或從協議中直接將資金提出。常見做法包括：

無限制增發：隱藏程式碼使團隊可隨時新發行代幣，稀釋持幣價值。
流動性後門：設置繞過流動性池鎖定的暗門，方便隨時提資金走人。
交易操控權：代碼允許特定人員凍結他人交易，唯獨自己能操作。
閃電貸操控：利用閃電貸操控價格預言機，再瞬間抽離資金池。

2024年Magnate Finance詐騙展現了這類技術的進化：開發團隊精心操控協議價格預言機，暫時抬高抵押價值，再揮走640萬美元資產。類似的，Kokomo Finance更在智能合約內設置後門，無視資金鎖定，斂財550萬美元。

此類詐騙往往以高竄改、難追蹤為目標，資安審查時偽裝善意，累積信任後再用代理合約替換掉核心功能。2023年底GRS Protocol案就是成功通過三次審計，僅在安全審通過後才惡意修改程式。

軟Rug Pull：市場與心理欺騙

軟Rug Pull較少技術攻擊，重點在心理操縱與幣權分布。系統本身仍在運作，但：

協同拋售：團隊或大戶持幣過重，拉高價格後一起傾售出貨。
發展棄置：項目雖仍營運，但已不再維護或開發，承諾功能流產。
過度包裝：過度行銷熱度帶動，但產品毫無實質進展，最終悄然棄置。

2022年Squid Game代幣即是典型，團隊利用Netflix熱潮吸金340萬美元，等大量持有人聯合砸盤，價格數小時內暴跌99%，雖合約照常運作，實際價值卻瞬間歸零。

慢性Rug Pull：長期套現策略

一種新興手法，常緩慢、不知不覺將資金逐步抽出，如：

高額交易稅：每筆轉帳抽5-15%作為「基礎稅金」，最後流入開發者口袋。
膨脹型質押利率：以新投資人資金虛增年化回報，實際不可持續。
不斷募資：持續辦IDO、NFT發售或推新品，反覆向同一社群收割資金。

2023年Stable Magnet案即透過10%轉帳稅號稱用於「推廣」，實際不斷將流動性轉入團隊帳戶，數月來累計套走2700萬美元，直到投資人才發現端倪。

及早發現Rug Pull：7大關鍵警訊

隨詐騙手法日益精進，投資人更需建立縝密的盡職調查流程。以下徵兆若同時出現，應高度警覺詐騙風險：

1. 團隊成員匿名或無法驗證

正規項目通常... feature transparent leadership with verifiable professional backgrounds. When teams hide behind pseudonyms, cartoon avatars, or provide credentials that cannot be independently verified, caution is warranted. The $760 million OneCoin scam, orchestrated by the now-infamous "Dr. Ruja," collapsed after investigators discovered fabricated credentials and false corporate registrations.

擁有透明且可驗證的專業背景的領導團隊是關鍵。當團隊躲在假名、卡通頭像後方，或提供無法獨立查證的資歷時，就必須提高警覺。臭名昭著的「Dr. Ruja」策劃的 OneCoin 詐騙案，最終在調查人員發現造假學歷與虛假公司登記後瓦解，涉案金額高達 7.6 億美元。

Practical verification tips:

Cross-reference team LinkedIn profiles with employment records
Check GitHub contribution history to verify developer experience
Use tools like Etherscan's "Contract Creator" tab to identify wallet addresses associated with previous projects
Verify conference appearances or speaking engagements claimed by team members

實用驗證小技巧：

交叉查核團隊成員的 LinkedIn 資料與真實就業紀錄
查閱 GitHub 貢獻紀錄來驗證開發經驗
利用 Etherscan「Contract Creator」標籤查找與先前專案相關連的錢包地址
驗證團隊成員聲稱參加的研討會或演講紀錄

2. Unaudited or Compromised Smart Contracts

Reputable projects undergo rigorous code audits by established security firms like CertiK, OpenZeppelin, or Hacken. Beyond simply claiming "audited" status, investors should verify:

The recency of the audit (code can change afterward)
The comprehensiveness of the audit scope
Whether critical issues were remediated
If liquidity pool tokens are genuinely locked via time-locked contracts

知名專案會經過 CertiK、OpenZeppelin 或 Hacken 等資安公司的嚴格程式碼審計。投資人不只能聽信「已審計」這種宣稱，還應進一步確認：

審計報告的時效性（程式碼可能後續又有改動）
審計範圍是否完整
關鍵問題是否已獲修復
流動性憑證是否真的以時間鎖定合約鎖住

The $5.8 million Merlin DEX collapse demonstrated this risk when developers bypassed a 12-month liquidity lock by deploying an entirely new contract with administrator privileges, nullifying the security measure.

Merlin DEX 崩盤案例（損失達 580 萬美元）正好證明此風險；開發團隊透過部署具管理者權限的新合約，繞過原本 12 個月的流動性鎖，導致安全機制徹底失效。

Contract security verification:

Confirm audits directly on security firms' websites, not just project claims
Check if contract code is publicly verified on block explorers
Review contract interactions using tools like Tenderly or Etherscan
Verify token ownership and privileged functions using tools like TokenSniffer

合約安全驗證：

直接在審計公司官網確認，而非只看專案聲稱
檢查合約程式碼是否已在區塊鏈瀏覽器公開驗證
利用 Tenderly 或 Etherscan 檢視合約互動紀錄
用 TokenSniffer 這類工具查驗代幣持有權和特殊權限

3. Abnormal Token Distribution and Ownership Patterns

Centralized token ownership represents one of the clearest rug pull indicators. When a small number of wallets control a disproportionate percentage of the supply, coordinated price manipulation becomes trivial. The 2021 AnubisDAO debacle, where 90% of tokens remained under insider control, allowed perpetrators to extract $60 million through synchronized selling.

過度集中的代幣分布是最明顯的「拉地毯」（rug pull）信號。當少數錢包掌控過高比例的代幣，價格操縱便容易發生。2021 年 AnubisDAO 案例中，有 90% 代幣落在內部人手裡，主事者同步拋售，獲利 6,000 萬美元。

Distribution analysis techniques:

Use blockchain explorers like BscScan or Etherscan to identify top holders
Be wary when more than 20% of supply is controlled by non-contract addresses
Check for suspicious token transfer patterns among top wallets
Verify token unlocking schedules and vesting periods

分布分析技巧：

利用 BscScan 或 Etherscan 查找大戶
當非合約地址持有超過 20% 供給量時需特別留意
檢查前幾大錢包之間的代幣轉移是否可疑
驗證代幣解鎖及歸屬期安排

4. Aggressive, Unsustainable Marketing Tactics

Legitimate projects balance marketing with development. Rug pulls often demonstrate inverted priorities, with extensive promotion but limited technical progress. Beware of:

Guaranteed return promises ("100x guaranteed")
Artificial urgency tactics ("last chance to buy before 1000x")
Excessive influencer promotion, especially by figures with histories of promoting failed projects
Marketing focused on price appreciation rather than utility or technology

合規專案會於行銷與產品開發間維持適度平衡。詐騙項目往往本末倒置，過度宣傳但技術進展有限。應警覺以下行為：

承諾保證獲利（如「100 倍獲利保證」）
製造虛假緊迫感（如「錯過這次就沒有 1000 倍機會」）
派遣網紅過度推廣，特別是有推銷失敗項目紀錄的網紅
行銷聚焦於報價上漲而非實際用途或技術

The 2023 SaveTheKids token exemplifies this danger, leveraging YouTube influencers to promote unrealistic gains before collapsing days after launch, resulting in substantial losses and subsequent legal action against the promoters.

2023 年 SaveTheKids 代幣便是典型例子，藉由 YouTube 網紅渲染不切實際的獲利，結果代幣在上市幾天內破產，造成巨大損失，主事者也面臨法律追訴。

5. Lack of Technical Substance or Verifiable Utility

Credible cryptocurrency projects address specific market needs with transparent technical approaches. Rug pulls typically feature abstract promises without concrete implementation details. The 2022 Frosties NFT project, which extracted $1.3 million while promising a metaverse game and merchandise that never materialized, demonstrates this pattern.

可信的加密貨幣專案會針對市場需求提出透明技術方案。拉地毯詐騙則多以空泛承諾，缺乏具體細節為特徵。2022 年 Frosties NFT 詐騙案即是例證，主事者承諾開發元宇宙遊戲及周邊商品，最終人間蒸發，捲款 130 萬美元。

Technical substance verification:

Review GitHub repositories for development activity
Assess whitepaper technical details beyond marketing language
Verify technology claims with independent experts
Look for working prototypes or testnet implementations

技術內容驗證：

查閱 GitHub 專案庫活躍度
評估白皮書中是否有實質技術規劃，而不只是行銷詞
與第三方專家驗證技術主張
檢查是否有實際原型或測試網版本

6. Suspicious Liquidity and Trading Patterns

Manipulated liquidity and artificial trading activity often precede rug pulls. Professional investors analyze:

Unnaturally perfect price charts (suggesting wash trading)
Sudden large liquidity additions with no organic growth
Restricted selling mechanisms in token contracts
Unusual slippage requirements for transactions

流動性與交易量遭人操縱時，往往是 rug pull 先兆。專業投資人會評估：

完美平滑的價格曲線（多為自買自賣假象）
沒有自然增長卻突然激增的流動性
代幣合約中限制出售的設計
交易時異常的滑價（slippage）要求

The 2024 "SafeMars" token exemplified these warning signs with perfectly smooth price appreciation over three weeks, followed by a complete liquidity removal when the market cap reached $12 million.

2024 年的「SafeMars」代幣就展現了這些警訊——其價格三週內呈現完美上漲，一旦市值達到 1,200 萬美元後，開發方隨即抽走全部流動性。

7. Unrealistic Promises and Economic Models

Sustainable blockchain projects operate within mathematical and economic constraints. Be skeptical of:

Extraordinarily high APY rewards (1,000%+ yields)
Perfect price stability promises without clear mechanisms
"Risk-free" investment claims
Multilevel referral structures resembling pyramid schemes

可持續的區塊鏈專案會遵循基本的數學與經濟常理。對於以下主張應高度警惕：

超高年化報酬率（APY 高於 1,000%）
承諾價格穩定且無透明實作機制
宣稱「無風險」投資
多層次分潤、類似老鼠會的推廣結構

The 2023 "Eternal Yield" protocol, which promised 2% daily returns "forever" through a supposedly revolutionary arbitrage algorithm, collapsed after two months when its unsustainable economic model inevitably failed, costing investors $8.4 million.

2023 年「Eternal Yield」協議號稱靠革命性套利演算法能「每天 2% 永久回報」，兩個月後經濟模型破滅，投資人損失高達 840 萬美元。

The Regulatory Response

The regulatory landscape surrounding cryptocurrency fraud is rapidly evolving as governments recognize the scale of financial harm caused by rug pulls and similar schemes:

加密貨幣詐騙的監管環境正快速演變，各國政府已意識到 rug pull 等騙局在金融領域帶來的巨大損害：

United States: Expanding Enforcement Actions

The SEC has significantly expanded its cryptocurrency enforcement division, bringing charges against multiple rug pull perpetrators under securities fraud statutes. The 2023 charges against Impact Theory for selling unregistered NFTs signaled a broader interpretation of digital assets as securities. The Department of Justice has also increased prosecutions, with the creators of the "Frosties" NFT rug pull receiving the first-ever criminal sentences for NFT fraud in 2023.

美國：強化執法力道
美國證監會（SEC）大幅擴編加密貨幣犯罪調查部門，針對多起 rug pull 案件以證券詐欺法起訴。2023 年對 Impact Theory 銷售未註冊 NFT 的起訴，顯示監管機關對數位資產採取更廣泛的「證券」認定。同年，美國司法部亦強力辦案，Frosties NFT 案成為首例 NFT 詐騙者被判刑案例。

European Union: Comprehensive Regulatory Framework

The EU's Markets in Crypto-Assets (MiCA) framework, fully implemented in 2024, establishes strict requirements for crypto asset service providers, including mandatory audits, liquidity reserves for stablecoins, and disclosure requirements for token issuers. The framework explicitly addresses exit scams with liability provisions for project founders.

歐盟：全面性監管制度
歐盟加密資產市場監管法（MiCA）於 2024 年正式生效，對加密資產服務業者訂定嚴格要求，包括必須進行審計、穩定幣強制設立流動性準備金，以及公開發行資訊。條文也明定項目創辦人必須對「落跑型詐騙」承擔責任。

Asia-Pacific: Targeted Enforcement

South Korea's Financial Intelligence Unit has implemented the Travel Rule, requiring exchanges to report sender/receiver information for transactions exceeding $1,000, creating an audit trail for fund flows. Singapore's Payment Services Act now includes specific provisions against deceptive token offerings, with enhanced penalties for fraudulent projects.

亞太地區：精準執法南韓金融情報單位已落實 Travel Rule，規定交易所對 1,000 美元以上匯款需申報收付雙方，建立資金流向審計紀錄。新加坡支付服務法也針對詐騙型發幣設有罰則，對不實宣稱項目嚴格控管。

Despite these advances, jurisdictional challenges persist. Many rug pulls operate through offshore entities or completely anonymous structures, leveraging privacy-focused blockchains and mixing services like Tornado Cash to obscure stolen funds. In 2024, Interpol's Operation HAECHI-IV coordinated arrests of 3,500 suspects linked to various crypto scams, yet recovery rates for stolen funds remain below 5%, highlighting the challenge of restitution.

儘管取得進展，跨域執法依然困難。許多 rug pull 利用離岸公司或完全匿名架構，並藉助如 Tornado Cash 等隱私服務隱匿資金流向。2024 年，國際刑警組織（Interpol）Operation HAECHI-IV 協調全球拘捕 3,500 名加密詐騙嫌疑人，但贓款追回率仍低於 5%，顯示實際追討難度極高。

Building a Comprehensive Protection Strategy

As regulatory frameworks evolve, investors must implement their own rigorous protection strategies:

投資人除了關注外部監管，更應自建嚴謹的防護機制：

Technical Due Diligence

Contract Verification: Use specialized tools like Etherscan's "Contract Diffchecker" to identify deviations from standard token templates
Permission Analysis: Verify which addresses have privileged functions using tools like Moonscan's "Contract Permissions" feature
Blockchain Analysis: Track developer wallet histories using Nansen or similar on-chain analytics platforms
Simulation Testing: Use Tenderly or similar platforms to simulate contract interactions before investing

技術盡職調查

合約驗證：利用像 Etherscan「Contract Diffchecker」等工具，偵測與標準合約模板的差異
權限分析：用 Moonscan「Contract Permissions」等功能查驗有特殊權限的地址
區塊鏈分析：透過 Nansen 等鏈上分析平台追蹤開發者錢包歷史
模擬測試：可先用 Tenderly 等模擬平台，進行合約操作測試

Community & Project Assessment

Social Sentiment Tracking: Monitor community sentiment using tools like LunarCrush or Santiment
Developer Communication: Evaluate the quality and transparency of developer updates and technical discussions
Team Verification: Use background check services specializing in cryptocurrency team verification
Funding Transparency: Review token allocation and use of proceeds from fundraising events

社群與項目評估

社群風向監控：用 LunarCrush、Santiment 等工具分析社群討論熱度
開發團隊溝通：觀察開發公告與技術討論的透明度與品質
團隊身份驗證：尋求專業加密產業背景查證服務
資金透明度：審核募資事件的代幣配置與資金去向

Structural Protections

Diversification: Allocate only a small percentage of your portfolio to high-risk assets
Staged Entry: Invest gradually rather than committing large sums at once
Exit Planning: Establish clear profit-taking and stop-loss parameters before investing
Use Trusted Launchpads: Platforms like CoinList, DaoMaker, and verified exchange launchpads conduct substantive due diligence

結構性防護

資產分散：將高風險資產僅占投資組合少數
分批進場：避免一次投入大筆資金
設定出場規劃：提前訂立獲利目標與停損點
使用可信發行平台：CoinList、DaoMaker 與主流交易所正式發射板塊皆有嚴格審查

Insurance and Recovery Options

DeFi Insurance: Protocols like Nexus Mutual and InsurAce now offer specific coverage against rug pulls
Legal Recourse: Document all investments carefully to support potential legal actions
On-chain Alerts: Set up wallet monitoring services to detect suspicious liquidity movements

保險與追償措施

DeFi 保險：Nexus Mutual、InsurAce 等協議提供 rug pull 相關保障
法律追訴：完整保留投資資料以利未來法律程序
鏈上監控：設置錢包預警服務，提前監測異常流動性變化

Navigating the Rug Pull Minefield

The cryptocurrency ecosystem's

（內容未完，需要更多內容請提供補充）unprecedented innovation comes with proportional risks. Rug pulls exploit the decentralized nature of blockchain - its greatest strength - to execute sophisticated financial fraud at scale. While regulators and analytics firms develop increasingly sophisticated countermeasures, the responsibility ultimately falls on investors to conduct thorough due diligence.

前所未有的創新伴隨著相應的風險。Rug pulls（抽地毯詐騙）利用區塊鏈去中心化的特性——這個最大優勢——來大規模執行複雜的金融詐騙行為。儘管監管機構和分析公司持續發展出更精密的對策，最終責任仍落在投資人身上，需進行徹底的盡職調查。

By prioritizing projects with transparent teams, audited contracts, sustainable economics, and genuine utility, investors can significantly reduce exposure to rug pulls. The most effective defense combines technical analysis, healthy skepticism, and disciplined investment practices.

投資人若優先選擇團隊透明、合約經過審計、經濟模型可持續、且具備真實效用的專案，可以大幅降低遇到 rug pulls 的風險。最有效的防禦手段在於結合技術分析、良性的懷疑態度，以及自律的投資習慣。

As the industry matures, stronger self-regulatory frameworks and improved technical safeguards will likely reduce the prevalence of these scams. Until then, the old adage applies with particular force in crypto: if something sounds too good to be true, it almost certainly is. The future of decentralized finance depends on replacing opportunistic exploitation with accountability - one verified contract, transparent team, and sustainable economic model at a time.

隨著產業逐漸成熟，更嚴謹的自律規範和技術防護措施有望降低這類詐騙的發生率。在這之前，投資加密貨幣時特別要謹記一句老話：「聽起來好得不真實的事情，幾乎都不是真的。」去中心化金融的未來，將取決於能否用負責任的機制取代投機剝削——每一份經驗證的合約、每一個透明團隊，以及每一個永續的經濟模型，都是朝向這個目標邁進的重要一步。