ChainAware published findings this week that quantify something most DeFi participants already sense but rarely see expressed in precise terms: the baseline fraud rate in new token deployments is not a fringe problem. It is the modal outcome.
95% of new PancakeSwap pools end in rug pulls. Not a plurality. Not a majority. Nineteen out of twenty new liquidity pools on one of the most active DEXs in the world are created with the explicit or functional intent to drain investor capital.
The second finding is in some ways more significant than the first: professional fraud operations are now, at launch, indistinguishable from legitimate projects by any standard surface-level review. The signals that once separated a credible team from a rug — a website, a whitepaper, social media presence, even a Telegram community — have been industrialized. They are produced at scale, at low cost, by operations that run multiple rug cycles simultaneously across chains.
These two findings together define the problem that every investor, every launch platform, and every credible project team now operates inside. The fraud rate is high enough that default skepticism is the rational prior. The professionalization of fraud is complete enough that qualitative signals are no longer reliably informative. What remains is on-chain state — the only layer that cannot be faked.
What a Rug Pull Actually Requires
A rug pull is not primarily a deception operation, though deception is a component. It is a liquidity extraction operation. The mechanics are precise.
When a token launches on an AMM, the team provides initial liquidity — pairing their token against ETH, BNB, or a stablecoin in a liquidity pool. This initial liquidity is what gives the token a price. Buyers who purchase the token are, mechanically, swapping their ETH or BNB into the pool in exchange for the token. The pool’s reserve of ETH or BNB grows with each buy. The token price rises as the reserve ratio shifts.
The rug is the reversal of this process. The team — or whoever controls the initial LP token position — withdraws their liquidity from the pool. The ETH or BNB reserve, accumulated from buyers, is removed. The token’s price collapses to near zero because there is no longer a liquid market for it. Buyers cannot exit. Their capital is gone.
The critical intermediate step is the LP token. When a liquidity provider adds assets to a pool, they receive LP tokens representing their share of the pool. Whoever holds the LP tokens controls the ability to withdraw the underlying liquidity. In a rug pull, the team holds the LP tokens and redeems them at the moment of maximum pool value — typically after a coordinated pump has attracted maximum buy volume.
A liquidity lock takes the LP tokens and puts them in a time-locked custody contract. The holder of the LP tokens cannot redeem them until the lock duration expires. The rug pull mechanism — LP token redemption — is still present. It is just unavailable for the duration of the lock.
This is why a liquidity lock is the first line of defense, not the last. It does not require trusting the team’s intentions. It does not require reading a whitepaper or assessing a roadmap. It is a binary, on-chain verifiable constraint: either the LP tokens are locked in an immutable contract for a defined period, or they are not. Investors can check this in seconds. The answer is definitive.
Why the 95% Figure Changes the Calculus
The ChainAware finding reframes the prior probability that any given new pool is legitimate.
If the base rate of rug pulls in new pools is 5% — one in twenty — then a qualitative positive impression of a project is moderately informative. Most projects are legitimate. This one seems legitimate. Reasonable inference: probably legitimate.
If the base rate is 95% — nineteen in twenty — the calculus inverts. A qualitative positive impression is not moderately informative. It is almost worthless, because the 95% of fraudulent projects have been specifically engineered to produce a positive impression. The signal carries almost no information because the fraudulent operations have learned to produce it at will.
In this environment, the only evidence that meaningfully updates the prior is evidence the fraud operation cannot fake. A professional rug team can fake a website. They can fake a team LinkedIn, a GitHub with activity, a legal entity registration in a favorable jurisdiction. They cannot fake an on-chain liquidity lock without actually locking the liquidity — which would prevent the rug they are planning.
This is the asymmetry that makes on-chain verification the only defensible due diligence standard at the 95% fraud rate ChainAware has documented. Fakeable signals are noise. Non-fakeable signals — locked LP tokens in a verified, immutable contract — carry the only information that discriminates between legitimate and fraudulent at the statistical base rate that now exists.
The Professionalization of Fraud
The second ChainAware finding — that professional fraud operations are now indistinguishable from legitimate projects at launch — deserves its own analysis because it describes a qualitative shift in the threat model, not just a quantitative one.
Early DeFi rug pulls were often identifiable in advance by their roughness. Anonymous teams, minimal documentation, no code audit, placeholder websites. The signals were weak but present. A careful investor doing basic research could identify many of these projects as high-risk before deploying capital.
What ChainAware’s data describes is a different operational tier. Teams running industrialized fraud have studied what legitimate projects look like and replicated the surface features with high fidelity. Professional copywriting. Credible technical documentation. Doxxed pseudonymous team members with histories. Audit certificates from firms the average investor cannot assess for quality. Marketing cadences that mirror legitimate launch strategies. Community management that maintains the appearance of organic engagement.
This is not a description of a corner of the market. It is a description of a production pipeline. The fraud operations that generate 95% of new pool rug pulls are not running one project at a time. They are running portfolios of projects across chains, with standardized playbooks, shared infrastructure, and refined timing on the pump-and-dump cycle.
Against this operational tier, the traditional due diligence checklist — read the whitepaper, check the team, review the tokenomics, assess the audit — offers marginal protection at best. Each item on that checklist has been specifically addressed by the professional fraud playbook. The checklist was built for a less sophisticated adversary.
The Verification Hierarchy
Given ChainAware’s data, a useful frame for investors is a verification hierarchy ordered by fakeability. Not all due diligence signals are equally informative at the 95% base rate. The most defensible approach prioritizes signals in order of how difficult they are to manufacture.
Non-fakeable (highest signal): On-chain locked liquidity in a verified, immutable contract. The LP tokens are either in a time-locked custody contract or they are not. This is checkable in seconds on any block explorer. No professional fraud operation can fake this without actually locking their liquidity — which means accepting a real constraint on their ability to rug.
Contract immutability and renounced ownership. A contract with no admin keys and no upgrade path cannot be modified to introduce a backdoor after deployment. Verifiable on-chain by checking the owner address against the zero address and reviewing the bytecode for proxy patterns.
Difficult to fake (moderate signal): Audit reports from established, verifiable firms — provided the investor can assess audit firm quality and scope. The professional fraud playbook includes fake or low-quality audits, so this signal requires secondary verification of the auditing firm’s track record.
Verified on-chain transaction history for the deployer address. A deployer address with a coherent, long history of legitimate activity is harder to manufacture than a fresh wallet. Not impossible — established wallet histories can be purchased — but operationally more costly.
Easily faked (low signal at 95% base rate): Websites, social media presence, Telegram communities, team profiles, whitepapers, roadmaps. These are production assets the professional fraud playbook generates at scale. Their presence is necessary but not sufficient. Their absence is informative. Their presence is not.
The practical implication: an investor applying the verification hierarchy should anchor their risk assessment on the non-fakeable tier and treat the easily faked tier as context, not evidence.
What Verified Locks Communicate to the Market
The case for liquidity locks is not only defensive — it is signaling.
In an environment where 95% of new pools are fraudulent, a verified, immutable lock communicates a specific and credible piece of information: the team has accepted a real constraint on their ability to extract capital. This is not a statement that can be made with a tweet or a whitepaper section. It is demonstrated by the on-chain state of the LP tokens. Either the lock exists, with a verifiable duration and a verifiable custodian, or it does not.
For legitimate projects, this signal is asymmetrically valuable. The fraudulent 95% cannot replicate it without defeating their own purpose. The legitimate 5% can produce it at minimal cost — a flat fee, a 10-minute transaction, a permanent on-chain record. The signal is cheap to produce for projects that intend to honor it, and impossible to fake for projects that do not.
This asymmetry means that as the fraud base rate rises, the value of a verified lock as a credibility signal increases. At a 95% fraud rate, an investor who filters for locked liquidity is dramatically reducing their exposure to the modal outcome. They are not eliminating risk — locked projects can still fail, mismanage funds, or underdeliver. But they are removing the rug pull mechanism as a live threat for the lock duration.
The embed widget completes this signaling loop. When a project displays a live 0xKeep lock verification directly on their landing page — showing investors, in real time, that the LP tokens are locked and for how long — they are doing something no amount of marketing copy can replicate: proving a constraint that their investors can verify independently, without trusting the project’s word at all.
The Table Stakes Argument
The ChainAware data makes a table stakes argument that is difficult to rebut.
If 95% of new pools are rug pulls, and professional fraud operations are indistinguishable from legitimate projects by qualitative review, then launching a legitimate project without a verified, immutable LP lock is launching into a market where investors are rationally applying deep skepticism to every new token — including yours. The lock does not guarantee success. It clears the first filter that any rational investor in this environment should be applying.
A project that chooses not to lock its liquidity is, in this data environment, making an implicit statement: that the optionality to withdraw LP tokens at will is worth more than the credibility signal of demonstrably surrendering that optionality. In a market where nineteen out of twenty projects are designed around that exact optionality, that is a difficult implicit statement to make innocently.
The flat fee for a 0xKeep lock is 0.03 ETH. There is no percentage deduction from the token supply. The lock takes minutes to execute. The on-chain record is permanent and publicly verifiable. For a project launching with serious intent, the cost of not locking — in credibility, in investor confidence, in the signal it sends in a 95% fraud environment — is substantially higher than the cost of locking.
Closing Note
ChainAware’s findings are a data point in a trend that has been directionally clear for some time: the DeFi fraud rate is high, it is rising, and the operations executing fraud have become sophisticated enough that traditional due diligence signals have lost most of their discriminative power.
The response to this environment is not to stop investing in new projects. It is to shift due diligence weight toward the signals that cannot be faked. On-chain locked liquidity is the most accessible, most verifiable, and most immediately meaningful of those signals.
For legitimate projects, the lock is cheap, fast, and permanent. For fraudulent operations, it is incompatible with the mechanism they depend on. The 95% who intend to rug will not lock. The 5% who do not should.
0xKeep operates on an immutable, zero-admin-key architecture. No wallet — including those controlled by the 0xKeep team — can pause, modify, or interact with deployed contracts. Time is the only admin.
Deploy on Base, Arbitrum, or Optimism at 0x-keep.xyz Follow protocol updates: @0xKeep_official