Rug pull
rugpull
A scam in which protocol operators withdraw user funds and abandon the project — distinct from a smart-contract exploit.
Common rug vectors: removeable LP, owner-only mint functions, upgradeable proxies with no timelock, hidden owner addresses. Audits often catch the technical surface but cannot rule out social rugs (founder vanishes with a multisig key).
Related terms
- ExploitA security failure that lets an attacker drain protocol funds — historically the dominant loss vector in DeFi.
- Governance attackAn exploit that uses voting power (acquired or borrowed) to pass a proposal that drains a protocol.
- MultisigA wallet requiring m-of-n signers to authorise a transaction — the dominant operational-control pattern in DeFi.