Every week, articles claim “millions stolen by crypto scams” — but the numbers are usually vague estimates from security firms aggregating every type of incident: hacks, bridge exploits, phishing, and simple scam tokens all lumped together.
This article is different. These numbers come from RektRadar’s own on-chain tracking pipeline: real pool deposits, real withdrawals, real ETH amounts extracted from Uniswap V2 and V3 pools by scam token deployers.
The 90-day summary (Feb — May 2026)
| Metric | Value |
|---|---|
| Rug pulls tracked | 2,220 |
| ETH deposited by scammers (liquidity seed) | 5,076 ETH |
| ETH withdrawn when rugging | 9,233 ETH |
| Net ETH stolen from victims | 4,157 ETH (~$9.5M) |
| Average per day | 46 rug pulls / 277 ETH stolen |
| Average per week |
At the current ETH price ($2,279), 4,157 ETH = approximately $9.47 million extracted from retail buyers in 90 days — just from the rug pulls RektRadar has tracked on Ethereum mainnet.
The real figure is higher. Our pipeline catches pools that go through Uniswap V2/V3 factory events. Scams deployed on other AMMs (Sushiswap, Camelot, etc.) or that never create a pool are not counted.
How the math works
In a typical rug pull:
- Scammer deploys an ERC-20 token and adds initial liquidity (e.g. 1 ETH + 1 billion tokens)
- Victims buy the token on Uniswap — they send ETH into the pool, receive tokens back
- Scammer removes liquidity — they withdraw their original 1 ETH plus all the ETH victims contributed
The “ETH deposited” in our data is the scammer’s initial seed. The “ETH withdrawn” is everything they pull out. The difference — 4,157 ETH — is the net ETH that went from victims’ wallets to scammers’ wallets.
The worst days
| Date | Rug pulls | ETH stolen | USD equivalent |
|---|---|---|---|
| 2026-04-25 | 216 | 469 ETH | approx. $1.07M |
| 2026-04-27 | 224 | 411 ETH | approx. $937k |
| 2026-04-24 | 217 | 394 ETH | approx. $898k |
| 2026-04-23 | 200 | 373 ETH | approx. $851k |
| 2026-04-18 | 62 | 391 ETH | approx. $891k |
April 24-27 was a peak period: 4 days back-to-back with 200+ rug pulls per day, totalling over 1,600 ETH extracted (~$3.6M in 4 days). This coincides with a memecoin hype cycle — scam factories front-run narrative-driven buying.
Scale: 69,000+ contracts analyzed
| Metric | Value |
|---|---|
| Total contracts analyzed | 69,172 |
| Liquidity pools monitored | 94,156 |
| Unique deployer wallets mapped | 33,311 |
| Deployer clusters (connected networks) | 491 |
| Blacklisted scam clusters | 10 |
| Honeypot rate | 14.94% |
| Contracts with risk score 61-100 | 11,951 |
1 in 6 new ERC-20 tokens on Uniswap is a honeypot or high-risk rug pull. The median risk score across all analyzed tokens is 13/100 — the majority of deployments are legitimate — but the malicious tail accounts for the bulk of victim losses.
Scam factories: one bytecode, hundreds of thousands of deploys
The single most replicated drain contract blueprint in our bytecode database has been matched against 301,311 on-chain deployments. One scam template, hundreds of thousands of tokens.
This is how organized scam operations work: a factory operator develops one functional honeypot contract, then mass-deploys it under different names and tickers for each narrative cycle ($WAR, $PEPE, $AI, $TRUMP…). The bytecode is essentially identical — only the metadata changes.
Top scam bytecode patterns tracked:
| Pattern type | On-chain deployments | Top flags |
|---|---|---|
| Drain blueprint | 301,311 | scam_factory_name, hardcoded_blacklist, misspelled_drain_function |
| New wallet rug | 194,358 | new_wallet, liquidity_at_creation |
| Backdoor mint | 96,031 | hidden_owner, unrestricted_mint |
Connected scam networks
We track wallet clusters — groups of addresses connected by on-chain funding patterns. Our graph-crawler maps the ETH flow between wallets: when the same funder seeds multiple deployer wallets across different scam tokens, they appear in the same cluster.
Of 491 clusters identified, 10 are fully blacklisted as confirmed multi-token scam networks. A single blacklisted cluster is often responsible for 20-50+ rug pulls, all from fresh wallets funded from the same origin address.
Typical pattern: origin wallet → 5-10 deployer wallets → each deploys 1-3 tokens → rug within hours → proceeds flow back to origin. The whole cycle takes under 24 hours.
Extrapolated annual impact
| Timeframe | Rug pulls | ETH stolen | USD (at $2,279/ETH) |
|---|---|---|---|
| 90 days (tracked) | 2,220 | 4,157 ETH | ~$9.5M |
| Estimated annual (×4) | ~8,880 | ~16,600 ETH | ~$37.8M/year |
This is a conservative lower bound for ETH lost on Uniswap V2/V3 alone from scam tokens RektRadar has detected. Add undetected scams, other DEXes, and non-pool scams (fake airdrops, approval drains) and the real annual figure is likely 2-3x higher.
How to protect yourself
- Always check the contract address before buying — never trust the token name or ticker
- Paste the address into app.rektradar.io — risk score in seconds
- Red flags to never ignore:
honeypot,sell_failed,hidden_owner,scam_factory_name - Check the deployer: has the same wallet deployed other flagged contracts?
- If a token is trending on Telegram or Discord and has no audit — assume it is a scam until proven otherwise
RektRadar runs three independent signals: on-chain buy/sell simulation, static bytecode analysis, and deployer graph traversal. A token that passes all three is significantly safer than one that has never been scanned.
The live stats are updated in real time at rektradar.io.