90% of Tokens Deployed on Uniswap v2 on Base Were Hard Rug Pulls

How attackers are mass-producing scam tokens on Base and why it’s a bigger problem than you might think.

Over a recent 28-day period, Forta’s ML team took a closer look at the Base blockchain to study the scale and tactics behind malicious token deployments, specifically, hard rug pulls, where tokens are created with built-in malicious code or logic that guarantees buyers will be scammed.

What we found was alarming:

Nearly 90% of tokens deployed with Uniswap v2 pools on Base during that window were hard rug pulls.

Even when you zoom out and include all tokens deployed on Base (across Uniswap v2, v3, v4, and Aerodrome), the number is still shockingly high: about 22% were malicious, conservatively.

Let’s break down how these attacks work—and why they’re scaling like never before.

A New Generation of Scam Tokens

The low cost of deploying tokens on Base has enabled a new strategy for bad actors: spray-and-pray rug pulls.

Instead of creating one scam token and trying to promote it widely, malicious actors now create thousands of scam tokens, each with just enough activity to bait unsuspecting traders. If one takes off, they profit. If it doesn’t, they rinse and repeat.

Here’s what a typical attack pattern looks like:

1. Deploy a malicious token
   
   
2. Add a small amount of ETH as liquidity on a DEX (typically Uniswap v2)
   
   
3. Simulate organic interest by trading the token across wallets they control
   
   
4. Wait for a victim. If none bite, pull the liquidity and start over
   
   

The economics are trivial: deploying a token and spinning up a fake market costs next to nothing. That means a single attacker can repeat this thousands of times per month.

One Cluster = 19,000+ Scam Tokens

To quantify the scale, we did more than just identify individual malicious tokens, we looked for similarities across token contracts to uncover broader patterns.

What we found:

• A handful of contract deployers are responsible for the majority of hard rug pulls
  
  
• These contracts can be grouped into five major clusters based on shared traits
  
  
• The largest cluster alone included over 19,000 tokens
  
  

This isn’t a few bad apples. It’s an industrialized scam economy built on automation and scale.

Why Uniswap v2?

Uniswap v2 seems to be the preferred DEX for these malicious actors. Why? Simplicity and compatibility. Many rug pulls are pre-packaged for v2, where the older architecture makes it easier and faster to spin up a pool and execute an attack without needing to adapt to the liquidity mechanics of v3 or v4.

We expect attackers to continue using whichever tools offer the lowest friction and highest speed, unless active defenses make the cost of exploitation meaningfully higher.

What This Means for the Ecosystem

Base isn’t alone. We expect similar trends on any L2 or sidechain that offers:

• Low gas fees
  
  
• Easy token deployment
  
  
• Minimal detection and deterrence mechanisms
  
  

This isn't just a security issue, it’s an ecosystem integrity issue. Every rug pull erodes trust in the chain, the DEX, and the broader crypto economy.

What Can Be Done?

This is exactly the kind of problem Forta’s Firewall is designed to stop. By detecting malicious behavior before a token gains traction, protocols and chains can:

• Prevent scams from taking off
  
  
• Throttle malicious actors at the source
  
  
• Protect users automatically
  
  

We’re continuing to expand our monitoring across Base and other chains, and we’re eager to work with any ecosystem teams looking to raise their security baseline.

Want to learn more or collaborate? Get in touch or learn more to see how we’re building proactive security for Web3.