Verify a decision

{"actor":"system:backfill","investigation_id":"a6572085-f452-40d1-b238-b9699664fdfe","kind":"publish","page_slug":"solana-token-2022-permanent-delegate-rug-pull-factory","published_at":"2026-05-28T03:48:01.182Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Solana Token-2022 Permanent Delegate Rug Pull Factory","sections":[{"content":"The Solana Token-2022 program introduced a suite of optional mint extensions, among them the PermanentDelegate extension. As described in Solana's official developer documentation, this extension 'assigns a delegate authority to the mint itself' and functions as 'a mint level authority that can authorize transfers and burns for any token account for that mint.' Critically, token account owners cannot revoke the permanent delegate from their own token accounts; the authority is irrevocable from the user side once set at mint creation. The extension must be initialized before the mint is created and is embedded immutably in the mint account data. In the context of fraud, scammers deploy tokens with themselves as the permanent delegate, allowing them to call a burn or transfer instruction on any holder's token account at any time without requiring the holder's signature or approval. The burn is executed through a standard on-chain instruction indistinguishable in block explorers from a user-initiated action unless the observer specifically checks the extension configuration of the mint.","heading":"Technical Mechanism","severity":"critical","sources":[{"credibility":1,"name":"Permanent Delegate — Solana Official Documentation","type":"official","url":"https://solana.com/docs/tokens/extensions/permanent-delegate"}]},{"content":"The exploit was first publicly disclosed on or around September 3–4, 2024, by Slorg, a member of Solana-based Jupiter's Core Working Group, via an X post describing the attack vector. Slorg's account described the victim experience as follows: 'Imagine you swap for a token and the wallet history confirms that you received it. But then you look inside and nothing shows up.' The specific documented case involved a user who swapped for a token named 'RED.' According to reporting by CoinPaper, CryptoTimes, and CoinSpeaker — all citing Slorg's disclosure and analyses by blockchain security firms Beosin and PeckShield — the creator of the RED token invoked the Permanent Delegate authority to burn all of the victim's tokens just seven seconds after the swap transaction was confirmed. The Solana blockchain provides no recourse mechanism for a victim to reverse or contest a burn executed by a legitimate mint-level authority.","heading":"First Public Disclosure and Documented Case","severity":"critical","sources":[{"credibility":2,"name":"Scammers Exploit Solana Token Feature to Burn Users' Crypto — CoinPaper","type":"news_article","url":"https://coinpaper.com/5295/scammers-exploit-solana-token-feature-to-burn-users-crypto"},{"credibility":2,"name":"Scammers Burn Solana Tokens Seconds After User Purchase — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2024/09/04/scammers-burn-solana-tokens-seconds-after-purchase/"},{"credibility":2,"name":"Solana Scammers Are Burning Tokens from Inside User Wallets — CoinSpeaker","type":"news_article","url":"https://www.coinspeaker.com/solana-scammers-burning-tokens/"},{"credibility":1,"name":"Scammers have found a way to burn tokens from inside Solana wallets — CoinTelegraph via TradingView","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:13ab18ce1094b:0-scammers-have-found-a-way-to-burn-tokens-from-inside-solana-wallets/"}]},{"content":"The Permanent Delegate exploit is not an isolated incident but a documented pattern at scale across the Solana ecosystem. RugCheck.xyz, a widely used Solana token safety scanner, has flagged the Permanent Delegate extension as a risk indicator and reports it appearing on a substantial fraction of newly launched tokens. The claim that over 40% of new Solana tokens carry this extension as of Q1 2026 originates primarily from a dev.to community post (which was not directly accessible for verification) and is reproduced by multiple secondary aggregator sources; this specific figure should be treated as alleged and low-confidence pending independent confirmation. Broader contextual data from Solidus Labs' 2025 Rug Pull Report provides verified scale: over 7 million tokens were deployed on Pump.fun between January 2024 and March 2025, of which 98.6% collapsed into pump-and-dump schemes, and approximately 93% of Raydium liquidity pools examined showed soft rug pull characteristics. A peer-reviewed academic study (SolRugDetector, arXiv:2603.24625) examining token issuance from January to June 2025 found that 76,469 out of 100,063 newly issued tokens (76.42%) exhibited rug pull behavior, with $151 million in quantifiable direct losses traced to 7,322 profitable addresses. That same study identified 78 large-scale fraud syndicates, some deploying 16 to 219 tokens each, confirming factory-scale operations.","heading":"Scale and Prevalence","severity":"critical","sources":[{"credibility":2,"name":"Solidus Labs 2025 Rug Pull Report: Solana Rug Pulls and Pump-and-Dumps","type":"research","url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"credibility":2,"name":"SolRugDetector: Investigating Rug Pulls on Solana — arXiv:2603.24625","type":"research","url":"https://arxiv.org/html/2603.24625v1"},{"credibility":2,"name":"SolRPDS: A Dataset for Analyzing Rug Pulls in Solana DeFi — arXiv:2504.07132 (CODASPY 2025)","type":"research","url":"https://arxiv.org/abs/2504.07132"},{"credibility":2,"name":"RugCheck.xyz — Solana Token Checker","type":"on_chain","url":"https://rugcheck.xyz/"}]},{"content":"Conservative loss estimates of $50 million or more in Q1 2026 alone, attributed specifically to Token-2022 Permanent Delegate extension abuse, are alleged in multiple aggregator sources and in an unverified dev.to community post that was inaccessible for direct verification. These figures should be treated as alleged and low-confidence. Verifiable figures from independent research provide context: the SolRugDetector academic study documented $151 million in traceable direct losses across 76,469 rug pull tokens in the first half of 2025 (encompassing all rug pull types, not exclusively Permanent Delegate abuse). The Solidus Labs report documented individual Raydium rug pulls ranging from under $732 at the 25th percentile to $1.9 million at the maximum, with a median of approximately $2,832, across hundreds of thousands of incidents. A class-action lawsuit filed in the U.S. District Court for the Southern District of New York against Pump.fun, Solana Labs, the Solana Foundation, and Jito Labs alleges cumulative investor losses of $4 to $5.5 billion across the broader Solana memecoin ecosystem.","heading":"Alleged Financial Losses","severity":"high","sources":[{"credibility":2,"name":"SolRugDetector: Investigating Rug Pulls on Solana — arXiv:2603.24625","type":"research","url":"https://arxiv.org/html/2603.24625v1"},{"credibility":2,"name":"Solidus Labs 2025 Rug Pull Report","type":"research","url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"credibility":2,"name":"Pump.fun and Solana: $5.5 Billion RICO Class Action Lawsuit — Crypto Valley Journal","type":"news_article","url":"https://cryptovalleyjournal.com/focus/legal-and-compliance/pump-fun-and-solana-5-5-billion-usd-rico-class-action-lawsuit-over-memecoin-platform/"},{"credibility":3,"name":"Solana's Permanent Delegate Burn Scam: Q1 2026 $50M Estimate — DEV Community (community post, unverified)","type":"community_report","url":"https://dev.to/ohmygod/solanas-permanent-delegate-burn-scam-how-token-2022-extensions-power-2026s-largest-automated-rug-4579"}]},{"content":"Security researchers and industry analysts have identified several distinct motivations for deploying the Permanent Delegate burn strategy. Blockchain security firms Beosin and PeckShield, both cited in September 2024 reporting, identified two primary models: the destruction-for-chaos model, in which scammers burn tokens to destabilize a token's community and trading market; and the supply manipulation model, in which scammers snipe a large proportion of the initial token supply, then burn tokens held by other users to artificially reduce reported circulating supply, elevate apparent scarcity, and inflate the token's quoted price on DeFi protocols in order to profit from related positions. The SolRugDetector research identified three distinct attack patterns across Solana rug pulls broadly: freeze authority abuse (461 tokens in the study sample), liquidity withdrawal (15,606 tokens), and pump-and-dump schemes (60,402 tokens). The Permanent Delegate burn approach can function independently of or in combination with liquidity withdrawal. The research also found evidence of 78 large-scale fraud syndicates with star and cluster organizational topologies, indicating coordinated professional operations rather than opportunistic individual actors.","heading":"Scammer Motivations and Attack Patterns","severity":"high","sources":[{"credibility":1,"name":"Scammers have found a way to burn tokens from inside Solana wallets — CoinTelegraph via TradingView","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:13ab18ce1094b:0-scammers-have-found-a-way-to-burn-tokens-from-inside-solana-wallets/"},{"credibility":2,"name":"SolRugDetector: Investigating Rug Pulls on Solana — arXiv:2603.24625","type":"research","url":"https://arxiv.org/html/2603.24625v1"},{"credibility":2,"name":"Scammers Exploit Solana Token Feature to Burn Users' Crypto — CryptoRank","type":"news_article","url":"https://cryptorank.io/news/feed/0cf43-scammers-exploit-solana-token-feature-to-burn-users-crypto"}]},{"content":"It is alleged in community-sourced reporting, principally the unverified dev.to post, that the factory-scale creation of scam tokens bearing the Permanent Delegate extension contributed to measurable Solana network degradation in March 2026. Independent verification of this specific claim was not possible: the Helius.dev Solana outage history article, a credible technical reference, documents Solana's incident history only through August 2024 and notes the network had achieved over one year without a major outage as of that date. The Solana Status page and available Q1 2026 reporting did not yield verifiable evidence of a network degradation event specifically attributable to scam token factory activity in March 2026. This claim remains alleged and low-confidence. Separately, Solana has previously experienced verified network performance issues caused by bot spam and high-volume token launch activity, most notably during the April 2024 meme coin launch surge and a documented February 2024 five-hour outage caused by a program execution bug, establishing that the network is susceptible in principle to transaction spam-driven congestion.","heading":"Network-Level Impact (Alleged)","severity":"medium","sources":[{"credibility":2,"name":"A Complete History of Solana Outages — Helius Dev Blog","type":"research","url":"https://www.helius.dev/blog/solana-outages-complete-history"},{"credibility":3,"name":"Solana's Permanent Delegate Burn Scam: Network Degradation Claim — DEV Community (community post, unverified)","type":"community_report","url":"https://dev.to/ohmygod/solanas-permanent-delegate-burn-scam-how-token-2022-extensions-power-2026s-largest-automated-rug-4579"},{"credibility":2,"name":"Solana Has a Spam Problem — Blockworks","type":"news_article","url":"https://blockworks.co/news/solana-spam-problem"}]},{"content":"Jupiter, the dominant DEX aggregator on Solana, and RugCheck.xyz both added indicators to flag when the Permanent Delegate extension is active on a token, as confirmed in September 2024 reporting. Slorg explicitly advised users to read all text presented during token swaps as part of due diligence. The broader tooling ecosystem has expanded: RugCheck.xyz, SolSniffer, and DEXTools each provide risk scoring that includes Token-2022 extension checks. However, the fundamental exposure remains: most retail-facing wallets and automated trading bots do not surface Token-2022 extension information by default. The Permanent Delegate configuration is not visually prominent in standard wallet interfaces and requires a user to independently query the token's mint account or use a dedicated scanner before executing a swap. The academic SolRugDetector study noted that rug pull tokens on Solana exhibit median lifespans under one hour, with the majority of DeFi interactions occurring on the day of creation, making pre-trade verification the only viable protection window.","heading":"Detection Tools and Ecosystem Response","severity":"high","sources":[{"credibility":1,"name":"Scammers have found a way to burn tokens from inside Solana wallets — CoinTelegraph via TradingView","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:13ab18ce1094b:0-scammers-have-found-a-way-to-burn-tokens-from-inside-solana-wallets/"},{"credibility":2,"name":"RugCheck.xyz — Solana Token Checker","type":"on_chain","url":"https://rugcheck.xyz/"},{"credibility":2,"name":"SolRugDetector: Investigating Rug Pulls on Solana — arXiv:2603.24625","type":"research","url":"https://arxiv.org/html/2603.24625v1"},{"credibility":3,"name":"How to Check If a Solana Token Is a Scam (2026 Guide) — DailyCoinPost","type":"other","url":"https://dailycoinpost.com/how-to-check-if-a-solana-token-is-a-scam-2026-guide/"}]},{"content":"No regulatory action specifically targeting the Token-2022 Permanent Delegate rug pull pattern by the SEC, CFTC, or DOJ was identified in available sources. The broader Solana memecoin fraud environment has attracted regulatory attention: the Solidus Labs 2025 Rug Pull Report notes that in February 2025 the SEC's Division of Corporate Finance issued a statement clarifying memecoins' regulatory status, and in March 2025 the SEC established a Cyber and Emerging Technologies Unit; in April 2025, DOJ Deputy Attorney General Todd Blanche prioritized digital asset scam prosecutions. In March 2025, New York State lawmakers proposed legislation to criminalize code-based fraud. A RICO class-action complaint filed in the U.S. District Court for the Southern District of New York, permitted to proceed by Judge Colleen McMahon in a December 9, 2025 order, names Pump.fun, Jito Labs, the Solana Foundation, Solana Labs, and related executives, alleging coordinated insider advantage and estimated losses of $4 to $5.5 billion. This suit does not specifically target the Permanent Delegate mechanism but addresses the same broader ecosystem of alleged systematic fraud on Solana.","heading":"Regulatory and Legal Context","severity":"high","sources":[{"credibility":2,"name":"Solidus Labs 2025 Rug Pull Report: Regulatory Timeline","type":"research","url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"credibility":2,"name":"Pump.fun and Solana: $5.5 Billion RICO Class Action — Crypto Valley Journal","type":"news_article","url":"https://cryptovalleyjournal.com/focus/legal-and-compliance/pump-fun-and-solana-5-5-billion-usd-rico-class-action-lawsuit-over-memecoin-platform/"},{"credibility":2,"name":"MEV Lawsuit Against Pump.fun, Solana Heats Up — Unchained Crypto","type":"news_article","url":"https://unchainedcrypto.com/mev-lawsuit-against-pump-fun-solana-heats-up/"},{"credibility":2,"name":"Solana, Pump.fun Execs Sued — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/solana-execs-sued-over-memecoin-trades/"}]}],"sources_used":[{"credibility":1,"name":"Permanent Delegate — Solana Official Documentation","type":"official","url":"https://solana.com/docs/tokens/extensions/permanent-delegate"},{"credibility":1,"name":"Scammers have found a way to burn tokens from inside Solana wallets — CoinTelegraph via TradingView","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:13ab18ce1094b:0-scammers-have-found-a-way-to-burn-tokens-from-inside-solana-wallets/"},{"credibility":2,"name":"Scammers Exploit Solana Token Feature to Burn Users' Crypto — CoinPaper","type":"news_article","url":"https://coinpaper.com/5295/scammers-exploit-solana-token-feature-to-burn-users-crypto"},{"credibility":2,"name":"Scammers Burn Solana Tokens Seconds After User Purchase — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2024/09/04/scammers-burn-solana-tokens-seconds-after-purchase/"},{"credibility":2,"name":"Solana Scammers Are Burning Tokens from Inside User Wallets — CoinSpeaker","type":"news_article","url":"https://www.coinspeaker.com/solana-scammers-burning-tokens/"},{"credibility":2,"name":"Scammers Exploit Solana Token Feature to Burn Users' Crypto — CryptoRank","type":"news_article","url":"https://cryptorank.io/news/feed/0cf43-scammers-exploit-solana-token-feature-to-burn-users-crypto"},{"credibility":2,"name":"Solidus Labs 2025 Rug Pull Report: Solana Rug Pulls and Pump-and-Dumps","type":"research","url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"credibility":2,"name":"SolRugDetector: Investigating Rug Pulls on Solana — arXiv:2603.24625","type":"research","url":"https://arxiv.org/html/2603.24625v1"},{"credibility":2,"name":"SolRPDS: A Dataset for Analyzing Rug Pulls in Solana DeFi — arXiv:2504.07132","type":"research","url":"https://arxiv.org/abs/2504.07132"},{"credibility":2,"name":"Pump.fun and Solana: $5.5 Billion RICO Class Action — Crypto Valley Journal","type":"news_article","url":"https://cryptovalleyjournal.com/focus/legal-and-compliance/pump-fun-and-solana-5-5-billion-usd-rico-class-action-lawsuit-over-memecoin-platform/"},{"credibility":2,"name":"MEV Lawsuit Against Pump.fun, Solana Heats Up — Unchained Crypto","type":"news_article","url":"https://unchainedcrypto.com/mev-lawsuit-against-pump-fun-solana-heats-up/"},{"credibility":2,"name":"Solana, Pump.fun Execs Sued — DL News","type":"news_article","url":"https://www.dlnews.com/articles/defi/solana-execs-sued-over-memecoin-trades/"},{"credibility":2,"name":"A Complete History of Solana Outages — Helius Dev Blog","type":"research","url":"https://www.helius.dev/blog/solana-outages-complete-history"},{"credibility":2,"name":"Solana Has a Spam Problem — Blockworks","type":"news_article","url":"https://blockworks.co/news/solana-spam-problem"},{"credibility":2,"name":"RugCheck.xyz — Solana Token Checker","type":"on_chain","url":"https://rugcheck.xyz/"},{"credibility":3,"name":"Solana's Permanent Delegate Burn Scam — DEV Community (community post, unverified; returned 404 during investigation)","type":"community_report","url":"https://dev.to/ohmygod/solanas-permanent-delegate-burn-scam-how-token-2022-extensions-power-2026s-largest-automated-rug-4579"}],"summary":"An industrial-scale pattern of fraud on the Solana blockchain exploits the Token-2022 Permanent Delegate extension, a legitimate feature that grants a mint-level authority the unconditional ability to burn or transfer any holder's tokens without their signature. First publicly documented in September 2024 by a Jupiter Core Working Group member, the exploit has since scaled into an automated rug pull factory pattern where scammers burn victim tokens seconds after purchase. RugCheck.xyz identifies the Permanent Delegate extension as a significant risk indicator on a substantial fraction of newly launched Solana tokens.","timeline":[{"date":"2022-01-01","event":"Solana Labs introduces the Token-2022 program with optional mint extensions, including the PermanentDelegate extension, intended for use cases such as regulatory compliance and automated payment recovery.","source":"Solana Official Documentation","source_url":"https://solana.com/docs/tokens/extensions/permanent-delegate"},{"date":"2024-03-01","event":"SLERF meme coin developer accidentally burns 50,000 SOL (approximately $10 million) using burn authority after revoking mint authority, demonstrating the irreversible nature of token burns on Solana and raising public awareness of token-level authorities.","source":"CoinSpeaker — Solana Scammers Are Burning Tokens from Inside User Wallets","source_url":"https://www.coinspeaker.com/solana-scammers-burning-tokens/"},{"date":"2024-02-06","event":"Solana mainnet halts for approximately five hours due to a program execution bug, the most recent confirmed major outage prior to 2025.","source":"Helius Dev Blog — A Complete History of Solana Outages","source_url":"https://www.helius.dev/blog/solana-outages-complete-history"},{"date":"2024-09-03","event":"Slorg, a Jupiter Core Working Group member, publicly discloses on X that scammers are exploiting the Token-2022 Permanent Delegate extension to burn victim tokens seconds after purchase. Documents the RED token case in which a user's tokens were burned seven seconds after a confirmed swap.","source":"CoinTelegraph via TradingView — Scammers have found a way to burn tokens from inside Solana wallets","source_url":"https://www.tradingview.com/news/cointelegraph:13ab18ce1094b:0-scammers-have-found-a-way-to-burn-tokens-from-inside-solana-wallets/"},{"date":"2024-09-04","event":"Blockchain security firms Beosin and PeckShield confirm and analyze the Permanent Delegate exploit. CoinTelegraph, CoinPaper, CryptoTimes, and CoinSpeaker publish coverage. Jupiter and RugCheck.xyz add Permanent Delegate extension indicators to their interfaces.","source":"CryptoTimes — Scammers Burn Solana Tokens Seconds After User Purchase","source_url":"https://www.cryptotimes.io/2024/09/04/scammers-burn-solana-tokens-seconds-after-purchase/"},{"date":"2025-02-27","event":"SEC Division of Corporate Finance issues statement clarifying regulatory treatment of memecoins, acknowledging the broader Solana meme coin fraud environment without directly targeting the Permanent Delegate mechanism.","source":"Solidus Labs 2025 Rug Pull Report","source_url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"date":"2025-03-01","event":"New York State lawmakers propose legislation to criminalize code-based fraud on blockchain platforms. SEC establishes Cyber and Emerging Technologies Unit.","source":"Solidus Labs 2025 Rug Pull Report","source_url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"date":"2025-04-07","event":"DOJ Deputy Attorney General Todd Blanche publicly prioritizes digital asset scam prosecutions.","source":"Solidus Labs 2025 Rug Pull Report","source_url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"date":"2025-05-01","event":"Solidus Labs publishes 2025 Rug Pull Report, finding 98.6% of Pump.fun tokens and 93% of Raydium pools exhibited rug pull or pump-and-dump characteristics across over 7 million tokens analyzed from January 2024 to March 2025.","source":"Solidus Labs 2025 Rug Pull Report","source_url":"https://www.soliduslabs.com/reports/solana-rug-pulls-pump-dumps-crypto-compliance"},{"date":"2025-12-09","event":"U.S. District Court Judge Colleen McMahon (SDNY) grants plaintiffs permission to amend and refile a RICO class-action complaint against Pump.fun, Jito Labs, the Solana Foundation, Solana Labs, and related executives, with alleged losses of $4 to $5.5 billion.","source":"Pump.fun and Solana: $5.5 Billion RICO Class Action — Crypto Valley Journal","source_url":"https://cryptovalleyjournal.com/focus/legal-and-compliance/pump-fun-and-solana-5-5-billion-usd-rico-class-action-lawsuit-over-memecoin-platform/"},{"date":"2026-01-01","event":"Academic research (SolRugDetector, arXiv:2603.24625) covering January–June 2025 identifies 76,469 rug pull tokens out of 100,063 newly issued tokens (76.42%), $151 million in traceable direct losses, and 78 large-scale fraud syndicates on Solana, providing quantitative confirmation of factory-scale automated fraud operations.","source":"SolRugDetector: Investigating Rug Pulls on Solana — arXiv:2603.24625","source_url":"https://arxiv.org/html/2603.24625v1"}]},"v":1}