Existing Rug Pull detection methods analyze smart contract code or on-chain transactions in isolation, failing to capture synergistic malicious patterns between them. To address this, this paper proposes the first dual-graph collaborative detection framework that jointly models static semantic features of smart contracts and dynamic on-chain transaction behaviors. It constructs a semantic risk code graph and a transaction behavior graph, leveraging graph neural networks and multi-head attention mechanisms to explicitly model complex interdependencies between code vulnerabilities and market manipulation activities. Innovatively integrating declarative rules, flow-sensitive static analysis, and market manipulation feature extraction, the framework enables fine-grained risk perception. Evaluated on a manually annotated dataset, it achieves 95.3% precision and 93.8% recall. In real-world on-chain deployment, it identifies 4,801 Rug Pull tokens with 91% empirical accuracy, significantly outperforming unimodal baselines.

Rug pull scams have emerged as a persistent threat to cryptocurrency, causing significant financial losses. A typical scenario involves scammers deploying honeypot contracts to attract investments, restricting token sales, and draining the funds, which leaves investors with worthless tokens. Current methods either rely on predefined patterns to detect code risks or utilize statistical transaction data to train detection models. However, real-world Rug Pull schemes often involve a complex interplay between malicious code and suspicious transaction behaviors. These methods, which solely focus on one aspect, fall short in detecting such schemes effectively. In this paper, we propose RPhunter, a novel technique that integrates code and transaction for Rug Pull detection. First, RPhunter establishes declarative rules and performs flow analysis to extract code risk information, further constructing a semantic risk code graph (SRCG). Meanwhile, to leverage transaction information, RPhunter formulates dynamic token transaction activities as a token flow behavior graph (TFBG) in which nodes and edges are characterized from network structure and market manipulation perspectives. Finally, RPhunter employs graph neural networks to extract complementary features from SRCG and TFBG, integrating them through an attention fusion model to enhance the detection of Rug Pull. We manually analyzed 645 Rug Pull incidents from code and transaction aspects and constructed a ground-truth dataset. We evaluated RPhunter on our dataset, achieving a precision of 95.3%, a recall of 93.8% and an F1 score of 94.5%, which highlights superior performance compared to existing state-of-the-art methods. Furthermore, when applied to the real-world scenarios, RPhunter has identified 4801 Rug Pull tokens, achieving a precision of 91%.