Do you look at phenomenal returns in a short period in some of the cryptocurrencies and feel lured by them? But news regarding crypto rug pull scares you, and you take a back seat? In all possibilities, you may get apprehensive, because crypto rug pulls happen. To save your hard-earned money, it’s essential to be able to identify these scams and know how to avoid them.
Today, we find blockchain technology in various spheres of life- gaming, finance, music, technology, healthcare, etc. The vast potential of cryptocurrencies has attracted massive money into the ecosystem. The scammers too!
One popular way the scammers do it is by rug pulls. You may have heard of a recent popular one, the Squid Games Rug Pull. The coin’s market cap went down from two trillion to zero after the scam unraveled, and the scammers made 3.3 million dollars.
What is a rug pull?
A rug pull is when the scammers float a fake project, build hype around it, and pump up the token value. When naive investors flock to it, the scammers siphon off the money or rug pull it.
Project developers or scammers can do this in multiple ways. Some of these could be-
- creating backdoors in smart contract codes
- convincing people about the validity of a worthless coin and inflating its value
- not leaving any option for the investors to sell their coins
- pulling all valuable tokens out of a liquidity pool, among others.
Rug pulls mainly occur on decentralized exchanges as they require little verification. Centralized exchanges have stricter criteria, making it difficult for scammers to list a token that represents a fake project.
How Does a Rug Pull Happen?
Decentralized finance is the breeding ground for rug pulls. You may wonder why is that so? To understand this phenomenon, we need to know what a liquidity pool is and how it functions.
A liquidity pool is an automated market maker or an algorithm that runs a decentralized exchange. You can think of it as an order book in traditional stock markets. The only difference is an order book involves an intermediary, a liquidity pool doesn’t.
It runs on a smart contract that facilitates an automated trade, whether there is a buyer or seller at any given point or not. This facility becomes possible due to the availability of investor money in the liquidity pool, which is what it literally means.
A liquidity pool carries two currencies- let’s say, Ethereum and a Basic Attention Token. Investors earn a fee on the orders. Higher the liquidity provided, the higher the fee allocation to the investors. Liquidity pool creators attract investors with higher yields.
As more and more investors buy the basic attention token by giving away their Ethereum, the latter increases in the pool. The automated market maker balances out the total quantity. Ethereum goes up in quantity, and the basic attention token in the pool goes down.That gives a perfect opportunity for the scammer to rug pull the Ethereum. The investors are left with worthless other tokens.
There are various kinds of rug pulls. Let’s take a look at them-
Types of Rug Pulls
As mentioned above, developers create a liquidity pool that operates via an automated market maker. The pool works with two tokens- a valuable token and a worthless/scam token. The scammers make people believe in the project and create hype around the token.
As investors buy more of the worthless token by giving away their Ether, the volume of the worthless token goes up in the liquidity pool with the automated market maker. In this process, valuable tokens get locked up in the liquidity pool. The scammer now can siphon away the valuable token at any point in time and leave the investors with the worthless token.
Disabling the ability to sell tokens
In this type of rug pull, the developers write the code so that there is no way for the users to sell their tokens. Also, when an investor swaps their valuable token, they are giving the developers rights to sell their token. And the code is such that they cannot spend it, so they’re in a soup. When the coin price is high enough, the developers pull out the investors’ funds.
Developers Cashing Out
Here, the scammers come up with a fake project claiming it to be revolutionary or something big. Fake projects are usually ones to be launched or under development. The intent, however, is malicious. The developers acquire a significant amount of tokens at a low price initially. When the value goes up, the developers cash out.
Top 7 Crypto Rug Pulls In Defi
OneCoin (Over $4 B)
OneCoin is one of the biggest rug pulls in crypto history. The scammer rug pulled $4 bn via this scam between 2014 to 2016. The mastermind behind this scam was Ruja Ignatov. She launched the project in 2016 and hyped it as the “Bitcoin killer.” Several naive investors got fooled by it.
There was no token launch ever. The project was not based on blockchain technology, and there was no payment mechanism. The underlying project of the company was to sell course materials that turned out to be plagiarized. It also involved multi-level marketing wherein the course buyers would recruit new buyers.
According to reports, several project leaders, including the co-founder Sebastian Greenwood, were arrested, while Ruja and others disappeared.
Thodex (Over $2 B)
In April 2021, a Turkish exchange was abruptly halted. The founder fled away overnight, sweeping the investors’ $2 billion worth of cryptocurrencies.
Initially, the company put out a public statement saying the exchange is shut down for a while to handle a sales process. However, the CEO and founder Faruk Fatih Özer left Turkey with close to 0.4 million investors’ crypto funds.
Before it went offline, the trading volumes were in billions of dollars. It even ran a Dogecoin campaign a few weeks before its shutdown. It promised to give new registrants millions of free Dogecoins, but many users complained they did not receive any tokens.
AnubisDAO ($60 M)
AnubisDAO was launched in October 2021 as a fork of Olympus DAO. It promised to be the next significant dog-theme token that could replicate the success of Dogecoin and Shiba Inu. It had only a discord account and a Twitter account. Despite not having a website, it could gather 60 million dollars in its ICO. AnubisDAO distributed its native token ANKH in return for Ethereum.
In less than 24 hours, the liquidity in the pool was diverted to a different address. An investor offered a reward to anybody who could find the address to which the funds were diverted. A Twitter handle claimed it was a phishing attack; however, it was a clear rug pull.
Uranium Finance ($50 M)
Uranium is a DeFi platform on Binance Smart Chain. It is a Uniswap V2 fork, as per which subscribers get daily rewards.
The scam happened during a scheduled migration, which the Uranium team first termed as a hack. A bug carrying a calculation error was exploited to drain out the coins. It is also believed that anybody could have withdrawn the funds post upgradation to V2. The scammers even removed the project repository from Github.
Due to the nature of the entire episode, it was labeled as a rug pull by the project developers. Fifty million dollars were exposed to the migration and hence exploited.
Meerkat Finance ($31 M)
Lending protocol Meerkat Finance was launched on March 3, 2021, on Binance Smart Chain, only to be hacked a day later. The company claimed it was hacked; however, users alleged it was a rug pull. The scammer tweaked the contract to make the vault address their own. $31 million were stolen in a day. Its entire presence on the web was wiped out immediately after the scam, leaving users with no recourse to contact the developers. BSC said it would investigate the matter; however, nothing moved. Meerkat maintains that it was not a rug pull by an insider.
Arbix Finance ($10 M)
Arbix finance is a yield farming platform built on Binance Smart Chain. CertiK- a blockchain security firm- earlier this year identified it as a rug pull. The protocol runs on ARBX tokens.
In its revelation, the security firm explained that Arbix code has “mint() with onlyOwner function.” In simple words, the code allowed developers to mint ARBX tokens. It also stated that 10 million tokens were minted to eight addresses and 4.5 million to a single wallet, later dumped. The project’s website and social media vanished after the accusations.
CertiK advised the investors to stay away from the platform. Post the findings, the value of ARBX went down to zero.
Luna Yield ($10 M)
Luna Yield was a liquidity farming protocol based on the Solana launchpad SolPad. The crypto funds were moved from sol to ether and then to tornado cash service. The project owners suddenly withdrew their entire social media presence, website, etc., and vanished with $10 million.
An inquiry revealed that all the funds were diverted to the wallet of the project owner. The investors could not withdraw their unstaked funds as the pool value dipped to negative post the unearthing of the scam.
Common signs of rug pull happen
The project appeared overnight.
Legitimate cryptos and DeFi protocols will stay for years and usually develop over a long time. That’s not the case usually with scam projects. In the case of rug pulls, you will most likely see a lot of noise, big claims, and promises. Some may even try to capitalize on the latest themes, such as canine-based tokens. So, stay cautious whenever you see the hype and too good to be valid claims.
Trading volumes help in identifying the liquidity in crypto. In a low liquidity state, it is tough to convert the coin into cash, which makes it easy for the developer to manipulate the token’s price. The trading volume over 24 hours can tell you how much the liquidity is. A thumb rule applied by experts is that the trading volume should be at least 10 to 40 percent of the token’s market cap.
Credible and legitimate projects keep the liquidity locked in the blockchain or a trusted third party. This act builds trust among the users. It also prevents the developers or team members from stealing the liquidity and running away with it. Locked liquidity also enables token swapping, lending, and other activities to function smoothly. However, it is not easy to establish whether the liquidity is locked.
Low’ total value locked’ (TVL)
Another method to look for a legitimate crypto project is to check its TVL- the total value invested in any project. The more significant and more credible projects will have higher liquidity locked, for instance, Pancake Swap. Fake projects will have very low TVL, in a few thousand dollars. A rug pull is more likely to occur in new projects or those with lower TVL.
Disproportionate token distribution
Check out the distribution of tokens. If any tokens are held in the top five to ten wallets, that is not a good sign! You may use a blockchain explorer like Etherscan for this purpose. Twenty percent or more tokens in one wallet, or even if ten wallets hold 20 percent combined, you could be in for a rug. However, this may not be a full-proof check. Some scammers may be smart enough to spread out the holdings in multiple wallets to make it look real.
Low effort website and lacking social media presence
A website that looks very low on effort and carries little content and information about the project can generally be a scam. You may also see them sporting a “to be launched” or “coming soon” or “under maintenance” tag. The social media presence may also look dubious, with little engagement.
A white paper and the roadmap will also give you a fair idea of how genuine the project is. These documents should contain details of what the project is trying to accomplish, where it stands, and future projections. Scams will usually have thin documents with little information.
Any crypto project must carry an audit report by an independent agency. Most credible projects have multiple audit reports that vouch for their authenticity. However, just because a project has an audit report does not necessarily mean it’s clean. You must check the content of the audit report; there might be negative remarks by the auditors.
Also, the absence of an audit report does not automatically mean the project is not legit. Sometimes startups may not be able to afford the audit process. In such cases, you must read their other documents to conduct your due diligence.
How to avoid Rug Pull Scams in the DeFi projects
A prudent investor always conducts due diligence before investing in any project. It’s not wise to invest just due to the hype. One must look at all the signs mentioned above to be safe. There are various tools available to help you do the same Token Sniffer and Rug Doctor, to name a few. You can do an automated audit with Token Sniffer, and Rug Doctor will help you analyze the project’s code.
These tools will help you with the basics. For more sophisticated research, Etherscan and BSC explorer will help. Beyond the available tools, the best way is to put your brain into doing the research and making yourself aware. Here we’re listing down a few checks you must do to avoid rug pulls. Even though nothing is complete-proof, these checks will help minimize the risk.
One of the best ways to assess a project is to check its liquidity. Genuine projects will generally have a lot of liquidity locked in for a longer duration. It enables token swapping, lending, and other activities to function smoothly. And two, it prevents the scammers from wiping out the liquidity. Also, the bigger the liquidity pools, the better they are.
A tiny value liquidity pool is much easier to manipulate and raise the prices of a worthless token. It could also mean the developer doesn’t have much money to invest. The more prominent platforms will generally have the information on liquidity readily available.
Review Github, Whitepaper, and Social Media Channels
You can look for the project code on Github- the hub of crypto project codes. Also, it’s vital to check the company’s social media accounts, its project leads, and what content they are writing. Are they engaging in meaningful conversations and putting out any significant developments regarding the project? If not, and if it is just a fork of another successful project or catching on to the latest theme, be careful!
Confirm Team Credibility
One should look for the history and track record of the project owners. Their social media and internet presence will help in gauging their backgrounds. Try to engage with them on their social media accounts, professional emails, and websites. Look at the quality of their comments in public. Their connections will also give you a fair idea of where they stand.
Look at Holders and Listings on DEX Platforms
As highlighted earlier, an essential aspect is that the distribution of the tokens should not be in a few hands. If top holders sell off their tokens, the price will crash! Though this may not be a full-proof check. Some scammers may be smart enough to spread out the holdings in multiple wallets to make it look real.
It should also be listed and actively traded on multiple platforms.
Should You Still Invest in DeFi?
The DeFi industry is nascent but is undoubtedly a revolution in finance history. It eliminates the need for intermediaries and gives you power over your funds. Today, several banking operations are possible on DeFi platforms- staking, earning passive income, lending, savings, borrowing, etc. The negative part is that it’s more prone to scams like rug pulls because there is no central authority.
However, it does not mean that one should miss out on great opportunities in the DeFi world. It is the future, and many big organizations are adopting it. That makes it all the more important for the investors not to ignore it.
An investor should make use of the available tools to recognize potential scams. Moreover, they should conduct their research before investing in any token. One should study the underlying project to see if there is a strong business case the project is trying to accomplish.