DeFi is an intriguing industry with the potential to radically alter the financial landscape by making the most lucrative opportunities accessible to everyone, wherever in the world.
Yet, this also appears to be an attractive field for various forms of fraud. Losses are frequently irreversible as all transactions are anonymous, and no middlemen exist. Rug pulls are the most typical types of crypto scam, where the developers release new tokens amid much fanfare but then vanish with the money.
Based on historical data, 2022 is the worst year for crypto fraud, with 120 scam incidents. When compared to 2021, this figure reflects a 28% increase. Notwithstanding this alarming figure, all losses in 2022 were less than half of the $4.6 billion recorded in 2021.
Yet, the more widespread the crypto market becomes, the better informed the investors become. To make the year 2023 less negative-type eventful and rife with scams, we will cover the most frequent rug pull project patterns and help you detect them to avoid becoming a victim.
Rug pull refers to a new type of scam in the cryptocurrency sector. This term is associated with the phrase “pulling the rug out.” It occurs when a developer uses misleading or outright false information to entice investors into a new cryptocurrency project and then disappears, leaving those investors holding worthless currency.
Rug pulls are usually common in decentralized financial initiatives that advertise innovations disrupting businesses like banking and insurance. Recently, they have entered the NFT industry too.
There are two basic patterns of rug pulls:
With a hard rug pull, developers trick investors by incorporating secret elements into smart contracts. For instance, users may be unable to access their assets after investing in a project. This traps them within the project and gives fraudsters complete control over their tokens.
Soft rug pull is frequently of a “pump and dump” style. Users can leave the project at any time, but many are terrified of losing significant profits and choose to stay until the project’s developers have left with all the money.
Although rug pulls are notoriously careless, the scheme still needs careful preparation. For this scam to work, fraudsters must first register a new cryptocurrency using a decentralized exchange (DEX), such as Uniswap or Sushiswap. Users can issue their own tokens on these networks without undergoing any verifications or audits.
Making a new, legit token requires significant effort. On the contrary, it requires little work to make a fake coin that should only last for a few weeks.
Most people who engage in rug pull simply steal the source code of existing coins and modify it slightly. Once the network is up, the team behind the new cryptocurrency will fill the liquidity pool before launching a full-scale marketing campaign.
They would shout from the rooftops about how promising their cryptocurrency is, urging you to get on the train before it explodes. This usually happens during the presale phase. These presales typically last for several months, when the developers will attract investors with generous giveaways and tempting price increase predictions.
Naturally, nobody likes to pass up an opportunity, let alone one, to become wealthy, raising FOMO in them.
Additionally, scammers would link a malicious coin with a famous one, such as Ethereum, to remove all doubt. It’s a classic associational tactic used to win over investors.
People would ultimately begin exchanging for the new token, and when its value increases, the scammers would drain the liquidity pool and disappear.
The whole thing happens so quickly and quietly that you won’t even notice your money has vanished. Usually, rug pulls occur in the first few days once the project launches on the exchange.
Rug pulls in cryptocurrency typically take one of three forms: liquidity stealing, limited selling, or dumping. Let’s take a closer look at each.
When token creators remove all of their coins from the liquidity pool, this is known as “liquidity stealing.” This eliminates all the investor-added value to the currency, reducing its worth to zero.
Limiting sell orders is another sneaky approach for a shady developer to cheat investors. In this case, the tokens are designed to be sold exclusively by the creator.
The next step is for developers to sit tight while waiting for retail investors to purchase their new crypto using paired currencies.
Currencies that have been “paired” for trading purposes are those that have been set up against one another. As the market shows signs of improvement, they sell their holdings, leaving behind a token with no value.
The term “dumping” refers to the practice in which developers hurriedly liquidate their own big holdings of tokens. As a result, the coin’s value drops, and the surviving investors end up with nothing. In most cases, “dumping” happens after widespread marketing on social media. A pump-and-dump scheme causes a price increase and subsequent drop.
Dumping is more morally ambiguous than other crypto rug pull schemes. It is not unethical for cryptocurrency developers to trade in their own creations. However, the question of how ethical dumping is boils down to how much and how quickly a coin is sold.
Even though fraud schemes evolve and get more complicated over time, common patterns do exist. Following, we list six major red flags that make it easy to spot rug pulls.
While making crypto investments, thinking about the teams behind the initiatives is essential. Do members of the crypto community recognize the creators and backers? Precisely what is their backstory like? If the development team has been doxxed but isn’t well-known, do they still appear legitimate and capable of delivering on their promises?
Investors should treat new and readily forged social media accounts and profiles with suspicion. You can tell a lot about the reliability of a project by looking at its whitepaper, website, and other promotional materials.
While many successful crypto initiatives’ developers remain anonymous, which is practically the critical characteristic of the crypto projects, it’s still risky to fully trust a new ICO with unknown people behind it.
One of the simplest methods to detect a fraudulent cryptocurrency from a legal one is to determine if the currency has liquidity locked. Nothing prevents the project developers from fleeing with the whole quantity of liquid assets without a liquidity lock on the token supply.
Time-locked smart contracts ensure the token’s liquidity for three to five years after issuance. Developers can set their own time locks using custom scripting, but third-party lockers offer more security.
Investors should also verify the locked-up proportion of the liquidity pool. The utility of a lock is proportional to the size of the liquidity pool it protects. This percentage, also called the total value locked (TVL), needs to be between 80% and 100%.
A malicious actor can code a token so that only specific types of investors can sell it. Limitations on distribution are indicative of a scam project.
Determining if fraudulent behavior exists might be challenging as selling limitations are hidden in the project’s code. One strategy is to buy a minimal quantity of the new coin and then try to sell it right away. The endeavor is likely a scam if there are challenges reselling the recently acquired item.
If something looks too good to be true, then it probably is. If the yields for a new coin seem suspiciously high, but it doesn’t turn out to be a rug pull, it’s likely a Ponzi scheme, which is nowhere better than a rug pull.
Usually, the Ponzi scheme refers to an investment scam that pays returns to the earliest investors with the funds raised from the later investors. As it becomes difficult to recruit new investors or when many existing investors withdraw their funds, these schemes typically fail.
Therefore, while tokens promising triple-digit annual percentage yields (APY) might not always be a fraud, the large returns typically come with great risk.
If the value of a new cryptocurrency suddenly spikes by a large amount, you should be wary. This is especially a sad reality if there is no locked liquidity for the token. Massive price increases in brand-new DeFi coins usually indicate a coming “dump.”
If a coin’s price fluctuation seems suspicious, investors can verify its circulation with a block explorer. With only a handful of users holding the token, the price can easily be manipulated. If only a small group of people are holding the tokens, a few “whales” can quickly and easily dump their holdings, causing significant damage to the coin’s value.
It is common practice for new cryptocurrencies to have their code audited by an independent, trusted party before release.
But, potential investors shouldn’t take the development team’s word that an audit has been conducted. A third party should be able to confirm that the audit was conducted and that no harmful code was discovered. The report should also be available online for everyone.
Overall, if you notice these patterns from any ‘exciting’ project, don’t be naive – research well, ask questions, and save yourself and others from potential risks.
History repeats, and learning past cases can help us be more prepared for the future. Let’s look at some of the most shocking cases of rug pulls that bilked innocent investors out of millions.
OneCoin is among the largest Ponzi schemes in the history of the cryptocurrency market. The project’s backers could fleece more than $4 billion from naive backers. Some project leaders were subsequently jailed, while others vanished as the project progressed. Since there was no working blockchain infrastructure or payment system, OneCoin was never used for either trading or purchasing.
The Anubis DAO concept proposed a decentralized reserve currency supported by bond sales and fees paid to liquidity providers. The group did not have a website, but it did have a Discord server and a very popular Twitter account. In exchange for the ANKH token, the initial token sale brought in $60 million in ETH from investors. Twenty hours into the transaction, however, the investment pool funds disappeared after being transferred to an unauthorized recipient and were never recovered.
Another extreme case of a rug pull is the June 2021 StableMagnet event. The scammers used a library of code that differed from the one referenced in the code. The library’s code was unverifiable by either Etherscan or BscScan. Scammers could drain pairings because users were giving StableMagnet access to their accounts. The scammers used a backdoor in the smart contract to send more tokens to any wallet that had previously accepted StableMagnet. As a whole, the incident impacted over a thousand people and stole 27 million dollars.
Now that we know the typical methods used in rug pulls, we may take the following measures to avoid being victims:
Hard rug pulls are always illegal, whereas soft rug pulls are typically simply unethical, i.e., they do not breach any legal regulations.
According to the studies, 90% of tokens that use locking contracts end up being rug pulls or malevolent tokens.
Unlocked liquidity, irregular token allocation, and a lack of audits are frequent indicators of rug pulls.
After a crypto rug pull, unfortunately, it is pretty unlikely that you can reclaim your funds. This is because, in most cases, the creators have simply vanished after pocketing the money.
If you detect a crypto rug pull, you must cease investing immediately and alert the community. If you have lost money on the project, you can file a report with the appropriate authorities or take legal action.
The more naive we are, the more likely others will attempt to exploit us. Sadly, that’s a fact of life, even in the crypto world.
The good news is that as you gain experience, you’ll become less of a vulnerable target. Rug pulls typically target inexperienced investors. Of course, it doesn’t mean the rest of us won’t be affected. Even when everything seems to be going your way, losing every cent you invested is possible.
Thus, regular research and observation are the best strategies to avoid this disaster. Practice keeping an eye on the market and the performance of a new token before making any major purchases. Don’t let FOMO win, and think twice before making financial decisions.