It is pretty common for malicious attackers to infiltrate any booming digital technology, and decentralized finance (DeFi) has received its fair share of these scammers. One common way of looting people’s money is through rug pulls, luring unsuspecting victims to invest money into projects only to cart it away.
Decentralized finance (DeFi) is open-source and permissionless; hence, anybody can create a cryptocurrency project and list them on exchanges. While this is a good thing, bad players take advantage of this to pull these scams since these transactions are mediated by smart contracts, creating a high level of anonymity. There are several types of rug pulls; however, they all have similar mechanics; they lure investors in and pull out the liquidity, making all investors unable to sell, thereby running the cryptocurrency’s value to zero.
Rug pulls aren’t difficult to spot; in fact, it requires only a little expertise, albeit some manual effort from your end. This article teaches you all you need to know about identifying and avoiding crypto rug pulls.
What is a Rug Pull?
A rug pull is a common cryptocurrency scam that involves creating a new token, and marketing it to develop public interest, thereby pumping the price. Once the scammers have raised enough money from unsuspecting investors, they suddenly take out the majority of the crypto asset’s value in very few transactions (i.e., pulling the rug from under their feet), leaving them on the bare floor, with their investments gone.
Types of Rug Pulls
Currently, there are three common types of rug pulls. However, these aren’t the only ones you should be wary of; every day, scammers devise new methods of stealing money via DeFi. Hence, rug pulls can come in modified forms that could be slightly different from the ones listed below.
Before a cryptocurrency can be traded, i.e., before investors can buy or sell a new cryptocurrency, developers need to create a liquidity pool that contains the cryptocurrency paired with another existing cryptocurrency. For example, say the scam token is $SCAM, the liquidity pool could contain a SCAM/USDT pair, which allows back-and-forth trades.
So, for people to buy the $SCAM coin, they need to deposit USDT to the liquidity pool in exchange for $SCAM; as more people continue to buy the $SCAM token, it increases in value, and the liquidity pool gets bigger. Then, when the scammer is satisfied with the money they have made, they instantly take out all the USDT in the liquidity pool and transfer it into personal wallets, and the $SCAM token instantly loses all its value.
Without returning the value of liquidity lost, the $SCAM token can never return to its peak point; hence, the scam is practically irreversible.
Defi100 was one popular liquidity scam that robbed investors of $32million after removing the token’s liquidity and selling off everything.
Exit scams are similar to liquidity scams but with different mechanics. In an exit scam, the malicious developer leads unsuspecting investors to invest in tokens, which will be locked for a certain period; the scammer targets newbies and cajoles them that they can amass a lot of value and sell after a specific period; however, the tokens are only locked to the investors. Then, the scammer writes some malicious lines of code that enable them to sell tokens, but every other person cannot. Hence, after the scammer has made enough money from the public, he sells all the tokens, and the investors can only watch helplessly.
One common exit scam in 2021 was the “Squid game” $3.38million scam, which gained public appeal with the popular squid game movie that ended with only one winner – cheeky!
Pump and Dump (PnD) Scams
Like all other rug pulls, pump and dump scams are usually heavily marketed on social media, gaining public attention and getting many investors in a project that was simply designed for the developers to “cash out.” In PnD scams, the developer simply creates tokens and allocates a large percentage to themselves (sometimes in a couple of wallets) to avoid suspicion.
So, with aggressive marketing, many people buy the tokens with the promise of a revolutionary cryptocurrency with a roadmap that will never be acted upon. As soon as the scammer reaches their target, they will begin to sell their tokens; sometimes, they can sell off at once. At other times, they can sell off in batches so that the rug pull isn’t very evident. Regardless of the method used, the investors will be left with shattered hopes and tokens worth almost nothing.
Pump and dump scams are the most common, and several examples exist. However, one popular PnD scam was the Iron Finance TITAN scam that saw the token’s price dump from $60 to $0 after coordinated whale dumping.
The first two types of rug pull scams are referred to as hard scams because they are outright crimes. However, pump and dump scams are referred to as soft scams because they aren’t crimes but unethical.
How To Identify Rug pulls
Limited Information: Rug pulls are notorious for being rushed and often targeted at newbies; hence, they focus on the hype and may not publish enough information. For example,
- The project suddenly came up out of the blue without any background research leading to the project.
- The website may be poorly designed without any information.
- There may be no whitepaper or roadmap, or these may be copied from another project.
- Developers are anonymous and cannot be traced
- Social media page with bought followers and zero engagement.
Heavily Promoted by Crypto Influencers: Rug pulls use the FOMO (Fear of Missing Out) strategy to manipulate people into buying the tokens. In addition, they pay influencers on Twitter and YouTube (who may even be verified) to push these scam tokens, paying them for their marketing duties. As a result, there is usually loud energy that indeed pushes you and other social media users to check it out; however, this is only aimed at pulling investors in with enticing returns before pulling the rug.
Low Liquidity: Low liquidity usually signifies a lack of initial investment in a project. Hence, if a project doesn’t have a considerable investment from scratch, it is a pointer that the developer is acting alone or with only a few people, and hence could be scammers. Typically, successful DeFi projects have gotten grants from several investors that they can use to push the success of the cryptocurrency, but a coin with low liquidity can easily be a pump-and-dump scam.
Unlocked Liquidity: The liquidity pool of a DeFi protocol can be locked with proof on the blockchain. Developers usually do this to instill trust in investors. When liquidity is locked, it prevents the developers from stealing the tokens in the liquidity pool, hence, preventing a liquidity scam.
Limited selling: Sometimes, scammers write malicious lines of code to prevent investors from selling tokens. They may give some reasons for this, but it never ends well; if you can’t sell all of your tokens anytime you want, you are likely in an exit scam.
Astronomical Price movements with limited token holders: It is typical for pump and dump schemes to coordinate token purchases with small bits of organized purchases when the token is cheap, inducing an upward movement, albeit with only a few token holders.
Typically, the token could have only 1,000 holders, but with sustained upward movement and only a few red candles, this signifies the presence of a few wallets buying plenty of tokens when cheap to drive the price up while creating FOMO with aggressive marketing. In the end, many people’s greed will be triggered, and they will purchase these tokens, only to be dumped on.
Token Allocation: Pump and dump schemes notoriously leave a huge number of tokens in a single wallet or a series of wallets; alternatively, these wallets could buy them cheaply from the market, as explained above. A single wallet or a series of wallets having up to 40% of tokens is fishy, and if the number is as high as 70%, it is definitely a scam.
Ensure to juxtapose the token allocation in wallets with the tokenomics published in the whitepaper.
Zero Audits: To avoid rug pulls, newly launched cryptocurrencies undergo external audits by reputable third parties to ensure that nothing malicious is in the code. Ensure you can verify the audit yourself; do not take anybody’s word for it.
Important Precautions to Avoid Crypto Rug Pulls
Avoiding crypto rug pulls takes effort, especially if you want to “ape in” to new projects with the hope of being an early investor. However, it isn’t impossible; below are the necessary precautions to take.
Perform On-Chain Review: It is vital that you review the cryptocurrency’s metric via the blockchain; first, check if the token contract is verified; for example, if the token is launched on the Ethereum network, you can follow this procedure.
You must also check the holders’ chart on the network before investing in any cryptocurrency, as they provide information on how many tokens the deployers have; see an example below.
The deployer here has 71.5% of the token supply, meaning that if he liquidates his position, the token will tank.
Some deployers are smart enough to spread their tokens across a number of wallets. Still, with adequate scrutiny, you can always figure them out. It is best to investigate the transactions of the top token holders; if they only have only received tokens from a single wallet or the deployer’s wallet, then you should be alerted of a red flag.
Also, if the holders’ chart indicates a few numbers of holders (say under 3,000); however, there is steady upward price movement, you should be wary of induced pumps - a precursor for PnD scams
Request for LP Contract: Before investing in a project, request for their LP contract (proof of locked liquidity) in their community channel, maybe on Telegram, Discord, Reddit, etc. From the LP contract, you can see the number of tokens permanently and temporarily locked.
In the above project, it is evident that 64% of the Liquidity tokens are permanently locked into the null address 0x000...dEaD (which means that these tokens can never be withdrawn). Some of the other liquidity tokens are partially locked (with a contract sign), while the rest are unlocked.
L0cked liquidity reduces the chance of entering a liquidity scam.
- If you cannot read lines of codes, ensure that the token is audited by a reputable third-party
- Unfollow and block crypto influencers that shill coins for the sake of it
- Avoid FOMO
- Check the roadmap and whitepaper with plagiarism checkers to ensure that they aren’t copied
- Conduct adequate research on the team and the project.
Rug pull scams accounted for 37% ($2.8 billion) of all cryptocurrency scam revenue in 2021; hence, it is safe to say that rug pulls are prominent, and you need to be wary of them. Only you are responsible for your security in DeFi; hence, you must never forget to carry out routine checks before investing in any project. If you see any red flags, you should back off.