How to Dodge a DeFi Rug Pull

发布于 Feb 24, 2022 | 部落格

defi-rug-pull-hacker-banner

The content of this webpage is not investment advice and does not constitute any offer or solicitation to offer or recommend any investment product.

If you’ve been dabbling in the DeFi space since 2020, chances are that you’ve been negatively impacted by a common crypto scam called a rug pull. 

As with any investment space, the cryptocurrency industry has attracted its fair share of malicious actors who attempt to scam or rob investors through deliberate ploys or exploits. While rug pulls can take you by surprise, that doesn’t mean that you can’t steer clear of them by maintaining a sound investment philosophy and practicing sufficient due diligence beforehand. 

This article breaks down how to spot a potential rug pull and avoid losing that hard-earned money.

How do rug pulls work?

A rug pull refers to a scam in the cryptocurrency industry where developers desert a project and make off with investor funds or dump their token holdings, thereby reducing liquidity for the whole project.

To begin, one or more founders initiate a cryptocurrency project and lure financial backers with the promise of lucrative crypto rewards and incentives. After sufficient capital arrives, the founders begin to pull out, taking all the investor funds with them.

Unfortunately, rug pulls are more common in the up-and-coming decentralized finance (DeFi) space. Due to the nature of decentralized exchanges (DEXs), any developer can create and list a project without prior vetting and auditing. Users will then choose to buy in if they believe it has value.

This, coupled with the fact that creating tokens using the ERC-20 standard and similar versions on other layer-1 networks is relatively easy, significantly lowers the entry barrier for scammers. Rug pulls are usually conceptualized and built within a short span of time, and unwitting investors can be duped by social media hype and the promise of massive gains.

We’ve outlined a list of classic rug pulls below, with tips on how to maintain your balance if you encounter one.

1. Liquidity heists

This is the most common type of rug pull. Since all cryptocurrency projects need to have a liquidity pool for the token to be tradeable, the project’s scam coin is paired with a legitimate token, usually Ether (ETH). Then it is listed on a DEX like Uniswap, Pancakeswap, or Sushiswap. 

The scam coin is generally created by copying and pasting the code of another token and changing a few lines. This is followed by a social media blitz for a project that will never materialize.

Often in these instances, the paired tokens are temporarily locked up, and investors are unable to sell for a period of time. When people start to buy into the new token, they exchange their legitimate tokens, which drives up the price. After it rises sufficiently, the scammers dump their tokens and make off with their ill-gotten gains in the form of the legitimate token.

2. Technical manipulation 

In the case of this type of crypto scam, the project developer will add a piece of code that prevents investors from being able to sell the scam token back to the exchange.

After the hype phase, the value of the scam token begins to peak, and investors are unable to sell their tokens and cash out. However, the developer will have created a personal backdoor that allows them to take the money and run.

3. Large stake, low integrity: the mint and move

In some scams the founder mints the scam token and gives themselves a large proportion or buys at a low pre-ICO cost. As investors are enticed to invest in the project through false value propositions, the value of the coin surges.

This type of project may put an emphasis on some kind of deliverable innovation, giving a veneer of plausible deniability to the scammer. Nevertheless, the stated offerings are fake, and the con job is in reality very similar to a liquidity heist.

When the value of the token gets to where the developer wants it to be, they will begin their withdrawals. These may take an incremental pattern. Ultimately, investors will be left holding the bag.

How to see the rug before it’s pulled out under you

Rug pulls are an innovative domain, with new techniques and iterations on existing tricks popping up all the time. However, if you learn the common indicators, you can often spot the stains on the carpet before it’s too late. Here is a list of what to look out for.

1. Sudden emergence from obscurity

When you come across a group of unknown developers claiming ties to industry heavyweights, you may be in the presence of a scam. It’s common for legitimate blockchain projects to build slowly in the crypto space, with a community that gradually accumulates behind them – very much the opposite of how a rug pull comes together overnight.

Fraudsters may also ride the coattails of pop-cultural phenomena, as was the case with the Squid Game token (SQUID), which rose in price astronomically before its founders jetted with $3.4 million, letting the token crash to nearly zero. Be wary of anything that appears too quickly out of the shadows and makes big claims.

2. Less liquidity than competitors

Checking on liquidity is a must before you invest. It’s typically easier with DeFi than with cryptocurrency projects. One way to check a project’s liquidity is to look at its trading volume over a 24-hour period. According to forkast, a general rule of thumb is that the trading volume should be at least 10% to 40% of the token’s total market cap.

You should also check for the total value locked (TVL), which is the total amount invested in a project. The lower the TVL, the more chances are it’s a scam project.

When liquidity is low, you will struggle to cash out your tokens from the project. It also sets up a situation where the developers can sway the price with ease.

3. No liquidity locks

In order to instill trust in the community, it is common practice for developers to step away from the project once it’s up and running. That way, there is no central authority behind the scenes controlling the liquidity pool, which is often inaccessible or entrusted to a third party. 

When the liquidity pool is locked, it prevents developers from stealing the tokens and rapidly reducing the project’s value. The longer the liquidity pool is locked, the lower the chance of a rug pull. 

4. No code audits

Code audits reassure the public that the project is authentic and secure. Legitimate cryptocurrency projects usually have regular security audits to check for bugs and malicious intent. 

However, if a project hasn’t undergone a code audit yet, it doesn’t necessarily mean that it’s a scam, but you should certainly do more research. Code audits are generally the norm on centralized crypto exchanges.

5. Naming manipulation

Native tokens of scam projects are sometimes named very similarly to legitimate cryptocurrency projects in order to confuse potential investors. This was the case with the scam project Compounder Finance, which chose a name very similar to legitimate DeFi platform Compound Finance. The developers of the scam project managed to drain over $10.8 million worth of cryptocurrency.

Key Takeaways

No matter what industry you’re investing in, there are always going to be individuals who will try to relieve you of your hard-earned money. But because the crypto space is still relatively new, it’s sometimes difficult to know what you’re getting yourself into when you invest in a new project. Perform due diligence, do your homework and ensure that you are always well informed and understand the technology and risks adequately.