Cryptocurrency is defined by rapid innovation. While this has allowed the space to quickly capture a large pool of legitimate value, it has also opened the door to scammers and fraudsters. Using technical jargon and false fronts as a trojan horse, these individuals have been able to pilfer billions of dollars from innocent users. Such acts are formally called “rug pulls” by those in the crypto community.
It’s difficult to arrive at a precise number of users who have fallen victim to rug pulls. However, it is estimated that two million individuals, across 117,000 projects, lost funds to such schemes in 2022 alone. The success of those commanding rug pulls is due, in part, to users’ lack of education on the topic. Not everyone knows what a rug pull looks like, or even what they are, generally speaking.
The following defines what a rug pull is, and offers some characteristics typical of projects that seek to take advantage of their communities for financial gain.
What is a rug pull?
This is an all-encompassing term that includes a spectrum of scams perpetrated by malicious project creators. Two common types of rug pulls are exit scams, and pump and dump schemes.
Exit scams: a tactic where project founders and their inner-circle create and elevate a fake project, only to disappear once the community has bought into it.
Pump and dump schemes: a scam where project founders and their inner-circle hoard the supply of a token, hype it so the community buys in, then dump all of their tokens on new buyers at a high price.
In each of these scenarios, founders work to build buzz, and inflate the value of the tokens they have created. They do so with the intent of abandoning the project, and the community around it, in return for financial gain.
Characteristics of rug pulls for which to look out
There are many features of rug pulls, and tactics used can vary. As the space evolves, new scams come into existence, and old ones fade into irrelevance. Nonetheless, the following list identifies some rug pull foundations, as well as popular methods used by those behind them.
Poor communication
While not inherently malicious, receiving vague or unhelpful responses to community concerns can be the first sign of a much deeper problem. A lack of communication about project functionality, or an unsatisfactory explanation for its value proposition, can indicate the team is not planning to build their product with merit. In a worst case scenario, this could mean the project is just a front to bait users into buying soon-to-be worthless tokens.
As such, it’s worth re-evaluating your risk appetite when met with a founder or team member who isn’t willing to respond directly to honest questions. While there could be a good reason for the delay, a healthy dose of skepticism could be what ends up protecting your funds and/or information.
False and unfulfilled promises
Another example includes promises of utility or features that never see the light. A team that consistently fails to execute, or continually defers their goals can be letting their lack of conviction slip. While not a direct indication of malintent, there’s plenty of evidence such behavior is cause for concern.
During the DeFi boom that ran from 2020 to 2022, inflated yields were central to get-rich-quick schemes that often left users grasping at empty pockets. Rug pulls that occurred during this period made promises of excessive yield opportunities and financial gains, with seemingly no explicit tradeoffs.
However, nothing in the crypto ecosystem should be approached without first assessing its capacity for risk. Actions deemed “safe” such as providing liquidity (LP) or staking, each bear latent risk of asset reduction or dilution in overall APY if not properly understood. Therefore, seeking the most up-to-date knowledge and conducting ongoing research is encouraged to avoid entering unknowingly into financial precarity.
Counterfeit engagement
Whether it’s likes, follows, or full-on bot farms, fake engagement can also be worth flagging as a potential threat indicator. A project with merit will gain a community and scale organically. A project buying engagement can be compensating for its lack of utility or purpose.
A clue that shows a project is possibly buying engagement includes a high follower count and low interaction rates. For example, a project with 30,000 Twitter followers that only receives a couple hundred views per post could have inorganically obtained its audience.
Token supply
If the team is active and the community appears to be growing organically, the token supply allocation can be used as a more subtle hint of the project’s motive. The key question to ask around supply allocation is: do the founders and their inner circle control an outsized portion of the supply? While it’s not uncommon for some value to be retained, if developers are holding large amounts of 25% or more, that should raise concern.
Projects that have merit, bring value, and want to make a positive impact on the space will relinquish control over the supply. This means having as fair of a supply allocation as possible. Scammers, in contrast, will do the opposite.
No audits or fake audits
While not infallible, audits intend to ensure a project’s functionality is as safe and secure as possible. This can include checking for network vulnerabilities to prevent attacks, or rooting out backdoor functions that give creators control over user assets. Not consenting to an audit could suggest the project has malicious intent, or that it was reluctant to subject its consumer protections to rigorous vetting.
Even worse, possessing fake audit documentation reveals a direct effort to mislead potential participants. In this situation, it’s safe to be on guard against any further attempts at criminal activity.
If a project’s documentation looks questionable in any way, consult a trusted, third-party website to confirm its authenticity. OpenZeppelin and PeckShield are a couple examples of such services.
Conclusion
Rug pulls are a significant problem in the crypto space that have caused harm to millions of users. The approach of scammers is vast and ranges from simple engagement tactics, to generating false audit documentation. To avoid falling victim, it is essential to remain educated and stay current on industry best practices. This can include researching projects and their teams, and avoiding promotions that seem too good to be true. By being proactive and taking the necessary precautions, users can better protect themselves and mitigate unwanted risk.
Disclaimer: For information purposes only. Not investment or financial advice. Seek professional advice. Digital assets involve risk. Do your own research.
