Blockchain technology allows anyone to create a project from scratch, creating a constant supply of opportunities for investors. But with the Web3 space still largely unregulated, its sea of opportunity can sometimes be treacherous too. Rug pulls – a term for a scam that robs investors of their cash – are a pervasive problem in Web3. In 2023 alone, crypto rug pulls robbed users of an estimated $760 million globally. Moreover, it’s estimated that to this day users have lost over $27 billion to rug pulls.
Understanding how to identify and avoid these crypto scams is crucial for safeguarding your crypto assets. In this article, we’ll answer the question “what’s a rug pull”, unpack the mechanics behind a rug pull and give you 3 tips to avoid the scam.
A crypto rug pull is a type of scam that sees developers create a project or token to attract investors, and then take the invested funds dishonestly, leaving the project’s community with worthless tokens.
The term “rug pull” is derived from the expression “pulling the rug out,” which means to suddenly and unexpectedly withdraw support. While the term has long been used to describe traditional frauds, it is now heavily associated with the Web3 and crypto space, due to the prevalence of scams.
Scammers usually perform a rug pull through two primary methods: exit scams and token programming scams. The goal of both is to deceive investors and steal their cryptocurrency.
In an exit scam, the scammers promote a non-existent or fraudulent project, creating false hype to attract investments. They often use deceptive marketing tactics, including fake endorsements and exaggerated claims to lure in investors. Once they accumulate enough funds, the team disappears, taking the investors’ money with them.
The OneCoin scam is one of the most notorious exit scams in crypto history. The project claimed to offer a revolutionary cryptocurrency but had no actual blockchain technology behind it. It is estimated that investors lost billions of dollars when the founders vanished with the funds.
Token programming scams involve manipulating the code of a token to restrict its use or benefit the scammers. This can include coding functions that prevent investors from selling their tokens, giving the developers disproportionate control, or automatically redirecting tokens to the scammers’ wallets.
The Squid Game token scam involved a token inspired by the popular TV show of the same name. The developers programmed a honeypot token so that investors could buy but not sell, effectively trapping them. This resulted in an ever-increasing price of the token, which attracted even more investors due to fear of missing out. The developers then cashed out, causing the token’s value to plummet.
The mechanics of an exit scam are straightforward and they often involve price and token manipulation. A classic exit scam normally follows the same pattern:
With an exit scam, the malicious party is essentially stealing funds from investors and providing nothing but useless tokens. In some cases, since the project is completely abandoned by the developers, investors might decide to keep the project going and turn it into a community.
However, despite following some similar patterns, not all exit scams are the same. Here are some of the key characteristics of an exit scam that you should look out for:
Token programming scams exploit the underlying code to scam investors. These scams are made possible thanks to the smart contract behind the token, which is programmed with an exploit buyers aren’t aware of when they buy in.
In a honeypot scam, the code is deliberately designed to prevent investors from ever selling their tokens after purchase. This restriction effectively traps the investor funds within the token, making it impossible to liquidate the asset. Scammers might also implement a mandatory holding period in the smart contract. This prevents you from selling your tokens for the period following the purchase.
Scammers falsely claim they have renounced ownership of a token’s smart contract to appear decentralized. In the meantime, they secretly retain control over sensitive functions, allowing them to manipulate the project for their benefit.
Scammers can program a token contract to allow themselves the ability to mint new tokens at any time, effectively inflating the supply. This can significantly devalue the currency, as the sudden influx of new tokens dilutes the value of existing ones. Scammers can continue to mint tokens and sell them, flooding the market and crashing the price.
Some malicious projects implement hidden fees within the smart contract code, which are deducted from investor transactions. These fees can be excessive and are often not disclosed upfront, leading to a siphoning of funds with every transaction. In the worst cases, hidden transaction fees can reach 100%.
Developers can include hidden code in the smart contract that allows them to edit users’ balances or transfer tokens from a user’s wallet to their own. This functionality enables developers to manipulate token distributions and drain assets from investors, giving the scammers full control over the project.
The code of a scam token may include transfer locks, which restrict the transfer of tokens to specific addresses or wallets. This gives developers control over who can trade or move the tokens. The developers can use these locks to orchestrate market manipulation or prevent large sell-offs that would expose the scam early.
Some rug pulls are crafted so well that they’ll fool more than one investor. You can take three important steps to keep yourself safe and detect potential rug pulls.
Before you decide to invest in a cryptocurrency project, make sure you’ve read everything about it. This includes reading the project’s whitepaper to understand the technology behind it and its reason for being.
Ask yourself whether the project is needed, and whether there’s a potential market for it. Find out more about the team, who they are, what other projects they’ve worked on and their reputation within the community. Joining the project’s social channels is also a great idea, giving you the chance to get a feel for the community and pose direct questions to the devs.
If any of these elements are missing (unknown devs, no whitepaper, etc.), there might be some cause for concern.
If the project and the team behind it both seem promising, your next best step is to understand the tokenomics. This involves analyzing how the project’s tokens are distributed, including the total supply, the amount released during TGE, the vesting schedule for early investors and the total distribution among holders.
Determine how much control the developers have over the tokens and whether there are a few large holders. This is important because a large share of the total supply can prove to be a single point of failure, enabling the holder to manipulate the market.
If the token is already live, you can use blockchain explorers like Etherscan to get detailed insights about token distribution.
Last but not least, be wary of urgency. Scammers would often create hype, promote high returns and pressure investors to “buy now” before it’s too late. This tactic is specifically designed to prevent thorough research and drive impulsive decisions. Remember, any legitimate project will not rush investors but give them enough time for due diligence and thoughtful consideration.
Founded in 2014 by Ruja Ignatova, OneCoin was a Bulgarian-based cryptocurrency company that falsely claimed to offer a revolutionary digital currency. The project amassed over $4 billion from investors through misleading statements about the coin’s value. In 2017, Ignatova vanished, and the exchange shut down without warning, leaving investors empty-handed. To this day, Ignatova is on the FBI’s most wanted list.
This Turkish cryptocurrency exchange Thodex abruptly halted trading and withdrawals in 2021. CEO Faruk Fatih Ozer fled with over $2 billion in user funds. The night before, some cryptocurrencies traded significantly below market rates, suggesting insider manipulation. Turkish prosecutors are seeking harsh penalties for Ozer, who remains at large.
Launched in 2021 without a website or whitepaper, AnubisDAO was a dog-themed DeFi project. It quickly raised $60 million in ETH and in less than 24 hours after its initial token sale, the liquidity pool was drained. The project’s social media went dark, leaving investors with worthless ANKH tokens.
Capitalizing on the popularity of the Netflix series, the Squid Game token launched in 2021 and raised $3.3 million. Despite massive hype and press coverage, the developers drained the liquidity pools, leaving investors with worthless tokens.
In 2021, investors were duped into believing they had failed transactions while purchasing the Solana-based NFTs Baller Ape Club. The project’s creator, Le Ahn Tuan, stole $2.6 million in SOL without delivering any NFTs. Later, Tuan was arrested and charged with money laundering and wire fraud.
This NFT project promised long-term benefits but ended abruptly after selling out in January 2022. The creators escaped with over $1 million and were even planning a follow-up project called “Embers.” The scammers were arrested and charged with wire fraud and money laundering.
Just six hours after launching in August 2022, the developers of the SudoRare decentralized NFT marketplace drained its liquidity pool. They stole over 519 ETH, which was worth around $815,000 at the time. The scammers erased all online traces of the project, leaving investors at a loss.
As Web3 continues to grow, becoming literate in its intricacies is essential to protect your digital assets. The decentralized nature of Web3 offers unprecedented freedom and endless new opportunities but it also provides plenty of prospects for scammers. However, diligent investors can leverage the transparency of blockchain technology, read whitepapers, and analyze social platforms to conduct proper research. By staying cautious and informed, investors can safely navigate the crypto space and successfully avoid rug pulls.