Ever since their introduction, cryptocurrencies have attracted the eyes of buyers and hucksters alike. Although the crypto area is characterised by some institutional buyers and skinny liquidity, it is usually rife with scammers. The character of scams on crypto networks has additionally paralleled their infrastructure improvement. Since blockchains had been new and primitive, the illicit actions on high of them principally consisted of darkish internet purchases, fraudulent exchanges, and many others.
Nevertheless, in recent times, as cryptos started to go mainstream with decentralized finance (DeFi) and attracted the eye of blue-chip corporations, new and complicated scams have began to pop up. Rug pull is one rip-off that has efficiently infiltrated the DeFi ecosystem recently. On this weblog, we are going to completely perceive this rip-off class and discover ways to keep away from rug pull for the higher.
What’s A Rug Pull Rip-off?
Rug pull is derived from the phrase “to tug the rug out from beneath somebody”, which roughly interprets to pulling the rug out from one edge so the particular person standing falls flat on the ground.
Within the crypto area, rug pull is described as a scenario whereby the builders of a crypto venture pull out help, thereby leaving the buyers and customers with nugatory tokens. It usually occurs when an entity convinces individuals to purchase into their cryptocurrency and drains out its liquidity, making it not possible for token holders to commerce the cryptocurrency within the course of. For instance, an “X” token is traded towards “ETH”. When the malicious actors take away all of the ETH liquidity from the X/ETH pair, merchants gained’t have the ability to commerce their X tokens.
How does Rug Pull Work?
Like most crypto ecosystems, the DeFi area is extremely unregulated. Subsequently, protocols and initiatives inside the DeFi area are additionally away from the scrutiny of lawmakers. Rug pulls happen as a result of decentralized exchanges (DEXs) – in contrast to centralized exchanges (CEXs) – do not audit or verify tokens being listed on them. Anyone can list a cryptocurrency on DEXs, irrespective of whether it’s legit or not. Though there are various ways a scammer can pull out rug using DEXs, there are categorized into mainly three:
Pulling Out Liquidity: When someone wants to pull out a rug on investors, it will create a token and list it on a DEX, like Uniswap. In order to make their worthless token tradable, they put a portion of the valuable tokens (like ETH) and a portion of their newly minted token into a liquidity pool. It allows new investors to exchange their ETH with the new token. As time goes, and the investors invest, the value of worthless tokens goes up. Then, the developers can do a rug pull by pulling out their initial liquidity. By doing this, they get their initial amount of worthless tokens along with the valuable tokens. Due to how automated market makers (AMMs) on DEXs work, these malicious actors gain access to a lot more valuable tokens and a lot less worthless tokens. After they pull out the liquidity, the investors will not be able to trade their worthless token because the pool is left empty.
Selling Off The Shares: The second way a developer can pull the rug is by selling their token shares. Like in our above example, a developer creates a worthless token. The developer convinces investors and other people that their token is valuable. For example, they can promise that a new platform is launching soon with a real-world use case. But, they always promise something in the future. Thus, they sell this idea to a majority of people. When the price of their token increases, they sell all their token in the token launch. In short, what they did is they got people to trade a valuable token for a worthless token, and then run away with the accumulated valuable tokens. This method is often slow so that buyers don’t realize they are being rug pulled.
Removing A Seller’s Ability to Sell: Another way to pull the rug is by disabling buyers’ ability to sell. Malicious actors can add code to their token’s smart contract, which doesn’t allow users to sell back their tokens on DEXs. So, users can buy their worthless tokens but can’t sell them even if they want to. This pushes up the price of the underlying token because no one can sell it. When the price is really high, the scammers sell out all the tokens they gave themselves in the initial stage or bought very early on at a very low price.
How to Avoid Rug Pulls?
Since you know how to identify a rug pull, it is time to learn how to avoid one. The first trait to watch out for in a project is whether it has locked liquidity or not. As discussed, a developer can pull the liquidity out of a DEX as long as it’s unlocked. Sometimes, to prove that the team is legit, a project locks its liquidity with a trusted third party to ensure they don’t have a way to drain out funds even if they want to. While it is a great way to find if the developers won’t pull out the rug, the token price can still be manipulated. Therefore, it is better to pay close attention to the duration of that locked liquidity. A legit project will do it for a shorter period (like 2-6 months), whereas, a scammer would keep it for 10 or more years.
Secondly, check wallets on blockchain explorers like Etherscan and BSCscan to find out which wallet holds the maximum tokens. If the top five wallets hold a large number of tokens, these accounts are likely of the project team members who bought these tokens at a very low price.
Another way to know if a project is trustworthy is by checking whether its burn wallet has a higher percentage that hides a true, big wallet. Essentially, the developer creates a ton of tokens and then burns most of them, thereby getting a large portion of the supply in their hands.
Furthermore, find out whether the developers are using a multi-sig wallet. This ensures that no one in the team can access the funds singlehandedly. So, when someone gets greedy, they can’t run away with funds because accessing them would require the signatures of all the developers involved with the project.
Lastly, a project should have undergone audits from multiple reputable companies. A successful audit ensures that the smart contracts are verified by a trusted source and that the team is serious about their protocol. This not only helps investors avoid rug pulls but also removes the possibility of code errors.
Rug pulls are quite common in DeFi because it is not regulated like the stock market. High APYs and APRs and 100x returns are alluring for new investors. However, these promises are usually made by fake projects wanting to pull the rug and run away with funds. When hundreds of dollars are at stake, it is important to consider the above pointers to thoroughly evaluate a project for investment. In addition to the recommended ways, check whether a project has a functioning website and engaging social media pages. We always recommend you to get your DeFi project audited multiple times to avoid any risks of potential future attacks.