DeFi ‘Rug Pull’ Scams Pulled In $2.8B This Year: Chainalysis

Crypto investors lost over $2.8 billion to “rug pulls,” a colloquial term for a type of crypto scam, in 2021, according to a report by Chainalysis. The rise in scams mirrored a general rise in cryptocurrency prices this year, the report added.

Rug pulls, the seemingly tame crypto Twitter buzzword, accounted for 37% of the over $7.7 billion in total illicit revenue from crypto scams this year, according to the report published on Thursday. In 2020, rug pulls accounted for just 1% of the under $5 billion in total illicit revenue.

Turkish crypto exchange Thodex accounted for a majority of the lost funds on the list after its founders went missing with over $2 billion in client funds in April 2021. This was followed by dogecoin-inspired AnubisDAO at $58 million, and Binance Smart Chain-based exchange Uranium Finance at $50 million.

Other names on the list ranged from funny to absurd, such as Meerkat Finance and Evolved Apes, to Polybutterfly.

Thodex was the only “centralized” rug pull on the list, with all others belonging to the decentralized finance (DeFi) category. DeFi projects rely on smart contracts for offering financial services, such as trading, lending, or borrowing, to users.

What are rug pulls anyway?

Rug pulls are unlike vanilla scams like fake giveaways or more sophisticated crypto hacks.

In the case of DeFi platforms – developers conduct seemingly legitimate work on a blockchain, such as launching a working application and carrying out social media marketing, before issuing a token and listing on a decentralized exchange (DEX).

The listing is where the scam starts: Investors purchase the scam projects’ tokens in hopes of a price increase and supply liquidity to those projects on DEXs. The liquidity is provided in the tokens of whichever blockchain that project is built on – such as ERC-20 tokens for Ethereum or SPL tokens for Solana – and can run into millions of dollars.

When the project is live for a few hours or days, liquidity pools can run into tens of millions or even hundreds of millions of dollars. This is where a scammer strikes in and “pulls” all liquidity away from the DEXs pocketing the entire amount. The rug pull is then complete.

An important point here is that developers of such projects do not “lock” their control over the token’s liquidity pool on a DEX and are able to retract the entire pool. Locking the liquidity can be done via burning the private key used to start the liquidity pool, at which time it’s technically impossible for a rug pull to occur.

Scammers can also get creative at times. In early 2021, a Twitter account called “WarOnRugs” gained a following of nearly 100,000 on the microblogging site after auditing DeFi code and exposing the creators behind rug pull projects.

The account later raised $2 million from investors to battle the growing rug pull problem … before pulling the rug later.