Rug-pulling in the decentralised finance (DeFi) ecosystem has recently risen to the top list of the most-used methods of defrauding investors out of their hard-earned money.
While it used to be exclusive to ICO (Initial Coin Offering) campaigns, rug pulling has made its way into the DeFi ecosystem and is instrumental to a significant portion of cybercrime that takes place within the space.
According to a Coindesk report, ‘Rug pulls’ accounted for 37% of all scam revenue during 2021, compared to just 1% recorded the previous year. To add more perspective, Rug Pulls alone accounted for more than $2.8 billion worth of the entire crypto scam revenue with a total of about $7.7 billion, according to Chainalysis.
Looking at the major boost in terms of rug pulls between 2020 and 2021, it is easy to assume that more of this type of attack will be perpetuated in the ongoing year. Consequently, there may be more victims this year than in the years before, especially with the increasing interest in the DeFi space, both among individuals and corporate organisations.
What is and how does rug-pulls work?
In cryptocurrency or DeFi, the concept of a rug-pull is used to refer to a situation whereby crypto developers take off with investors’ funds after a successful cyber heist.
This situation, however, is a recurring one in the DeFi ecosystem, and it takes place at the point when the project is expected to go public, traded on a known exchange, or when there is little or no more support from investors to aid scalability.
A more prominent instance is when developers successfully enlist a token on a decentralised exchange and pair it with a leading crypto asset like Ether, SOL, BTC, and so on.
While the pairing suggests the token has a lot of potential, it also attracts a lot of investment. At this point, investors may have swapped their Ether (for instance) for the token in question.
On the other hand, the token developer withdraws all the investment and, thereafter, blames an unknown bug or hack for the unfortunate loss of a large number of tokens, leading to the token’s abandonment.
For some time now, rug-pulls have been thriving on decentralised exchanges (or DEXs) because of certain vulnerabilities involved. Notably, not all DEXes have an auditing protocol in place. Hence, it is easy for any random developer to create and enlist new tokens.
Also, the majority are not audited by regulated bodies, which implies that, even after tokens are being carted away, developers are not necessarily held accountable. In other scenario, some other DEXs are built purposefully for the same reason as developers who intend to rug-pull. So how can you easily spot a rug-pull?
Attributes of rug-pulls, and how to avoid them
To begin with, rug-pulls are not hard to spot but, more often than not, people are blinded by the potentially promising outcome. However, even for the smartest, rug-pulls can sometimes be wrapped as such that it is hard to notice. That said, some of the things to look out for in a token to figure out whether it is a scam or not are as follows…
1. Project Whitepaper: Although it is near impossible for any project to launch without a whitepaper, it is also possible to launch one with several irregularities. As a result, it is important to read about a token whitepaper, and if you are not vertain, it is suggested that someone with relevant knowledge go through it on your behalf.
More often than not, scammers do not take their time to draft a practicable whitepaper, and are more likely to expose a lot of flaws about the project while at it. For instance, things like the underlying technology of the project, and how it is expected to behave over time are meant to be provided in a white paper. The absence of it or the presence of irregularities is a red flag.
2. Roadmap: The roadmap of a project is another thing to look out for. If a project fails to stick to its default roadmap, or modifies it too often, then you may want to back out.
3. Board member: It is also important to note that the people who make up the board a token goes a long way to determine the outcome. If the board members are reputable public figures, that’s a good sign. However, you must be sure they are really part of the team.
4. Suspicious hike in token price: If listed already, one of the signs to identify a rug-pull is sudden or abnormal hike in the token price. For instance, a token could go from 0 to 30X or 60X within a day trade. If you stumble on a token like this, chances are that there are entities who are either pumping it to attract real investment and dump it afterwards. Walk away.
5. High percentage of team-held tokens: Lastly, most rug-pull are successful because the percentage of tokens apportioned to the developers’ team is very high. Most tokens that are less vulnerable to rug-pull, either have very few team-held tokens or none at all.
How to avoid rug-pulls in the DeFi ecosystem
If you can’t figure out everything that was mentioned earlier, then the only alternative left to avoid rug-pulls is to use exchanges that are audited and regulated by a well-known regulatory body. Often, this type of exchange (Uniswap, for example) are able to determine the price of tokens in a pool depending on amount that’s left in the balance. Ultimately, instinct is a better judge at this, and so you must be more than sceptical in your judgement.