Crypto is hyped as the investment opportunity of a lifetime, but it’s also a veritable minefield of hacks, scams and fraud. As they say, ‘no risk, no reward’. With over $100B invested in Decentralised Finance in 2021, its fruitful ground for hackers and scammers. So how do you protect yourself AND further your investing at the same time? In this post we’re going to look at the phenomenon ‘DeFi rug pulls’ – how to spot them and how to protect your crypto.
The anatomy of a DeFi rug pull
A DeFi rug pull is when a team of developers disappear with all of the liquidity added by users to a particular DeFi Protocol. But what does this even look like? Here’s a step by step of the MO of scam token creators:
- Scam token creator / developer launches a protocol on a particular network – like Polygon, Binance Smart Chain or Ethereum – with webpage and their own scam token.
- The project and the token are hyped on online crypto hangouts like Telegram and Twitter using fake groups and bot group members.
- The developer then creates a pair between the scam token and a valuable token on a DeFi platform that is perceived as legitimate, such as Uniswap or SushiSwap, and adds liquidity for the newly hyped token.
- Users swap their valuable tokens for the scam token on the promise of mind blowing returns – like 5000% APY and above. This drives the scam token price up.
- As the price of the token rises, more users participate in the swap due to FOMO (fear of missing out).
- The scam token creator removes the valuable token from the platform and dumps the scam token. The liquidity pool is drained and other holders no longer able to trade or swap.
- Users are left holding worthless scam tokens with no place to withdraw or cash out.
- And so on, and so on it goes…
The rise of DeFI rug pulls and exit scams
According to Ciphertrace over half of 2020 crypto hacks were from DeFi protocols. Rug pulls and other types of DeFi exit scams are on the rise as more capital flows into the DeFi space with a reported $240M lost in just the first 5 months of 2021.
Recent DeFi rug pulls
There is a litany of rug pulls online that you can delve into if you’re interested in understanding more about how they work so you can protect yourself and your coins. You can read all about the more recent alleged DeFi rug pools here:
How to protect your crypto
The thing to understand about decentralised blockchain networks is that practically anyone can build decentralised apps on them. If you’re going to add your coins to these protocols, then all of the due diligence is up to you. If you’re not into doing the leg work, they you may have to accept that your coins are at risk.
- Avoid early stage DeFi projects – some folks will say this is where the money is made, but it’s also where authenticity and legitimacy are at their most unclear. At a minimum avoid low initial liquidity projects if you are keen to invest in the early stages. Scammers will find it hard to raise large amounts of initial capital.
- Make sure there is a project whitepaper and read it. Compare it to other legitimate protocol white papers to help decide whether it appear legitimate.
- Is there are huge social media blitz on the token with unreasonable claims of benefits? Watch out for fake hype on Telegram and Twitter. Stay away from these projects.
- Research the project – is the developer team transparent and known in the crypto community? If the developer team is anonymous do you really want to trust them with your coins?
- Get on to Reddit and research the token and the project and any red flags raised by other developers.
- Check that an audit of the protocol has been done by an independent know auditor. Audits are expensive and having one legitimises the project.
- Check whether or not the liquidity is locked on Unicrypt.com. Check the smart contract history on Etherscan or Polygonscan.
- Watch the token price and pay attention to the Protocol. If the token price starts to tank, get your investment out immediately. This means offloading the scam token and sending your valuable tokens back to your hardware wallet! Don’t leave coins in your crypto wallet app unless you’ve been on to Etherscan or Polygonscan and revoked all of the token approvals you’ve previously confirmed in association with the scammers Protocol.
Never invest in DeFi projects that are very new, with anonymous teams, made as memes, and have a lack of real utility