In 2021, investors in Decentralized Finance (DeFi) lost over $10 billion in scams and thefts, according to an Elliptic report. And while scammers constantly come up with new ways of robbing investors, rug pulls appear to be the most used.
What is a Rug Pull?
A rug pull is a type of scam in which a developer behind a DeFi project disappears with investors’ funds by draining the project’s liquidity.
In the DeFi space, liquidity means the number of crypto assets held in a liquidity pool to help run a decentralized exchange or an automated market maker.
Rug pulls mostly happen in DeFi because it is easy to create a token and have it listed on decentralized exchanges without necessarily through a KYC (Know-Your-Customer) process or running an external audit on the smart contract to make sure the code has no vulnerabilities.
Understanding a Rug Pull
Now that you have a rough idea of what rug pulls are, let’s look at how they normally unfold. In most cases, a project developer builds a new token, usually on Ethereum, but it can also be created on other layer-1 blockchains like Avalanche, Solana, and Binance Smart Chain. The developer then lists it on decentralized exchanges such as Uniswap, TraderJoe, Pancakeswap, and Raydium.
After listing the token, the developer has two alternatives for injecting liquidity into the decentralized exchange. First, it can be via a liquidity pool, meaning the token gets paired with a more famous crypto like USDT or ETH. Secondly, it can be via an initial decentralized exchange offering, where the token launches on an exchange specifically to raise funds from investors.
The developer of the scam token promotes the project on social media platforms, deceiving investors with promises of unachievable APYs (Annual Percentage Yield). Once the token developer injects enough liquidity, they drain it and delete the project’s social media accounts.
How to Identify and Avoid a Potential Rug Pull
The are several red flags to look for in a DeFi project. Here are some:
Anonymous Team – Even though there are several established developers with proven track records that have not doxxed, there is still a huge risk in injecting your funds into a project led by anonymous developers. Therefore, you should be suspicious of any DeFi project run by undoxxed developers.
Unclear Whitepaper – A project’s whitepaper explains its purpose and the roadmap to achieving sustainability. Therefore, if a project does not clearly elaborate on how it intends to attain its goals, that should be a red flag.
Disproportionate token Allocation – Stay away from any project whose token distribution seems to favor its developers. For a safer investment, look for a project with a balanced token allocation.
Famous DeFi Rug Pulls
Meerkat Finance – It was a yield vault project built on Binance Smart Chain. Just a day after launching, developers claimed that the protocol’s vaults encountered a security breach. But it was later discovered that these developers modified the platform’s deployer contract to drain investors’ funds. Over $30 million was lost.
TurtleDEX – It was a decentralized developed on Binance Smart Chain. The trading platform launched with a presale round, raising over 9,500 BNB worth $2.5 million at the time. However, a few days later, the project’s developers sold the crypto on the Binance exchange.
Bad actors are likely going to stay in the DeFi space for a long time. So always do your research before committing your funds to any project.