How to Detect and Avoid a Crypto Rug Pull

Source: @chainalysis

As you may know, "rug pull" refers to a type of scam where the developers of a cryptocurrency project abruptly withdraw all funds from the liquidity pool, causing the value of the token to plummet and leaving investors with worthless assets. According to data from chainalysis, the wallets linked to scams generated at least $4.6 billion in revenue in 2023, and rug pull was the 3rd highest on the chat after NFT and Romance scams. In Q1 2024 alone, Hacken has reported over $63m in rug pull/exit scams.

This fraudulent act is typically executed in the following manner:

Creation and Promotion: Scammers create a new cryptocurrency token and promote it heavily, often through social media, promising high returns and innovative features to attract investors.

Building Liquidity: The developers add liquidity to the token on a decentralized exchange (DEX) and encourage investors to buy the token, increasing its value and liquidity.

Hype and Investment: As more investors buy into the project, the liquidity pool (the reserve of funds used for trading) grows, and the token's price often rises significantly due to the increased demand and limited supply.

The Pull: At a strategic point, typically when a substantial amount of money is pooled, the developers remove all or a significant portion of the liquidity, converting it into a more stable cryptocurrency (like Ether or Bitcoin), and disappear with the funds.

Hard Pulls vs. Soft Pulls

Hard rug pulls, unlike soft rug pulls, which are usually characterized by a dump of tokens on the market, involve intentionally embedding malicious backdoors within the project’s smart contract. These backdoors are designed to allow developers to exploit the project and steal funds from investors. Such exploits are often difficult to detect. Once the developers have used these backdoors to drain the funds, they typically vanish, leaving the project in ruins and investors with worthless tokens.

Identifying Potential Rug Pulls

1. Absence of External Audits

Having an external audit has become a hallmark of legitimacy in the web3 space. For new and emerging projects, particularly those in the DeFi space, an external audit conducted by a reputable third-party firm is no longer optional but essential. Hence, a thorough audit by an external, reputable auditing firm/platform is considered a must. If a project lacks this, it could be a case of lack of funds for hefty external audits or a sign of a lurking rug pull.

2. Low credibility or Anonymous Developers

Although we have experienced several projects that have successfully launched with Anonymous founders, it is important to scrutinize projects with this nature carefully to be on the safe side. Popularity is not even a criterion here, track record of integrity and contribution matters.

3. Limits on Transfers

Limits on transfers can be a deceptive tactic used by malicious actors in the cryptocurrency space. In this type of scam, the developers manipulate the smart contract to restrict the ability of certain investors to sell their tokens while allowing themselves or select individuals to sell without restrictions. This manipulation is a clear hallmark of a scam project, designed to trap investors by preventing them from liquidating their holdings while the developers can exit their positions at high prices.