We use cookies and other tracking technologies to improve your browsing experience on our site, analyze site traffic, and understand where our audience is coming from. To find out more, please read our privacy policy.

By choosing 'I Accept', you consent to our use of cookies and other tracking technologies.

We use cookies and other tracking technologies to improve your browsing experience on our site, analyze site traffic, and understand where our audience is coming from. To find out more, please read our privacy policy.

By choosing 'I Accept', you consent to our use of cookies and other tracking technologies. Less

We use cookies and other tracking technologies... More

Login or register
to publish this job!

Login or register
to save this job!

Login or register
to save interesting jobs!

Login or register
to get access to all your job applications!

Login or register to start contributing with an article!

Login or register
to see more jobs from this company!

Login or register
to boost this post!

Show some love to the author of this blog by giving their post some rocket fuel 🚀.

Login or register to search for your ideal job!

Login or register to start working on this issue!

Login or register
to save articles!

Login to see the application

Engineers who find a new job through Blockchain Works average a 15% increase in salary 🚀

You will be redirected back to this page right after signin

Blog hero image

How Rug Pulls Are Becoming A Phenomen in the DeFi Space

José Oramas 26 August, 2021 | 6 min read

The world of Decentralised Finance (DeFi) has emerged as a revolutionary financial tool —an alternative to decades-old banking and financial ecosystems for investors. We could talk about the number of benefits that DeFi has to offer us; low fees, exposure to global markets, control of your finances, high-yield programs with attractive features, and more. But what about the downsides? We have to be careful when we consider emerging technologies —especially when we’re talking about an unregulated space.

The Rise of Rug Pulls: a Blatant Exit Scam

There’s a rapidly expanding phenomenon in DeFi, especially on decentralised exchanges (DEXs): rug pulls —exit scams where protocol developers rip-off their investors by abandoning the project and running away with their funds. Rug pulls can happen in any industry, but DeFi has become a luxurious field for scammers, and how couldn’t it? We’re talking about a decentralised space —no regulations, no guarantees about what could go wrong in terms of security.

DeFi is certainly the wild west of the crypto space. Data from DeFi Pulse shows DeFi has currently over $80 billion in locked funds, but what’s more interesting it’s the massive rally it experienced in just a year. The DeFi market cap peaked at 19.8 billion by the end of December 2020 —a 1000% increase since January 2020. As the crypto market experienced a massive influx of institutional capital, DeFi’s Total Locked Value (TLV) boosted dramatically to a whopping 130 billion.

Over $400 Million Stolen in 2021

With so much money coming in, scammers have tried to take their cut and it seems they have been successful so far. According to blockchain analytics site CypherTrace, at least $474 million has been stolen in hacks and frauds in the first seven months of 2021. The report shows that external attacks have accounted for $361 million in tokens, while rug pulls amounted to $113 million. Screen-Shot-2021-08-09-at-5.44.09-PM-e1628556392552.png

How it Unfolds

Open-source protocols like Ethereum allow anyone to seamlessly create a token and list it for free without audit. Here are the two main advantages and disadvantages as well.

The developers —usually an anonymous team— set up their business model similar to traditional businesses. First, they launch a coin via an Initial Coin Offering, with a Round A investment to a group of shareholders to make it look legit. The next step is to promote the protocol through various social media channels to attract investors, promising high yields and generating massive hype, especially on new platforms. One trick is to inject a chunk of liquidity into their pool to build investor confidence.

The protocol needs to generate sufficient liquidity. Once the token is created on a DEX, developers pair it with a high-market cap token such as Ether (ETH), they then drain the DEX pools once a significant number of investors have swapped their ETH for the new token. This crushes the token’s price, decapitalizing the majority of investors.

One of the main drivers here is hype. A platform that’s gaining massive attention from the DeFi community is a good target for scammers since they can launch their projects there and materialize them.

Some coins are worth less than $1, so the hype might be centered around a new protocol that has been launched, with a cheap token expecting to moon anytime soon, and promises of exaggerated returns to investors on an Annual Percentage Yield (APY). What follows hypes is FOMO (Fear of Missing Out). An important red flag to consider is a fast price surge within hours. A coin that skyrockets from 0 to 50X in just 24 hours is just too good to be true, and this might be a trick to cause panic and rush investors to buy.

Spotting Red Flags

It can be complicated to know with certainty what is a potential scam and what are legit projects. There is no way to know it 100%. However, we can spot certain red flags and protect ourselves from losing a significant amount of money.

1- Anonymous Team

This is probably the biggest red flag you can detect. Investing in a protocol with anonymous developers is a huge risk, so it comes down to your appetite for risk. Keep an eye out for this: some developers might create highly detailed profiles, or they will state that the protocol is run by a shady “software developer organization” with no background whatsoever.

Investing in a protocol with an anonymous team is not the best idea to throw around. You should always check for the team credentials —who they are, their social media, history, previous works, etc.

2- Shilling and Marketing

Take a look at a protocol’s whitepaper. Does it look like they are trying to sell something instead of fixing a problem, or adding something innovative to the industry? Scammers heavily rely on promotions on advertising through various channels, and their whitepaper sounds more like a marketing approach instead of adding something valuable.

3- Disproportianed Token Distribution and Wallets

Do the mining structure and token distribution favours the development team? Carefully look at supply schedule, mining structure, and token allocation. We know that premine periods are often necessary to favour and reward early investors and protocol developers, yet if the token supply percentage during the project’s lifetime remains high, then it’s a red flag.

Verify if the token is listed and traded on popular exchanges and check the number of token holders. You can use a block explorer like Etherscan, and on-chain data aggregators like CoinGecko can be useful to learn more about the coin.

4 - Exaggerated Returns

Yield Farming has always had high returns. It’s a reward scheme where token holders deposit their funds into the network to earn interest from trading fees on an APY (Annual Percentage Yield) base. Yet some protocols offer exaggerated and unrealistic returns of over 20%. Remember, if it looks too good to be true, well, it probably is.

Popular DeFi Rugs

Meerkat Finance

One of the most popular DeFi thefts involved Meerkat Finance. While the protocol claimed its smart contract vault was compromised —draining $31 million— the incident raised eyebrows as it happened just after the launch. The exploit occurred on Binance Smart Chain (BSC), Binance’s decentralised exchange, resulting in 73,000 BNB and $14 million of BUSD loss.

Meerkat Finance was a yield farming protocol that cloned Yield Finance codebase. After the alleged hack, a protocol developer —which remained anonymous for obvious reasons— revealed that the exploit was a “trial” that sought to test users’ greed on a message via a telegram channel.

TurtleDEX

TurtleDEX was a blatant scam exit that pulled 2.5 million on BSC. Developers drained 9,000 BNB from the trading pools and then swapped them for ETH, later sent to several wallets. Telegram, Twitter, official website, and all the channels were deleted, leaving users with a worthless token.

The BSC community quickly reached out to Binance’s CEO, yet the only thing that they can do is freeze the funds coming from the wallets, if they are fast enough. In this case, the only thing investors can do is be way and DYOR (Do Your Own Research) before investing in a project.

Yearn Finance

In February, Yearn Finance suffered an alleged flash loan attack. The attacker managed to exploit the smart contract’s flash loan feature, draining $11 million worth of user funds from the DAI Vault.

Flash loans are usually more complicated but have been a common way to exploit DeFi protocols. They are a type of uncollateralized lending option in the DeFi space, mostly designed for developers. It enables them to borrow seamlessly, without any collateral needed as the liquidity is returned to the pool within one transaction block.

In this case, the attacker borrowed the flash loans from dYdX —a protocol for financial derivatives built on Ethereum and allows peer-to-peer options on any ERC-20 tokens— and then made a collateralized loan on Compound. Finally, the attacker deposited the loans in Yearn’s pool, accumulating Curve tokens from a pool with inflated DAI.

The Future of DeFi

DeFi is growing at a fast rate, no doubt about it. But with more money, more problems —even more problems knowing that it’s a decentralised space, almost like the wild west of finance.

Not only hacks and scams are on the rise, but DeFi has been subject to critics as some users cover up their illicit sources of funds using smart contracts, attempting to evade monitoring solutions that trail illicit gains. An investigation by Cylynx —a platform for fraud detection powered by network analytics— revealed that money launderers trade illiquid assets (usually created by themselves) on DeFi platforms to hide the source of funds.

As a final thought, always make sure to do your own research before investing in a new coin. Once it’s lost as a result of a hack or rugpull, there’s no way to get your money back.

Author's avatar
José Oramas
Fintech and finance writer, with keen interest in blockchain and crypto.

Related Issues

Concordium / Testnet3-Challenges
  • Open
  • 0
  • 0
  • Intermediate
    Concordium / Testnet3-Challenges
    Concordium / Testnet3-Challenges
    • Open
    • 0
    • 0
    • Intermediate
      Concordium / Testnet3-Challenges
      Concordium / Testnet3-Challenges
      • Open
      • 0
      • 0
      • Intermediate
        Concordium / Testnet3-Challenges
        Concordium / Testnet3-Challenges
        • Open
        • 0
        • 0
        • Intermediate

          Get hired!

          Sign up now and apply for roles at companies that interest you.

          Engineers who find a new job through Blockchain Works average a 15% increase in salary.

          Start with GitHubStart with Stack OverflowStart with Email