Rug Pull eyewaash: The Invisible Killer in the Crypto Assets World

In recent years, with the rise of investment in Crypto Assets, various eyewash schemes have emerged one after another. Among them, Rug Pull has become an extremely common and dangerous scam tactic. Data shows that in 2021, losses from Rug Pull scams reached as high as $2.8 billion, accounting for 37% of the total revenue from Crypto Assets scams that year. In April 2023, the DeFi industry encountered Rug Pull again, resulting in investor losses exceeding $6.2 million, involving 32 projects.

The BNB chain is the most severely affected network, with losses of approximately $4.5 million, accounting for 73% of the total losses. Following that are Ethereum and Arbitrum, with losses of $1.05 million and $182,000 respectively.

The Essence of Rug Pull

Rug Pull is a common scam in the Crypto Assets field. It usually manifests as project developers suddenly withdrawing the liquidity pool from the centralized exchange (DEX), resulting in a sharp drop in coin prices; or leveraging centralized authority and contract vulnerabilities to abscond with investors' funds without any warning. This is a typical Rug Pull tactic in the DeFi space.

On April 26, 2023, the DEX project Merlin in the zkSync ecosystem allegedly experienced a Rug Pull incident. According to on-chain data, shortly after Merlin launched a three-day presale event, approximately 1.82 million USD worth of USDC and ETH and other Crypto Assets were stolen from the protocol due to malicious developers exploiting a vulnerability to carry out the Rug Pull. The incident is still under investigation.

Main Types of Eyewash

Rug Pull mainly consists of three types: liquidity theft, limit sell orders, and dumping.

liquidity theft

This is the most common type of Rug Pull in the DeFi space. When the token creator withdraws all funds from the liquidity pool, it causes the funds injected by investors to lose all value, and the token price drops to zero. The liquidity pool is a core component of DeFi protocols, enabling users to trade Crypto Assets in a decentralized environment.

Liquidity providers ( LP ) obtain liquidity pool tokens by injecting equal amounts of two Crypto Assets into the pool, representing their share in the pool. When the project creator withdraws and takes away these funds, a liquidity theft Rug Pull occurs, causing the tokens held by LP to become worthless.

Limit Sell Order

This is a more covert Rug Pull tactic. Developers will encode the token in a special way, making it so that only they can sell the token. They will wait for retail investors to purchase the new tokens with paired coins, and when the price rises to a certain level, the developers will sell off their holdings, leaving worthless tokens for other investors.

dumping

Dumping refers to developers selling large amounts of their held tokens in a short period, resulting in a sharp drop in token prices, rendering the tokens held by other investors worthless. This behavior usually occurs after strong promotion on social media, and the rapid price increase followed by a drop is known as "pump and dump." Compared to other DeFi Rug Pull eyeglasses, dumping is in a moral gray area. The key lies in whether the quantity and speed of the developers' sell-off are reasonable.

How to Identify and Avoid Rug Pulls

The following 6 signs may indicate that the project has a Rug Pull risk:

1. Unknown or anonymous development team

Investors should investigate whether the team members behind the project have a reputation and a good track record in the crypto assets community. Unknown or anonymous development teams are a red flag. Although Bitcoin's founder Satoshi Nakamoto remains anonymous to this day, such practices are no longer widely accepted in the current environment.

2. Lack of liquidity lock

Checking whether the token has set up a liquidity lock is a simple way to distinguish between eyewash coins and legitimate projects. If the token supply does not have locked liquidity, it means the project team can withdraw all funds at any time. A safe practice is to protect liquidity through time-locked smart contracts, which usually lock for 3-5 years. Tokens locked by third parties may be more secure.

Investors should also check the proportion of locked liquidity pools, which is the total value locked ( TVL ). This ratio should be between 80% and 100%.

3. Sell Order Limit

Malicious developers may set restrictions in the token contract to prevent certain investors from selling their tokens. This sales restriction is one of the hallmarks of an eyewash project.

Due to these restrictions being hidden in the code, it is difficult to discover them directly. A simple test method is to purchase a small amount of coin and then try to sell it immediately; if it cannot be sold, it is likely to be an eyewash.

4. Token holders are limited but prices soar.

Be vigilant about sudden large fluctuations in the price of new tokens, especially when liquidity is not locked. Typically, the sharp rise in the price of new DeFi tokens is often a "pump" before a "dump".

Investors should maintain a skeptical attitude towards price trends and use blockchain explorers to check the number of token holders. If only a few people hold a large number of tokens, it can easily be manipulated. At the same time, too few holders may also indicate that large holders are about to sell off, which can severely impact the token's value.

5. Suspicious High Returns

If a project's promised return rate sounds too good to be true, it is likely to be untrustworthy. When a coin offers a three-digit annual yield of (APY), while it may not necessarily be eyewash, such high returns usually imply correspondingly high risks.

6. Lack of third-party audits

In the current Crypto Assets market, accepting formal code audits from reputable third parties has become standard practice. For decentralized coins and DeFi projects, conducting default audits is essential.

However, investors cannot simply trust the claims of the development team that an audit has been conducted. The audit must be verified by a third party and clearly state that no malicious content was found in the code.

It is important to note that these signs do not necessarily mean that the project is a Rug Pull, but they should raise awareness and prompt investors to conduct more in-depth research before participating.

In addition to the above 6 points, investors can further examine the following aspects to reduce risk:

1. Is the project open-source with contract code that has been rigorously audited?
2. Have relevant security measures and emergency plans been established?
3. Does the project party have the authority to transfer user funds in the contract?
4. Is the project authority highly centralized, or does it adopt management methods such as multi-signature, time lock, etc.
5. Does the token allocation described in the project white paper match the actual issuance situation? Track the token issuance addresses and times.

The Importance of Due Diligence

Conducting thorough due diligence is a key step in ensuring investment safety. In addition to paying attention to the risk signals mentioned earlier, investors should also be cautious of the hype surrounding the project and the FOMO( fear of missing out) mentality. Fraudulent projects often attract investors quickly by creating a sense of urgency and excitement, but a wise approach is to take the time to conduct in-depth research before investing.

During the due diligence process, investors need to verify the background and track record of the project team. In addition, they should seek transparency from the project, which can be obtained by reading the white paper, website, and other materials for more information.

Investors should ask themselves: Does the project team have a reputation and experience in the crypto community? Do they have previous successful project cases? It is also important to deeply understand the project's smart contracts. Investors should confirm whether the smart contract code has been audited by a reputable third party to ensure there are no hidden malicious backdoors or exploitable vulnerabilities.

In summary, investors should devote enough time and effort to conduct due diligence to reduce investment risks.

Conclusion

Rug Pull has become a serious issue in the Crypto Assets world, leading to significant losses for many investors. This article introduces the concept of Rug Pull, its types, and how to identify and avoid such frauds. We explore some warning signals, such as promises of high returns, anonymous development teams, lack of audits, and transparency, which may suggest that the project has fraud risks.

As investors, we must learn to identify and avoid projects that may lead to a Rug Pull, protecting our asset security. Before participating in any project, thorough research should be conducted, and professional team audit opinions can be sought if necessary. At the same time, as the crypto industry continues to develop and attract more investors, individuals, regulatory agencies, and law enforcement must work together to prevent and punish fraudulent activities, maintaining market order and protecting investor interests.