What is Rug Pull in the Cryptocurrency Space?

According to Chainanalysis, scams were the most popular type of cryptocurrency-based crime by transaction volume, with over $7.7 billion worth of cryptocurrency stolen from customers across the world. This is a rise of 81% compared to 2020, when scamming activity was much reduced in comparison to 2019, owing in large part to the absence of any major Ponzi schemes. Among them, in 2021, rug pulls accounted for 37% of all cryptocurrency scams, up from 1% in 2020.

When you’re investing or participating in DeFi protocols, it’s important to be aware of the risks involved in any potential investment. One such risk in the Decentralized Finance is known as a rug pull – when an unscrupulous individual or organization abruptly pulls the rug out from under your investment, leaving you with nothing. In this blog post, we’ll explain what a rug pull is and how you can avoid it. We’ll also discuss some tips for protecting yourself as an investor or DeFi user. 

What is a rug pull?

A rugpull or a rug pull in the world of cryptocurrency refers to the moment when a project’s development team drops off and removes the liquidity or sells all team’s tokens in the open market. The term is derived from the literal notion of someone tugging a rug out from under someone else’s feet, implying withdrawing support unexpectedly.

Rug pulls are most often used in connection with Decentralized Finance (DeFi) projects, which provide liquidity to Decentralized Exchanges (DEXs). DeFi tokens of new projects are generally not listed on Centralized Exchanges (CEXs), thus a DEX is the only source of liquidity. A DeFi project will typically issue its cryptocurrency and provide liquidity to a DEX. This may be put straight into a liquidity pool (paired with another cryptocurrency such as ETH or AVAX), or it may be sold in an Initial DEX Offering (IDO). Investors will buy the cryptocurrency in an IDO, and the funds will generally be kept frozen for a set period to ensure that there is adequate liquidity.

Once hype levels are high, and the project has access to its liquidity, the rug pullers have three options.

The most popular strategy is to sell all team’s tokens on the market and make a profit from the token’s elevated value. Once this happens, the liquidity pool will be dominated primarily by the development team’s tokens. Investors struggle to sell their assets or are compelled to do so at a low price when there isn’t enough liquidity. This is because the Automated Market Maker (AMM) pricing mechanism works via a liquidity pool’s ratio of two coins.

The second most common technique is to drain the liquidity pool entirely. Teams usually provide liquidity to Decentralized Exchanges and can withdraw it whenever they choose. By removing the liquidity, the team receives all the funds stored in the pool. Investors are unable to trade their tokens since there is no liquidity in the pool anymore.

The last approach, which is quite uncommon and supplementary to the other two, is for the team to embed malicious code into the smart contracts of the token. This code most often restricts purchasers from re-selling their tokens. Because users are only allowed to purchase and never sell a token, the developer has ample time to accumulate a lot of funds in the pool. The team then employs one of the two aforementioned strategies to steal the money.

How to avoid a rug pull in crypto?

There are a number of clear signals that investors should look for to avoid rug pulls, such as liquidity being unlocked and no external audit having been done. Here are six warning signals to look for if you want to avoid crypto rug pulls and protect yourself.

1 – Anonymous Team

Investors should look at the legitimacy of the individuals behind new cryptocurrency projects. Are the project’s developers and promoters well-known in the crypto community? What is their track record? Is it true that if a development team has been doxxed but isn’t well-known, they may still appear genuine and able to deliver on their promises? 

New and easily created social media accounts and profiles should be avoided by investors. The white paper, website, and other media associated with the project should provide hints about its overall legitimacy.

A possible red flag is an anonymous project team. While it’s true that Satoshi Nakamoto, the world’s original and largest cryptocurrency, created Bitcoin, who remains anonymous to this day, things are changing. It is more likely for an anonymous team to rug pull instead of one where the public knows their faces.

2 – Unlocked Liquidity

Checking if the cryptocurrency’s liquidity is locked is one of the simplest methods to tell a scam coin from a genuine cryptocurrency. Nothing prevents the project developers from taking all of the liquidity away if there is no liquidity lock on the token supply.

The assurance of liquidity is secured by time-locked smart contracts that typically keep the tokens locked for a long period of time. While developers can custom-script their own time locks, third-party lockers can provide greater peace of mind.

Another crucial statistic to look at is the proportion of the liquidity pool that has been secured. A lock is only useful in relation to the amount of money it protects. Sometimes fraudulent teams might lock only a small percentage of the liquidity, expecting that investors will not look into the details of the amount locked, but just whether the liquidity is locked.

3 – Suspicious smart contract code

A bad actor can code a token to limit the selling power of certain investors and not others. These sale limitations are clear red flags that the project is fraudulent. 

It might be tough to determine whether there is fraudulent activity when selling restrictions are hidden in code. Identifying such red flags is difficult even for people with a technical background and more likely an impossible task for someone with no technical background.

One way to go around this problem is to team up with other DeFi users or investors, and become a member of telegram groups where people from different backgrounds share their expertise and help each other.

4 – Not external Audit

It is now common for new cryptocurrencies to go through a comprehensive code audit procedure conducted by a reputable third party, as this has been the case since 2013. Tether is another notorious example, a centralized stablecoin whose creators failed to disclose that it held non-fiat-backed assets. For any Decentralized application, going through auditing is essential to gain the public’s trust.

Always double-check with the auditor to validate the claims of the teams, as many times bad actors claim that they went through an auditing process, without actually going through one.

5 – Unusual behavior in social media

Before getting into any project, make sure that you do your due diligence and monitor the team’s behavior on social media. Especially, telegram and discord where the team interacts in real-time with the public. If the team makes vague claims about the projects, or not giving straight-up answers to questions, consider this a red flag. Even if the moderator is not qualified to give straight-up answers, someone from the team should always be able to do so.

Statements such as “We will lock the liquidity after a few days because …” are bloody red flags. There’s absolutely no reason for the team to delay the process of locking the liquidity unless they plan to rug pull.

6 – Fake accounts and Fake followers

It’s now simpler than ever to acquire followers or establish older established Twitter accounts. Besides examining the project’s Twitter account, research the team’s Twitter accounts as well. There are a few red flags at the moment. If the account is too old, it’s probably a re-purposed account. Check Twitter Audit for how many of the followers are fake if the Twitter profile has a big following.

It is not unusual for a project to gain a lot of traction through legitimate marketing, however, that is easy to spot by combining the rate of increase in followers on the Twitter account and matching it with Marketing events from the team.

Furthermore, discord bots have evolved into something rather special. We’ve seen cases where users can set up 20 discord accounts in minutes to bot the whitelist procedures. Is it this simple for an individual to set up hundreds of discord accounts at once? Discord as a service is a bigger worry if it’s that simple. A person with only a modest sum of money may easily establish thousands of fake users on Discord using scripts.

Wrapping Up

Whether something is a rug pull, a type of a rug pull, or some other type of scam is not always clear. The world of cryptocurrencies and blockchain technology is evolving really fast and terminologies are not clearly defined. Having said that, learning about rug pulls and scams, in general, is important to protect yourself.

Aris Ioannou
Aris Ioannouhttps://coinavalon.io
Aris created Coinavalon with the purpose of helping the average person navigate the decentralized web. Aris has been passively in the space since 2017 and full time since late 2020. Before Coinavalon, Aris worked as a Business & IT Architect in the financial services sector. Aris holds an MSc in Advanced Computing from Imperial College London, a BSc in Computer Engineering from University of Cyprus and currently pursuing an MBA degree from CIIM.

Related Articles

Latest Articles