The cryptocurrency industry has experienced tremendous growth over the last 10 years. The industry is generating revenue for billions of people both directly and indirectly. From developers to founders, writers, marketers and the list goes on. However, the space has faced frequent hacks where criminals have escaped with millions of defi funds. Therefore investors ought to remain cautious and learn about all the different types of security vulnerabilities, fraud and scams. This will help them mitigate any losses in case of an incident. A common type of crypto scam is the rug pull. 

Rug pulls account for nearly 35% of all the cryptocurrency scams that took place in 2020. While DeFi theft hit an all-time high in 2022, $10 billion in crypto was lost to theft in 2021. A figure that represents an 81% increase in crypto cyber crime since 2020. 

In this article, we are going to look at rug pulls, explain how they work and educate investors on the best way to avoid them. You are also going to learn several tips for uncovering a rug pull. 

What Are Rug Pulls in Crypto?

“Pulling the rug out” is the phrase from which degens derived the name Rug pull. A rug pull takes place when a team of developers build a token and pairs it to standard cryptocurrencies such as Ethereum or Tether. Once they list the token on a decentralized exchange, the developers pull out all the funds once investors have already bought the tokens. A rug pull could take several forms including an exit scam, crypto maneuvers, pump and dump schemes and many more. But the end goal for all these initiatives is to steal funds from investors. 

Rug pulls have grown in popularity across decentralized finance. The lack of centralized control has made DeFi more susceptible to cryptocurrency scams. Furthermore, there are no intermediaries and user anonymity makes it even harder to track down criminals and retrieve stolen funds. 

Despite growing in popularity recently, rug pulls were prevalent throughout the history of investment. Think of crypto as the very recent phenomenon of implementing a rug pull. Most affected industries include DeFi, NFTs and programs using smart contracts. 

Decentralized Finance projects implement smart contracts to minimize transaction costs and human intervention. Therefore instead of abiding by legal systems, user consensus is achieved through prewritten codes. This leaves an open loophole for bad actors to manipulate and perhaps even steal funds. Nevertheless, it is impossible to perform such hacks with good security practices and appropriate business models. 

In the next section, we will look at how a rug pull works.

How Do Rug Pulls Work?

For you to understand a rug pull, it’s important to first learn the basics of DeFi and liquidity pools. 

A liquidity pool is a practical market built by crowdsourcing and locking cryptocurrencies and tokens in a smart contract so as to facilitate instant transactions between buyers and sellers on a decentralized exchange. Note that a DEX lacks a centralized entity to process transactions, and hence would rely on the automated liquidity pool to sustain the flow of orders. Also, note that listing a digital asset on a decentralized exchange is simple since there is no intermediary to audit the listing or regulate the new token. 

Investors usually come in swarms to provide their tokens to the liquidity pool. The liquidity pool then locks the token pairs so as to facilitate arbitrary transactions for various crypto assets. Common digital assets you will find in most pools include ETH, BNB and USDT. This is because they come with high utility, have adequate liquidity and are well established. The pool now rewards the liquidity providers with a percentage of the transaction fees it charged from transacting parties. The higher the locked amount of a given liquidity provider or investor, the more rewards they are likely to get. 

Liquidity pools usually attract flocks of investors due to the promise of high percentage yields. So a rug pull would work by creating what seems like a legitimate liquidity provider in DeFi. The creators would then pull out all the funds to undetectable addresses once investors have pooled together enough funds. It is ultimately difficult to detect the source of the stolen crypto since the popular coins are traded almost across any marketplace. The rug pull leaves the liquidity pool empty and the liquidity providers distraught. 

How to Identify a Rug Pull

A golden tip for identifying rug pulls includes being in a position to point out red flags. The best way is to first step back and conduct due diligence without the fear of missing out. In most cases, rug pull liquidity pools are the type of investment that’s too good to be true. 

However, common signs of an imminent rug pull include the following: 

Unlocked Liquidity – Locked liquidity takes place when owners of the defi project relinquish the control of their Liquidity Pools and entrust it to a reputable intermediary. This helps the project owners to build trust and boost transparency. The longer the intermediary locks the liquidity pool, the fewer the chances of performing a rug pull. Therefore, an unlocked liquidity pool is a huge red flag for investors. This is because nothing would hinder the project’s team from draining investor funds and pulling the rug. 

To learn more about a liquidity pool, find the token contract of your intended project through a blockchain explorer such as bscscan.com or etherscan.io. We will talk more about using blockchain explorers in another article. However, suppose the liquidity pool you intend to invest in uses BNB, find the relevant explorer of that token.  You can also find the token contract on the liquidity pool’s social media page. The next step is pasting the contract on the token explorer and navigating to any page that contains a user’s first interaction with an established DEX such as Uniswap. Afterwards, click the transaction hash and scroll to find the liquidity pool of any tokens transferred to the developer’s wallet. The last step is to find the LP holdings. If the dev wallet has 0 holdings, navigate to the transfer page to get confirmation if the wallet sent any liquidity provider tokens for burn addresses. If the wallet has not, then it is an open liquidity protocol. Burn addresses are addresses to which no one has access. Hence, if the liquidity remains unlocked in such an address for a long time, it is possible to pull the funds anytime. 

Irregular Token Allocation – Check the project tokenomics on its official website and compare it with the token allocation on the blockchain explorer. This will give you a glimpse of how the tokens got distributed, and who owns the highest amount of coins. Check whether a few wallets hold the most significant coins. If yes, this is a red flag and it is easy to dump those tokens. A good token is usually adequately distributed.  

Lack of Audits – Quality DeFi projects usually allow audit companies to conduct independent security audits as well as transparent financial reports. However, do not dismiss a quality defi project on the basis of audits because not all crypto projects undertake external audits. Meanwhile, you should take extra caution for unaudited projects and conduct proper research. 

How to avoid a rug pull?

• Conduct Due Diligence – perform due diligence by first researching the team behind a project. Ascertain the credibility of the team as well as whether an external team has audited the project. Next find the audit report, which could be in the projects blog section and go through it. 
• Avoid investing out of FOMO – Rim down to size your fear of missing out. Bad actors usually promise hefty gains. Always take into account the phrase “ too good to be true” Malicious developers usually hype a project through FOMO and then pull the rug eventually.  There are several online tools for helping DeFi users detect scams, e.g Rug Doctor, Token Sniffer and blockchain explorers.
• Suspicious Spikes in Token Value  – Rug pulls might sometimes begin from a pump-and-dump scheme. Flag down any project where the token rises sharply within a few days. Or at least try determining the reasoning behind the sudden dramatic sharp increase.

Top 3 Biggest Rug Pull Crypto Projects in History

Since we have already looked at the working of a rug pull and how to avoid one, let’s learn a few more things about the most famous rug pulls in the history of crypto:

Animoon – Animoon lied they had ties with the official Pokemon partner TopDeck. The NFT project had a collection of 9,999 nonfungible tokens and was selling each at 0.2 ETH. Animoon had several offerings including real-world immersive travelling, play-to-earn games, comics and a secret Netflix project. However, the founding team began distancing themselves from the project a while later after launching. This eventually ended with a $6.3 million rug pull. 

Squid Game – SQUID Game ($SQUID) surfaced online at the height of the popularity of the Netflix hit series Squid Game. The meme token drew its popularity from Netflix despite having no direct association with the film. On launching, the price of the $SQUID token rose by 23 million percent and hit $2,861. The developers however pulled the rug and made away with $3.3 million. 

OneCoin – Onecoin’s saga stands out as the biggest cryptocurrency scam. The Ponzi Scheme saw criminals escape with nearly $25 billion of investor funds. While law enforcement managed to arrest a few of the organizers, most of them disappeared and only a percentage of the funds was recovered. The project was built as a crypto education platform for selling learning resources. Meanwhile, the Onecoin token was never traded publicly and could only be traded on the OneCoin exchange. 

Luna Yield – Often referred to as the biggest rug pull on the Solana blockchain. The social media profiles for Luna Yield and the official website disappeared. Project founders made away with nearly $10 million.

Closing Remarks

There are two main types of rug pulls, hard pulls and soft pulls. A hard pull takes place when a malicious actor codes and steals liquidity. A soft pull takes place when developers dump their cryptocurrency holding quickly. Hence leaving investors with a few devalued blockchain tokens. 

Soft pulls are usually not treated as criminal activities but are however unethical to perform. However, the intent for committing liquidity fraud is clear from the word go in the case of a hard pull.  A quick way to identify a looming soft or hard pull is to test limits on sell orders. Most malicious actors will create a token and then restrict the ability of particular investors to sell that token. One way to point this out is by purchasing a small amount of the token and then attempting to sell it once more. If you encounter problems selling the amount you just bought, the project could be a huge scam.