Rug pull is a term that everyone dreads in the crypto sphere. It is one of several scams that is used in the crypto industry by bad actors to make a quick buck. Unlike hacks and other frauds, rug pulls are nearly always an inside job, with the developers (as a whole team or one or more of the members deceiving the rest of the team) walking away with investors’ hard-earned money, leaving them with worthless tokens.
According to research, more than $48 billion has been siphoned off through over four hundred rug pulls so far. Because of this, many are wary of investing in any digital assets. The question is, can a rug pull be spotted and avoided?
Rug Pull: What It Is
Before learning how to avoid becoming a victim of rug pulls, one must understand what exactly it is. The term comes from the saying, “pulling the rug out”, which means to abruptly withdraw from a situation, leaving others high and dry. In the DeFi and crypto industry, the shortened version “rug pull” is used to describe a similar situation where a cryptocurrency developer or team suddenly walks away with all the investment.
The method. is usually the same for all rug pulls, where a new token is described by the team behind it as the next golden goose, creating a hype to draw in investors. The team pumps the (fake) qualities of the token across different social media channels, attracting people through hollow yet convincing promises of the token soaring to unprecedented values in the future. The goal is to create FOMO (Fear of Missing Out) to a level where the public is convinced that this is the best way to get in on the crypto profit game.
Unlike the 2017-2018 ICO era, where investment in token launches was more or less centralized, rug pull artists have been leveraging the use of smart contracts on DEXs or decentralized exchanges, to run their scams. They can market the contract as an effective promotional tool, saying that the invested tokens are held in a smart contract, and they have no control over it. The final distribution and/or liquidity is controlled by the contract itself according to the value of assets deposited.
Liquidity Pool Rug Pull: The How
Crypto startups that have a token that is used to raise funds for the project need to generate a market for the token. This token may also be used to pay team members, advisors, influencers, ambassadors, etc. Once all the tokens are presold the startup needs to get the token into a marketplace so they can be bought and sold. The first marketplaces available for this purpose are on decentralized exchanges or DEXs like PancakeSwap or Uniswap.
The “how” is in the way liquidity pools in DEXs work. In order to make it possible to trade or sell a startups token, the developers create a liquidity pool where the new asset is made available against a more common token, for example WETH, USDT, USDC, and BNB.
To kick-start the pool, the developer has to add the liquidity for both tokens, their token and BNB, for example, into the pool. If it is a scam, when the rug puller see that enough crypto investors have bought the fake coin with BNB, the developer will withdraw all the funds, walking away with the valuable BNB. What remains are worthless tokens in the hands of unhappy investors.
Avoiding Liquidity Pool Rug Pulls
With nothing to stop token developers from doing this, it’s easy to become increasingly paranoid since practically any new token on a DEX can potentially be a rug pull. Don’t give up: there are things a savvy crypto investor can do to drastically decrease the chances of being a victim of a rug pull.
Do Your Own Research to find out if the project is real. Look for things like the teams’ identities and reputation, read the whitepaper, and research whether there is backing by large crypto VCs. And don’t just take what is on the website as ‘real’. Find team members on social media and reach out to them to make sure they are publicly talking about the project. Google for information on a project outside of its own website and social channels and see if there are any threads on Reddit. Note there will be token schillers.
The token and project in question should also have an actual purpose or utility, addressing some pain point or gap. A lot of projects sell tokens for the sole purpose of raising funds when the project could run without token-gating it.
This entertaining video, How Dapps Work in 2018 ~ “Dawn of the Dapps”, from the team at HiFi Lending/Mainframe touches on the token dilemma faced by many projects. It raises the valuable question: how do you scale when you only take cryptocurrency as payment? How Dapps Work in 2018 ~ “Dawn of the Dapps” – YouTube
Number of Initial Wallets
Avoid investing in projects where the majority of tokens are held in just a few wallet addresses. The fewer wallets that hold the token, the more chances that they can skew liquidity by pumping and dumping.
To check out the details for each wallet, copy the token smart contract address and paste in the relevant block explorer (for example, BSCScan.com or EtherScan.io for Ethereum). Head to the token tracker section and tap on the “holders” to see all the wallets that hold the token. And make sure to check the “comments” section. There may be a lot of spam here but it the token is a scam you will see multiple posts about it.
Alternatively, there is a great tool available that helps DeFi investors filter through all the information available across different platforms. FLUIDEFI is a project created by a team of DeFi traders that wanted to reduce the hours spent researching, tracking and managing their portfolios. The FLUIDEFI platform shows the number of wallets and active positions in a liquidity pool. It also shows the average position and investment.
FLUIDEFI tells the user exactly how many wallets and positions are adding liquidity to the pool. If a large TVL share of the pool belongs to a couple of wallets, there’s a high risk of a rug pull.
In this example users can view exactly who is invested in a UniswapV3 pool ((WBTC – WETH), & their position size. Since this pool (WBTC – WETH) has many liquidity providers with no one with a significant stake, it is more credible.
Locked Liquidity is Your Friend
Legitimate projects add a few lines of code in their liquidity pool smart contracts that takes away the rights of developers to access and drain the funds. The liquidity pool locking is the first thing an investor should check. Understandably, it is highly unlikely that investors can analyse smart contract coding, but there are platforms like DXsale and Unicrypt that can come in handy here. Simply copy the smart contract address of the liquidity pool and enter on one of these websites and it will let you know if a locking mechanism exists through their platform. Keep an eye out for a short time-lock on the liquidity. Sometimes scammers will “lock up” the tokens for only a couple days, then when the time is up, pull the rug.
Another great website is TokenSniffer. An easy tool to use – simply copy and paste the token contract address into the search bar, and TokenSniffer will provide a brief contract audit, info on exploits and more. The website also contains a list of known scams and hacks, which is a great go-to before buying a token to see if it made the list.
You can also check out the PooCoin.App. Here you can use the Dev Wallet Checker, which is a log of activity related to the token from all wallets that have had ownership of the contract. It will show all instances of the dev creating and removing LP, buying/selling the token, transferring tokens/LP tokens/BNB to other wallets, and transferring ownership of the contract.
Rug pulls are becoming increasingly complex and are getting better at disguising themselves. However, with the above-mentioned strategies, and DeFi tools, anyone can judge the likelihood of a token being a scam or not, allowing them to reevaluate their investment decisions and choose less risky options.