With any money-making venture, there are going to be people who try to game the system in order to scam people out of their investments. The world of cryptocurrency is no exception to this rule. The crypto world is one rife with opportunity, and it attracts investors and criminals alike.
The DeFi project space is one particularly vulnerable to fraud. DeFi code is open to everyone, unlike other code, leaving it vulnerable to unscrupulous code experts. That being said, the DeFi space is also one where investors can make good money, so there are many who are willing to take a bit of risk for the chance of considerable rewards.
One of the main scams with DeFi is a “rug pull scam”. In a rug pull, crypto developers manipulate the open code to create a worthless token. They list this token in a DeFi exchange and it is put into a trading liquidity pool, just like legitimate tokens. Scammers will take to social media to promote the token, just as legitimate developers do. The fraudulent developers are hoping to draw investors to the liquidity pool, where the worthless token is being traded against legitimate tokens. Their social media promotions promise high returns. The more people they can lure to the liquidity pool, the more the price of the worthless token increases.
At a certain point, once the scammers are satisfied with the price of their fake token, they “pull the rug”. The pool is drained of all of the cryptocurrency and the scammers disappear, leaving the investors with nothing more than worthless tokens.
“Depending on the type of rug pull, there are often no remedies,” says Scott Ewing of Pyrrho, LLC, “This is true with anonymous developers, of course. But it is also true with developers who can plausibly deny involvement in the hack of a smart contract, who live in a jurisdiction where judicial remedies are not feasible, or who can blame each other for the theft of liquidity or project funds.”
So how can investors spot DeFi rug pull scams before the rug is pulled out from under them?
Here’s five things to look for before diving into a DeFi liquidity pool:
1. What is the Development Team’s Background?
Any new token brought to the market has a development team. This is a situation where Google is a crypt investor’s friend. Research the development team’s background and their social media profiles. Is the team anonymous? That’s a significant red flag.
Investors will want to do their due diligence in researching how trustworthy the development team is. Check for genuine communication between the team and investors inquiring about their tokens. Engagement with the development team should result in an authentic back and forth, especially if you have questions about their product. Questions should not result in a ban or blocking.
“The greater the initial hype, the greater the profits,” explains Ewing, “It may therefore be prudent to be cautious about projects that cultivate an excessive amount of enthusiasm prior to an actual product being launched, particularly if the development team is anonymous.”
2. What is the Ability to Withdraw?
Fraudsters will hide code that will prevent people from withdrawing from the DeFi liquidity pool. It makes sense to not invest a large amount into a project until you know if and when you can withdraw your money. A good idea is to start with a small amount, say one dollar. Put it in and then withdraw it to test the ability to take the money out.
3. Look into Auditing
Legitimate projects should be audited by a third party. Because third party audits are expensive, scam developers will not have audits performed on their projects. It’s also important to read the audits that you find. Just because a product has had an audit performed does not mean they are legitimate or a good investment. The audit could have uncovered negatives about the newly developed token that make it a bad investment risk.
There are independent auditing sites, such as TokenSniffer, that can help potential DeFi investors determine whether a token is legitimate. Investors can also ask questions on cryptocurrency communities and get the investment community’s opinion on tokens that appear on the market.
4. Is the Liquidity Locked?
Investors should check to see if there is a timelock installed on the liquidity pool that prevents developers from removing liquidity from the pool. This timelock will make it difficult for scammers to “pull the rug” and make away with funds.
5. Research the Token’s Distribution
A major red flag on a newly developed token is when a large amount of the tokens are in the hands of a few people. Legitimate cryptocurrency developers should want to distribute newly developed tokens fairly, efficiently, and to the right people in their target market. Using a blockchain explorer, investors can check the token’s distribution if they are concerned about the validity of the project.
The DeFi space has been described by some as “unruly”, in that there are little barriers for fraudsters. However, as many cryptocurrency investors could tell you, sometimes the projects with the biggest risks hold the biggest rewards. One must weigh their appetite for risk when confronted with new tokens on the market.
DeFi rug pull scams pulled in over $2 billion dollars in 2021. These numbers may discourage investors from entering the DeFi space. However, if investors are diligent about researching possible investment opportunities, the DeFi project space can be a great way to make money in cryptocurrency.