What Are Rug Pulls in Crypto and How to Avoid Them

Top Rug Pulls


Key Takeaways:

  • Rug pulls happen when developers create a token paired with standard cryptos like USDT, list the token on a DEX, and pull all the funds out after investors’ buy-in.

  • The common signs of identifying rug pulls include unlocked liquidity, irregular token allocation, and lack of audits.

  • You can protect yourself against rug pulls by doing your due diligence and being maintaining a healthy level of scepticism for projects that sound too good to be true, especially when coupled with spikes in token value.


Since its invention, the cryptocurrency space has experienced tremendous growth. Indeed, investing in crypto has proven to generate more returns than most investments in the long run. However, as an investor, you must keep an eye on the multiple frauds and scams common in the space. A new type of scam known as a rug pull has taken root in the hype-filled crypto industry.  

Over $10 billion were lost in crypto and theft in 2021, an 81% increase from 2020, and rug pulls accounted for nearly 35% of the cryptocurrency scam revenue. That is according to recent findings from Elliptic. From the findings, though there are several crypto scams, rug pulls are becoming the most notorious. So, what are rug pulls, and how do they work? 

This article explains what rug pulls are, how they work, and how to avoid them. Besides, it unearths the tell-tale indicators of rug pulls to help you avoid falling prey. 

What Are Rug Pulls in Crypto? 

Rug pulls derive their name from the expression “pulling the rug out.” They occur when developers create a token paired with standard cryptos like ETH or USDT, list the token on a decentralized exchange (DEX), and pull all the funds out after investors’ buy-in. Rug pulls assume several personas, including exit scams, pump and dump, cryptocurrency maneuvers, and many more. While these personas differ, they are all designed to steal from investors.   

Rug pulls are common with decentralized finance (DeFi) since anyone can create their application. Essentially, the freedom of free use makes DeFi more prone to these crypto scams. Besides, DeFi transactions are anonymous and lack intermediaries, making it even more challenging to retrieve lost funds. While crypto rug pulls have become more prevalent recently, they form part of an extensive history of investment schemes. 

“This isn’t a crypto-only phenomenon. This is a people phenomenon. Crypto is just the latest way to do it,” says Adam Blumberg, a Houston-based financial planner specializing in cryptocurrencies. But digital currencies have become a hot target of rug pulls because of weak fundraising guidelines and emphasis on decentralizing finance. Non-Fungible Tokens (NFTs), which offer digital ownership rights of art and other creative works, have also been heavily involved in rug pulls.  

DeFi projects often leverage smart contracts, agreements run by computer codes instead of legal systems. While this setup minimizes transaction costs and human errors, it leaves some recourse for bad actors to pull the trigger. However, this doesn’t imply rug pulls, and other crypto scams cannot be mitigated with a restrained investment strategy and due diligence. Let’s see how rug pulls work before diving into how to identify a rug pull.

How Do Rug Pulls Work?

As mentioned, crypto rug pulls are carried out in DEXs, where project founders pull funds from a liquidity pool. To better understand this, let’s briefly check how liquidity pools work. Simply put, a liquidity pool is a practical market maker for DEXs that offers buy and sell orders for specific tokens. Since there is no centralized entity for processing trades, DEXs need a way to sustain their order flows. Again, listing assets on a DEX is easy as there is no intermediary to regulate and audit listing requests. 

Basically, a liquidity pool is a collection of investor funds locked in token pairs to facilitate trades between various digital assets. Token pairs typically include popular crypto, like USDT, BNB, and ETH, since they are well-established crypto assets with high utility and liquidity. To entice investors to lock their assets and act as liquidity providers (LPs), DEXs charge trading fees on transactions. LPs are awarded a certain percentage of the trading fees in return for providing liquidity. The more the amount locked, the more rewards an LP generates. 

Liquidity pool creators attract more investors by promising higher percentage yields. After they have amassed adequate funds in the pools, they pull out or withdraw them to other addresses. The funds are then changed hands in other exchanges and made undetectable to the victims. Since USDT, ETH, and BNB are actively traded in almost all marketplaces, it is easy to transfer to other wallets and “distance” from the source. This withdraws all the pooled assets, leaving the pool empty and LPs with nothing but distress. 

How to Identify a Rug Pull

The best way to prevent rug pulls is to be aware of the warning signs. Though the “it is too good to be true” test applies to all investments, there are multiple specific indicators you should watch out for to detect potential rug pulls and avoid falling prey. Importantly, it would be best if you took time to step back during a time of excitement to establish the reality without FOMOing (fear of missing out)

Some of the common signs of identifying rug pulls include:

Unlocked Liquidity 

To create trust and boost the public view of their validity, owners of notable crypto projects often relinquish control of liquidity pools by locking them in a reputable blockchain or with a trusted intermediary. The process is referred to as locked liquidity, and it stops project owners from withdrawing any of the assets in the pool, making it impossible to pull out. The longer the liquidity pool remains locked, the fewer the chances of a rug pull. 

On the contrary, if the liquidity remains open, nothing hinders the owners from draining it and making the project useless. Ascertaining whether a liquidity pool is locked is an easy process:

First, find the token contract through a blockchain explorer or social media accounts of that token. Suppose the token you are interested in is a BSC token; visit bscscan.com to find out its contract. You can learn how to use BscScan here. If it’s an ERC20 token (Ethereum token), visit etherscan.io and refer to our guide on how to use it. 

After finding the contract, visit the respective blockchain scanner and paste the contract into the search bar. Under the transfer section, proceed to page 1 or any page that contains the liquidity addition (mainly, the first interaction with DEXs like Pancakeswap and Uniswap are router contracts).  

Thirdly, click on the TX hash, and scroll down until you find the liquidity pool tokens transferred to the dev wallet. 

Finally, click the wallet to find the LP holdings. If the wallet contains 0 holdings, then visit the transfer section to confirm if the wallet has sent LP tokens to burn addresses. If not, then the wallet owner has open liquidity. A burn address is one to which no one has access. Therefore, if liquidity is not burned or locked for a lengthy period, it can be pulled out from the pool anytime. 

Irregular Token Allocation

Checking the token allocation on blockchain explorers will help you know who holds the most significant amount of coins and how coins are allocated. If a few wallets hold big amounts of the coin supply, dumping the tokens quickly is easy, amplifying the risks of price manipulations and rug pulls. Thus, the more distributed a token is, the safer it’s to invest.  

Lack of Audits 

Reputable crypto projects often allow independent security audits or financial transparency reports to advance their authenticity. For example, Cardano went through several audits and an independent source code audit to boost investor confidence. Nevertheless, a crypto project without an external audit report isn’t automatically fraudulent. It simply means you should do more research about the project before investing your hard-earned money in it.   

List of Infamous Rug Pull Crypto Projects 

Now that we’ve looked at what rug pulls are, it’s time to look at a list of some of the most infamous rug pulls.

Animoon

Animoon was positioned as an NFT collection of 9,999 NFTS at 0.2 ETH. It claimed to have links with official Pokémon partners TopDeck, offering recolored versions of Pokémons. They offered play-to-earn games, real-world travel, comics, and even a secret Netflix project. All these were topped off with 15 Legendary card NFTs that promised to generate their holders fixed income monthly for the rest of their lives. The team started to distance themselves from the project shortly after launch, offering only sporadic updates, and it ended in a $6.3 million rug pull. 

Squid Game 

Squid Game (SQUID) was one of the popular cryptocurrencies in October 2021. SQUID was a meme token drawing on the popular Netflix series Squid Game, though it was not directly related to the series. After its launch, SQUID’s price skyrocketed since the token was hyped across social media websites, and most people thought it was the Netflix Squid game. From October 26 to November 1, SQUID’s price gained by almost 23 million percent – from a few cents to $2,861.80. The developers then pulled the rug by selling tokens worth $3.3 million. The moment was captured live by the Twitter user @imBagsy. 

OneCoin

OneCoin was fundamentally a massive Ponzi scheme, which now stands out as the biggest cryptocurrency scam – almost $25 billion in investor funds were lost. Although law enforcers unearthed the OneCoin scam and even arrested its managers in 2017, most of its core members disappeared into thin air.  

The project sold crypto education courses attached to tokens that could supposedly “mine” the OneCoin crypto. Users were rewarded for referring new users to the platform, and so on. Nonetheless, it turned out that OneCoin was never publicly traded and could only ever be sold on the OneCoin Exchange with strict trading limits. 

Luna Yield

After Luna Yield’s website, Twitter, Telegram, and other social media channels went dark in August 2021, investors feared that the developers might have pulled the rug on them. They confirmed their fears after they failed to unstake their funds from the Luna liquidity pools since the developers had drained them. The investors incurred a total loss of almost $10 million, making Luna Yield the biggest rug pull on the Solana blockchain. 

Evolved Ape 

Evolved Apes was a popular NFT project whose initial drops sold out in under 10 minutes. In September 2021, one week after the launch, “Evil Ape,” the project owner, pulled 798 ETH (worth $2.7 million then) of investor funds. In a series of transactions, the owner withdrew funds for project-based expenses, like paying artists, marketing, creating the much-hyped fighting game, and more. The founder also took down the project’s website and social media pages as part of the game. 

Are Crypto Rug Pulls Illegal?

Crypto rug pulls are illegal worldwide, and law enforcers would act if they smoked out the offenders in their jurisdictions. For example, the Greater Manchester Police in the UK detained a 23-year-old male and a 25-year-old female linked with the StableMagnet rug pull in 2021. The enforcers seized $22.25 million in ETH after obtaining intelligence, which led them to hardware wallets containing the assets. 

Regarding the OneCoin rug pull, global police descended hard on some of the leaders. According to South China Morning Post, Chinese regulators prosecuted 98 people linked with the project and seized $267.5 million in crypto. 

4 Tips to Avoid Rug Pulls

Now that you are aware of how rug pulls work and how to identify them, here are four tips to avoid rug pulls:

Do Your Due Diligence 

In the crypto space, it’s normal for participants to stay anonymous. However, most reputable projects have dedicated sites and references where users can check their credibility. However, this is not a total guarantee of project success.  

Besides, most crypto projects rely on the legitimacy of their smart contract codes. You don’t need a tech nerd to understand how a project works. Before investing in any project, check whether an independent entity has audited it. Projects that have passed auditing often publish their reports to boost investor confidence. 

Be Careful of FOMO

Always strive to reduce your fear of missing out. Bad actors often over-hype their projects to make investors FOMO before pulling the rug on them. Luckily, multiple online tools help you quickly detect a scam, such as Token Sniffer, Rug Doctor, and blockchain explorers. 

Suspicious Spikes in Token Value  

Like pumps and dumps, you should be cautious with tokens whose prices rise sharply within a few hours or days. If you see an asset skyrocket in value, try to find out the drive behind it. If you can’t find any new partnership, listing, major partnership, or significant product announcement, it may be an attempt to entice you to FOMO into the project. 

Check the Project’s Online Presence   

GitHub is the code base for most crypto projects, typically showcasing their development activities. It is also essential to watch the project’s social media websites like Telegram, Twitter, Facebook, Instagram, and more. If the project is experiencing a dormant phase of activities and is a fork of another project, thread cautiously.  

Final Thoughts

Like the ICO craze of 2017, the explosion of DeFi and NFTs has made scammers chase the bag. Certain characteristics of the DeFi space, such as the convenience of issuing and listing new coins, have made it easier for bad actors to scam investors than before. As DeFi has opened financial services to a global pool of investors, it has also unlocked a broad group of potential victims to bad actors. 

Rug pulls accounted for almost 35% of the cryptocurrency scam revenue in 2021. Luckily, there are multiple red flags you can watch out for to identify potential rug pulls. Furthermore, you can use the tips discussed in this article to stay safe online and avoid rug pulls. By considering these preventive measures and tips, you can dodge being the next crypto rug pull victim.