DeFi projects have solved many problems in the crypto market and opened up many opportunities for investors. However, these opportunities also come with inherent risks that are difficult to control, and rug pulls are one of them.
So what is rug pull? Let’s dive into this article.
What is Rug pull?
A rug pull is a fraudulent act in the crypto industry, where a development team suddenly abandons a project and sells or withdraws all of its liquidity. The name comes from the phrase "pull the rug out from under (someone)," meaning to burn bridges after crossing them.
Rug pulls are common in DeFi because tokens can be easily created and then listed on DEXs without KYC or AML requirements.
How does a Rug Pull work in Crypto?
The basic process for a rug pull project is as follows:
First, the scam team creates a project and issues a type of asset like token or NFT through a smart contract.
Next, the project adds the token to a common liquidity pool with other tokens (USDT, BTC, ETH, BNB, etc.) to create initial value for this scam token.
Then, the project tries to attract investors through various means, such as hiring major media outlets, with the goal of inflating the price of the scam token hundreds of times. This sharp price increase triggers greed, causing investors to FOMO and buy the scam token.
Finally, once enough participants have been attracted, like a Ponzi scheme, the project will have two options to carry out the scam:
- First, a fast rug pull, causing the price to plummet to zero in a short period of time.
- Secondly, a slow rug pull causes the price to gradually decrease over several days (this method makes the project harder to accuse compared to a fast rug pull).
The reason for creating tokens in the form of smart contracts is that it makes it easier for scammers to install malware and execute sudden withdrawal orders.
Types of Crypto Rug Pull
Rug pulls can be divided into two types: hard or soft.
- Hard Rug Pulls occur when a developer intends to defraud investors from the outset by embedding code that allows for the theft of investor funds.
- Soft Rug Pulls occur when developers tend to inflate the project's value through marketing, then shut down the project and abscond with investor money.
Common forms of Rug Pulls in the crypto market include: Liquidity Stealing, Limiting Sell Orders, and Dumping.
Dumping
A dumping refers to a fraudulent project deliberately artificially inflating the price of its tokens to entice investors. Immediately afterward, the project sells off a large portion of its holdings to reap profits, leaving those who bought at the high price at the peak.
This behavior occurs when the project hires KOLs (Key Opinion Leaders) and media outlets to heavily promote the project and the token's growth potential.
The purpose of this tactic is to stimulate greed and exploit user trust. As more people experience FOMO and buy the project's tokens, the price is artificially inflated to a certain level. Then, the team carries out a sell-off, dumping a large quantity of tokens in a short period, causing a significant price drop.
Read more: How to avoid FOMO in crypto
Liquidity Stealing
Liquidity theft is the most common form of rug pull in DeFi. The process for scammers or projects to steal liquidity is as follows:
- Initially, the project creates value for its token by pairing it with other assets (ETH, BNB) to provide liquidity.
- Next, they push the price to a certain level, causing investors to FOMO and buy the project's tokens.
- Finally, they withdraw all the liquidity to reap profits, causing the project's token price to drop significantly and harming users who hold tokens that have lost much value.
Example, WhaleFarm was a highly anticipated project at its launch in the yield farming sector, offering users very high APY (Amount per User) rates of up to thousands of percent.
However, in June 2021, the anonymous development team abruptly liquidated the project, causing the token to plummet 99% in just minutes. This rug pull resulted in losses of up to $2.3 million for investors.
Limiting sell orders
Limiting sell orders are a form of Hard Rug Pull. With this method, the project developer codes the project's token so that they are the only ones who can sell it. Investors who buy these tokens will suffer losses, having spent a large sum of money on worthless assets.
A prime example is the Squid Game project, inspired by the hit Netflix series of the same name.
According to CoinMarketCap, the price of the project's token (SQUID) was inflated, increasing by 23 million percent in just one week. SQUID peaked at $2,632 and its value dropped to near $0 within minutes. This caused widespread panic and losses among investors.
According to victims reported by The Ascent, most investors could only buy, not sell, this scam token. Following the incident, the scammer profited $3.4 million.
Identifying signs of rug pull
Previously, rug pull scams were easy to identify. However, now these scams use more sophisticated and harder-to-detect methods. Some signs of a rug pull project include:
- A rudimentary website and information channels.
- Lack of security audits.
- Sudden price surge of tokens but low wallet holdings.
- Asymmetrical token allocation.
- Large unlocked liquidity.
A rudimentary website and information channels
Rug pull scams target newcomers to the market who are easily lured by social media.
Typically, projects intending to pull don't invest much time and effort into social media platforms like X (Twitter) or websites. Therefore, their social media platforms are often rudimentary and contain many unnecessary bugs.
Lack of security audits
New projects often have unfinished products with many bugs that can affect users. Security audits help minimize risks during the user experience. However, some projects without a long-term development plan will not conduct security audits or will do so very superficially.
Because the cost of security audits by reputable auditing firms (e.g., CertiK) is relatively high for startup projects, this could be a suspicious sign.
Sudden price surge of tokens but low wallet holdings
If a newly emerging or token experiencunverifiedes a sudden price surge, and 50-80% of the tokens are held by 10-50 wallets, there's a high probability the project is manipulating the price. Consequently, the risk of a rug pull for users is also higher, as there's no guarantee the project won't dump tokens.
In the case of the Squid Game project, the top 3 wallet addresses held up to 99% of the SQUID tokens on Ethereum, indicating a high concentration of supply and putting users at high risk of a rug pull.
Asymmetrical Token Allocation
Tokenomics provides a relative indication of a project's direction.
- If a large amount of tokens are allocated to developers, it indicates a highly concentrated project and poses a risk to investors.
- If most tokens are distributed to the project team from the beginning, they have the ability to influence the price or trigger a rug pull at any time.
Both of the above points indicate a short-term development orientation for the project. Allocating tokens to business development activities such as marketing, incentives, or airdrops over many years demonstrates a longer-term development orientation.
Large unlocked liquidity
One of the simplest ways to detect signs of a rug pull is to check if the token supply is locked. Because if liquidity is not locked and all tokens are issued at once, the project owner can withdraw all liquidity if they hold a large portion of the supply.
Typically, liquidity is secured through smart contracts with pre-programmed lock-up periods. Ideally, projects would lock the token supply and gradually release it over 3 to 5 years from the date of issuance. This demonstrates their long-term development strategy.
However, users should note that developers can adjust the token lock-up period themselves. Therefore, an additional factor in identifying signs of fraud is checking whether reputable audit firms have reviewed the project's security and assessed its risk level.
Conclusion
Rug pulls remain one of the most damaging risks in the DeFi market, often disguised behind hype, high APYs, and aggressive marketing.
While blockchain technology enables innovation and permissionless access, it also allows malicious actors to exploit inexperienced investors through liquidity theft, token manipulation, and restrictive smart contract code.
FAQs
Are rug pulls illegal?
Not all rug pulls are illegal, but all related forms are certainly ethically wrong. Hard rug pulls are considered illegal because the installation of malware clearly demonstrates fraudulent intent and is highly likely to result in arrest. Soft rug pulls, however, are more difficult to identify or prosecute.
Do rug pulls mainly operate in the DeFi market?
Because liquidity on DEXs is lower and the listing process for tokens is simpler than on CEXs, rug pulls are more common in the DeFi market. Therefore, there is no guarantee that the tokens users invest in will not be liquidated.
What is the difference between a hard rug pull and a soft rug pull?
A hard rug pull involves malicious code that directly steals funds or blocks selling.A soft rug pull happens when developers hype the project, inflate the price, then gradually sell their tokens and abandon it.
What are the most common types of rug pulls?
The most common forms include liquidity stealing, token dumping, and limiting sell orders through malicious smart contract functions.