How To Spot a Rug Pull? What is Rug Pull in Crypto & How To Prevent It?

It is the worst nightmare of every crypto investor. It’s a betrayal of trust of wanton proportions. Some have lost their life savings to it, while others have plunged into depression and suicidal thoughts. If you guessed it to be ‘Rug pulling’, you guessed right.

Rest assured, you don’t have to be scared of it. After all, knowledge, they say, is power. This article will enlighten you on how you can quickly spot and avoid rug projects so that you don’t fall victim. Are you ready to learn? Let’s start

WHAT IS A RUG PULL?


Looking at the very essence of the phrase ‘Rug Pull’, you might have an idea of what it involves. Imagine you’re standing on a rug or carpet, and it was suddenly pulled from under you. What would likely happen?

You might fall and could even injure yourself. In the same way, rug pulling in crypto is a theft mechanism in which developers of a crypto project remove all the liquidity from the project, rendering the coin worthless and leaving investors’ hearts shattered to a million pieces.

How do they do it? The scammers create a token and list it on a decentralized exchange. Since the exchange is decentralized, anyone can create tokens and list them without going through KYC. That is why rug pulling usually happens in the Decentralized Finance ecosystem.

After listing the token, they drive interest by utilizing social media hype to promise grandiose things that their project will accomplish. Unsuspecting individuals believe them and start investing. Once the scammers have gotten enough liquidity, they pull out the liquidity from the liquidity pools and completely run down the crypto asset’s price. In that case, investors have been rug pulled.

HOW TO SPOT A POTENTIAL RUG


If you tune out your emotions before investing in a crypto project and you take time out to research, you’ll observe certain signs that show that something is sketchy. Let’s analyze them one by one.

DISCERNING THE PROJECT’S GOALS


Rug projects usually captivate investors’ interest by promising that their coin is the holy grail of crypto and has come to solve the problems facing cryptocurrencies, to become the currency of the future. They claim that with even a small investment, the gain will be massive as their coin will see exponential growth once people see the potential.

However, experienced investors will know that when something sounds too good to be true in the crypto world, it usually is. 

So, when you read a coin’s whitepaper, ask yourself: What is the project’s goal? Is it achievable? Put away your emotions and engage in some logical reasoning at that moment. If the whitepaper contains mainly ambiguous terms, then that’s a red flag. Unless a project makes it very clear what exactly they want to do and how they intend to do that, don’t trust them.

THE TEAM


If you want me to trust you, then you have to give me something to go on. When the developers of a crypto project are anonymous, it brings up serious concerns. However, even though it is a big deal, it doesn’t necessarily mean that the project is a scam.

After all, the pioneer cryptocurrency, Bitcoin, was founded under anonymous conditions. Thus, coin developers may want to remain anonymous to protect their identities and work freely. However, in most of those cases, an unknown team beckons rug pulling.

THE WEBSITE APPEARANCE


If you’re going to create a coin that will be the coin of the future, you should at least take some time and money out to create a website befitting that purpose, right? Well, let’s consider some things to look out for on the website:

Careless developers


You can almost always know when a project is rushed by looking at the website design. If it looks like something that was cooked overnight, it probably is. Most often than not, these projects don’t edit their website functions properly, giving a UI interface that leaves much to be desired

Rushed projects


Imagine a project that was practically non-existent yesterday but has managed to cook up a website with several live farms and thousands of likes and retweets just hours before its launch. How is that possible? I wonder.

Good projects take time to develop, but counterfeit copies take only a few hours. Put that into consideration when checking out when the website’s domain was registered.

When was it registered? 


If you want to find out when a website domain was registered, go to whois.domaintols.com and enter the complete URL or domain name of the website in the search box and then click search. Relevant information about the domain will be displayed, including the date of creation.

Overall developers


When scanning through a website, check for the overall UX/UI interface. You don’t have to be a tech guru before you know whether a website has a good layout or not.

Also, check for working links on the website. For example, if a website has links to a medium or Twitter page, but the link isn’t going through, that may be a bad sign. Lastly, how unique is the website? Or is it just a fork of a popular website? Those are things to keep in mind.

SOCIAL MEDIA MANAGEMENT AND APPEARANCE


To foster ‘trust’, scammers usually create social media accounts on Twitter, Telegram, Medium, Discord, Reddit, Youtube, among others. This usually turns out to be their undoing, as you can easily sniff out their inadequacies from the way they manage the accounts. Here are the things to look out for:

Horrible Tweets


This is usually the first sign of danger. When a coin’s Twitter page spurts out poorly constructed sentences in vague terms, it’s usually a sign that they don’t know what they are doing

Bad atmosphere in Telegram groups


Take a look at their telegram group. You don’t even have to join the group to know if they have tricks up their sleeves. Are people’s causes for concern fully addressed, or do they ban or mute people criticizing them? What about the general atmosphere of the group?

What are people talking about in the group? Is the group made up of ‘moonboys’ or bots who merely spam the group with euphoric expressions like ‘when moon’, ‘when 1000x’, among others? If it looks shady, it probably is.

Fake Social Proof


Social media proof is a form of recommendation in which people come on social media to praise a coin and say why they believe in it. Done properly, it’s an indication of solid background as it shows that the user base is real and growing.

Most rug pulling projects attempt to do this by accumulating fake followers or retweets and likes. How can you spot fake social proof?

  • How to spot fake Twitter followers: Because the menace of fake followers is a growing problem, many tools can help you know if a particular Twitter account uses counterfeit followers. One of them is followeraudit.com. They do this by analyzing the profile picture, bio, engagement metrics, activity status, etc., to determine what percentage of a Twitter account’s followers are fake.Take note that this article is not an endorsement of followeraudit.com. We simply brought it up as an example.
  • How to spot fake Telegram members: As in the case above, you can use statistics tools to determine if a Telegram account has counterfeit members. A prominent one is tgstats.com which shows full statistics of Telegram accounts. If, for example, you use this tool and find out that the Telegram account of the coin went from 0 to 100k members in just three days or so, you know that’s not the real deal

Intrusive marketing


When the developers of a coin go out of their way, even invading the customer’s space or time, to promote the coin, you know there is a problem. After all, if you know what you’re developing has real value, you would spend less time begging people to invest and more time actually developing the project.

Read also:

THE SMART CONTRACT ITSELF


Since cryptocurrencies are digital assets, they can only be as smart as their smart contracts. Thus, if you carefully analyze the smart contract of whatever coin you want to invest in, you may find some loopholes that signal danger. Let’s see what you have to look out for:

Is the project simply a fork of another project? 


This may not necessarily be a red flag as some successful projects came up as forks of other successful projects. An example is Quickswap which was essentially a fork of Uniswap when it launched. That being said, it still isn’t a good sign when a project arises as just a fork of another. Keep an eye on such a project; it may be a rug.

Is the code open-source and accessible to anyone? 


One of the most popular types of code is an open-source code, in which the creators grant users unlimited access to the code so that they can use, study, change, and distribute it to others. Now, you may not be a developer, nor may you be skilled in programming languages; that’s fine. But, it brings a sort of confidence to investors if the coin’s contract code is accessible to anyone. That would show that they do not have anything to hide.

Has the code been audited? 


Now, this is a big one. Audits performed by external corporations show how sound a project is and are viewed as a requirement for trust in the cryptocurrency world. There are many crypto auditing companies out there, with the most credible ones being CerTik, Openzeppelin.

Hacken, among others. If the coin you are considering is audited by one of the top auditors, that’s a good sign. Keep in mind, though, that even if an audit shows that the smart contract is sound, it is still not a 100% vote of confidence.

Is the contract verified on the scan page?


A verified contract will show a green checkmark on its mainnet scan’s page(e.g., bscscan, etherscan, polygonscan, etc.). Being verified means that the human-readable version of the contract you’re seeing is the real deal. It doesn’t mean it’s safe; it simply means it is the actual code you’re seeing.

  • What should I run from? Run from a MasterChef contract that:
    • Has an unverified human-readable version.
    • Doesn’t even have the human-readable version at all.

What about accessible mint function?


In cryptocurrency, minting is the process of creating new blocks and adding them to the blockchain. In simple terms, a mint function allows the contract owner to create tokens arbitrarily. A contract owner can use this function to scam investors by giving himself a bunch of tokens and selling them all

This doesn’t mean that a project with accessible mint function is destined for rug pulling. Sometimes, mint functions are needed, such as in the case of yield farms like pancakeswap, bakeryswap, etc. However, always make sure that a token with accessible mint function needs it. For example, if a token is supposed to have a maximum supply but also comes with accessible mint function, that’s something to be concerned about.

What about Timelock?


A timelock is a smart contract mechanism that locks the functionality of an application for a specified period. To explain in simple terms, the timelock enables a delay between when a transaction is started and when it is executed.

For example, if the timelock for a cryptocurrency code is three days, that means that even if the owners of the contract decide to execute a  rug pull, they will have to wait for three days before the transaction is approved. During that period, vigilant investors can see what the developers are up to, and quickly withdraw their funds.

The fact that there is a timelock on the MasterChef function does not mean it is totally safe. It only means that investors can see what the developers are up to before they execute it. The drawback is that you would have to check the code constantly to see if the developers are up to no good.

To make it easier to follow the timelock’s status, you can set an alert on the timelock contract by adding it to your watchlist. That way, you would be notified via email any time there is a transaction on the timelock

Instead of a timelock, a developer can set the ownership address of a coin to a dead address(0x000…dead). This action is irreversible and makes the contract completely untouchable, even for the developers

FAMOUS RUG PULL EXAMPLES TO DATE


MEERKAT FINANCE


On March 3, 2021, Meerkat Finance was launched on the Binance smart chain with promises of high returns for early investors. The next day, it announced on its telegram group that its smart contract vault was compromised and drained of about $31 million worth of funds transferred to multiple new addresses.

Closer analysis showed that the supposed hacker altered Meerkat’s smart contract using the original deployer account. This could only have been done by the owners of the contract. To make things even more suspicious, the Meerkat website was taken down, and their Twitter account was deleted. 

Even though Binance, a major crypto exchange, launched an investigation with the help of some auditing firms, none of the funds were returned. It was a classic rug pull.

THODEX 


This went down as probably the biggest rug pull in the crypto environment, with a total of more than two billion dollars worth of crypto assets stolen from investors. It all started on April 22, 2021, when the Turkish cryptocurrency exchange Thodex suddenly stopped trading and locked up the funds of more than 390,000 active traders.

Later, investors found out that its CEO, Faruk Fatih Ozer, had fled the country and deleted his social media accounts. As if that were not terrifying enough, the company also cut off all customer support and cited an unspecified investment as the reason for the suspension of trading

Apart from the massive loss of funds, this rug pull was additionally concerning because it came at a time when the Turkish government was considering whether or not to approve crypto payments. Even more curious was that this rug pull happened in the centralized exchange environment, which was thought of as immune to rug pulling because of the regulations and watchful eyes. 

COMPOUNDER FINANCE


This rug pull is a vivid example of why investors still need to be wary even if a project is audited. Compounder finance was a project launched on November 8, 2020, claiming to be an automated farming system with compound interest on digital assets and native CP3R tokens as rewards. 

The team went ahead to implement 24-hour timelocks on all its smart contracts to convey a sense of trustworthiness. Investors didn’t know that they had included a hidden backdoor into the code allowing them to circumvent the timelock and withdraw funds as they wished.

In addition, the team had performed an audit through Solidity finance which revealed the suspicious timelock setup and external threat potential. Instead of working on it, they allegedly added malicious strategy contracts to allow them to withdraw funds. All in all, they carted away $11,000,000 worth of investors’ funds.

DEFI100 


This perhaps went down as the most daring crypto rug pull in history. Defi100 was a project by Wrapp3d, a company that claims to create synthetic assets that introduce real-world tradable assets like Gold, silver, etc., to the token economy. Built on the Binance smart chain, it claimed to be the token that’s synonymous with the total DeFi market cap.

On May 23, 2021, investors woke up to see a daring message on the DEFI100 website. It read: We scammed you guys, and you can’t do s**t about it. HA HA…All you moon bois have been scammed, and you can’t do s**t about it. F**K YOU MOONBOIS. The message was later put down, and the Twitter account would later come out to say it was hacked and that the hackers were the ones who posted the message.

This evasive explanation didn’t hold water with the various investors as they tracked down the developer’s internet footprint and handed him over to the authorities. This may prove to be medicine after death, though, as the team had already gone off with $32,000,000 worth of investor funds.

RECAP


So, what have we learned so far? If you didn’t before, you now know what a rug pull means in the crypto sector. You’ve also seen various things to consider when determining if a crypto project can rug pull. We have seen some nasty examples of rug pulls and how much they stole from investors

As a final note, remember that you are the one with the sole responsibility for your decisions regarding which crypto project you would invest in, either for the short or long term. As seen in the examples, even seemingly stable projects with audits, timelocks, and known developers can rug pull.

It is up to you to determine how much you are willing to risk if it all goes down. With this knowledge you now have, though, it would be easier for you to outsmart the scammers.

FREQUENTLY ASKED QUESTIONS


intelligent crypto
How are  regular people making returns of as much as 70% in a year with no risk?  By properly setting up a FREE Pionex grid bot - click the button to learn more.
Crypto arbitrage still works like a charm, if you do it right! Check out Alphador, leading crypto arbitrage bot to learn the best way of doing it.

Sarah Wurfel
Sarah Wurfel

Sarah Wurfel works as a social media editor for CaptainAltcoin and specializes in the production of videos and video reports. She studied media and communication informatics. Sarah has been a big fan of the revolutionary potential of crypto currencies for years and accordingly also concentrated on the areas of IT security and cryptography in her studies.

1 Comment
  1. Loved the article.

Leave a reply

CaptainAltcoin
Logo