What is a rug pull?
A rug pull is a crypto scam in which fraudsters lie to the public to attract funding and quickly run off with investors' digital tokens.
Developers behind rug pulls often promote their tokens on social media platforms to attract as many retail investors as possible. Once enough people buy into this scam project, developers transfer the depositors’ crypto to their wallets or cash out on a crypto exchange.
It's common to see rug pulls in DeFi (decentralized finance) apps. Because DeFi is inherently decentralized and largely unregulated, it's easier for fraudsters to hide their identities and make off with a significant amount of crypto. However, not all fraudsters have to be anonymous.
Another reason rug pulls are more common in DeFi is the autonomous nature of smart contracts. Skilled developers can write malicious code into smart contracts on deceitful dApps (decentralized applications). In many cases, rug pulls are literally programmed into a project's code.
What are the most common types of rug pulls?
All rug pulls involve malicious actors stealing crypto from unsuspecting investors. However, there are three primary ways scammers pull off a rug pull:
Liquidity pool rug pulls
Liquidity pools are integral to many decentralized exchanges (DEXs) and crypto lending platforms. Anyone can contribute crypto to these smart contract-based pools to boost the total value locked (TVL) on a Web3 protocol.
While crypto liquidity pools have many positive features, they’re a common tool used by crypto scammers. Developers who neglect to include transparent locking mechanisms in their code can transfer the protocol's funds into their wallets and abandon the project.
Limiting sell orders
Nefarious coders can pre-program their cryptocurrency to only sell on their command. Although anyone can buy these tampered tokens on DEXs, they can't sell them. Developers can write commands in their token's code to ensure only they have a say on when to liquidate these digital assets.
After enough retail investors buy into this maliciously coded cryptocurrency, scammers can exercise their sell privileges and cash out. Since this rug pull strategy restricts sell access to token buyers, it's often referred to as a "limiting sell order" scam.
‘Pump and dump’ schemes
Although there are plenty of “pump and dump” schemes in the stock market, these rug pulls have become closely associated with crypto. Unlike the previous two rug pulls, “pump and dump” schemers don't need as much technical know-how to pull off this scam.
“Pump and dump” schemers can create an altcoin, but most will target a small-cap token already in circulation. Once the scammers have large amounts of their chosen crypto, they can start hyping this cryptocurrency all over social media. Since the market cap for these cryptos is so tiny, it doesn't take many buyers to increase the price substantially.
When the scammers are satisfied, they can dump all their tokens onto the market. This intense sell pressure takes a crypto’s price down, leaving retail investors with bags of worthless tokens.
What are the ethics and legality of rug pulls?
In most cases, liquidity pool pulls and limiting sell orders are illegal. With both of these strategies, it's clear that developers created their tokens or dApps to trap retail investors. Both of these scams are often called "hard rug pulls" because the fraud is "hardwired" into a crypto project's code.
In contrast, “pump and dump” schemes are in a legal gray area. Although “pump and dump” rug pulls are unethical, it's more difficult to prove illegal activity on the part of scammers.
If people buy a cryptocurrency on the open market and publicize it online, it's not necessarily illegal. This is especially true if the scammers behind a “pump and dump” scheme bought into a token they had no part in creating. Since there's nothing in the project's code that sets it up for failure, some people categorize “pump and dump” schemes as "soft rug pulls."
How to spot a crypto rug pull
Crypto rug pulls can be sneaky, but there are a few red flags people should look out for when evaluating new tokens:
- Unclear whitepapers: Every serious crypto project should have a clear list of achievable goals and strategies in a well-written whitepaper. If a whitepaper is vague or littered with grammatical errors, there's a good chance it’s a scam project.
- No third-party audit: You can have a higher degree of confidence in a dApp's code if there's a formal review from a legitimate auditing firm.
- Anonymous developers: When a new crypto project's developers are fully doxxed, authorities can hold them accountable, making rug pull identification easy.
- Excessive social media marketing: If it feels like a new project is being excessively spammy online, it may be a warning sign something's up.
- Suspicious price action: If you notice sudden changes in a token's price history or trading volume, it may signal market manipulators are pulling the strings. Always be wary of sudden price surges that aren’t backed by noteworthy news on the crypto project.
Protection against rug pulls
When dealing with overly hyped crypto projects, it's essential to do plenty of research to avoid getting "rugged." Here are a few tips to avoid rug pulls:
- Stick with established dApps: Instead of hunting for upcoming crypto projects, consider sticking with top-tier dApps like Uniswap or Aave. Projects with a robust community, long history, and solid reputation are more likely to offer legit tokens and rewards.
- Be skeptical of high liquidity pool yields: If a liquidity pool offers ridiculously high annual percentage yields (APYs), it's most likely bait for a liquidity rug pull. Remember to stick with established dApps that offer APYs well below the triple-digit range.
- Test a small-cap token on a trusted DEX: If you have any suspicions that you won't be able to sell a token, buy a little of this crypto and try to sell it on a high-quality DEX like Uniswap. If you can't swap this crypto, it's probably a limiting sell scam.
- Research token addresses on top coin aggregator sites: Instead of trusting social media, research new projects on top-tier coin aggregator sites like CoinMarketCap and CoinGecko. You can find high-quality information and official token addresses on these reputable websites.
Crypto rug pull examples
The history of crypto is full of many multi-million-dollar rug pulls. Here are two notable examples:
1. Frosties NFT rug pull
In March 2022, the U.S. Department of Justice arrested Ethan Nguyen and Andre Llacuna for their role in a phony NFT (non-fungible token) project called "Frosties."
Estimates suggest the pair made about $1.1 million after selling these animated NFTs. Shortly after minting the Frosties NFTs, Nguyen and Llacuna closed the official Discord and Twitter pages for Frosties. It was clear to the new NFT community that the lead developers had abandoned the Frosties project.
According to the DOJ, Nguyen and Llacuna also attempted to launch another NFT rug pull called "Embers" a few months later.
2. SQUID token rug pull
The Squid Game rug pull is one of the most devastating limiting sell rug pulls. Following the success of Netflix's “Squid Game,” an anonymous group launched a cryptocurrency called SQUID. Supposedly, this token was to be used in a play-to-earn game based on the Netflix series. When the SQUID token launched in late 2021, it rose to nearly $3,000 per token before falling to zero.
Investigative journalists later discovered that those behind the SQUID made it impossible for buyers to sell their tokens. The team also shut down its website as it began liquidating SQUID tokens. Retail investors lost about $3.5 million in this heist.
Crypto rug pulls still account for billions in losses each year. Although more people know about these crypto scams, it can be difficult to distinguish legitimate Web3 start-ups from rug pulls. People researching new small-cap projects should be extra cautious as they explore speculative altcoins and new dApps.
At Worldcoin, we aim to increase transparency and safety in Web3 without sacrificing user privacy. To do this, we’re perfecting a revolutionary eye-scanning device called the Orb. We’ll verify each crypto address has a unique human owner without putting people’s personal information at risk.
We also intend to put a share of our crypto in the hands of everyone for free. To learn more about us, subscribe to our blog.