Stephanie Douse 
Defi and Cryptocurrencies are two of the most significant technological breakthroughs of the twenty-first century, and they have had a significant influence on the world’s financial sectors.
DeFi (Decentralized Finance) makes use of the blockchain technology that cryptocurrencies make use of in order to get access to financial services without being constrained in the way that centralized financial institutions, such as the banking system, are constrained.
DeFi has had enormous growth, with a total market capitalization of more than $146 billion.
Regardless of how fast Defi has grown and how much it has helped to enhance financial access, it has unfortunately become one of the most popular ways for theft and criminal activity on the internet. This kind of crime, which happens in DeFi on a regular basis, is now known as “rug pull.”
Rug pull is one of the most common crimes in the field of DeFi, and it affects both individuals and businesses. Here’s everything you need to know about rug pulls, including how to stay safe.
Rug pulls are most often seen when fraudulent developers create new cryptocurrency tokens, then proceed to push up the price of those tokens before pulling as much value out of them as they possibly can before leaving them when their price sinks to zero.
Rugpulls may be compared as a form of an exit scam in that they are difficult to detect.
Before learning about the top ten crypto rug pulls in DeFi, it is important to understand the many sorts of rug pulls, how to recognize them, and what a rug pull is in general before continuing.
What is a rug pull?
A rug pull occurs when a malicious cryptocurrency developer abandons a project and flees with investor funds. Malicious individuals create a token, list it on a DEX, and then pair it with a big cryptocurrency such as Ethereum.
The creators push the coin’s price to zero by removing money from the liquidity pool. Their creators may even create a brief buzz on Telegram, Twitter, and other social media platforms by flooding their pool with liquidity in order to gain investor faith.
DEXs, as opposed to centralized cryptocurrency exchanges, allow users to publish tokens for free and without audit. Token creation on open-source blockchains such as Ethereum is also straightforward and free. Malicious actors take use of these two factors.
It is important to note that decentralized exchanges, such as Uniswap, establish prices for tokens in a pool depending on available balances. To prevent a rug pull, check the pool’s liquidity. But this is just the beginning. Examine the token pool for a lock. The majority of credible initiatives get money from a pooled fund.
The value of a coin may climb in hours, signaling a possible rug pull. A rug pull coin may move from 0 to 50X in 24 hours. This ruse is intended to induce FOMO and so token investment.
Unruggable indicates that the development team did not donate a significant quantity of tokens to the project. Unruggable projects do not have the requisite large quantity of team-held tokens that may be taken in a rug pull or departure scam.
Another indicator that a project is unruggable is if the team relinquishes custody of any tokens received during a presale.
Types of rug pull you should know
Rug pulls are categorized into three types namely: liquidity theft, limiting sell orders and dumping.
1. Liquidity theft
Liquidity theft is the kind of theft that occurs when token developers resort to withdrawing all the coins from the crypto liquidity pool.
What does a crypto liquidity pool mean in this context?
A liquidity pool is a collection of cryptocurrency assets that are secured by a smart contract and may be used for exchanges, loans, and other purposes.
Now, doing so eliminates all the value that investors have poured into the currency, thus pushing its price to zero.
Interestingly, these pools contribute to decentralized trading by reducing the risk of washout.
One remarkable thing about liquidity pools is that they form the backbone of the present DeFi ecosystem. They are a critical component of engineered resources, yield farming, lend-borrow protocols, on-chain security, blockchain gaming and automated market maker (AMM), among other applications.
Typically, these “liquidity pulls” occur in DeFi situations. Rug pulls by DeFi are among the most popular exit scams.
2. Limiting selling order
Limiting selling orders are orders placed on investors by fraudulent investors in an attempt to deceive them.
In this case, the tokens are coded in such a way that the developer is the only one who can sell them. This instructs investors to purchase or sell tokens at a certain price set by the creators.
The developers then wait for retail investors to use matched currencies to purchase into their new coin. Paired currencies are two currencies that have been paired together for trade purposes.
They dump their holdings whenever there is enough favorable price activity, leaving a worthless token in their wake.
Simply put, limiting selling orders ensures that the investor gets the price he or she wants or less. Although the price is guaranteed, the order will not be fulfilled unless the security price fulfils the order’s requirements. If the token does not reach the specified price, the order is not fulfilled.
A perfect illustration of a limiting selling order is the Squid Token scam of 2021.
3. Dumping
Dumping occurs when developers immediately sell off their own enormous supply of tokens. As a result, the coin’s value falls and the surviving investors are left with useless tokens.
Dumping can also occur after extensive promotion on social media platforms. The resultant price increase and sell-off is referred to as a Pump-and-Dump Scheme.
Developers utilize false information to inflate the price of a cryptocurrency so that they may sell it and profit. In certain situations, these attackers employ well-known celebrities to promote cryptocurrencies on their social media accounts.
Popular instances include the Squid game crypto fraud, in which the founders inflated its currency and then vanished with $3 million in investor funds.
Another case in point is Kim Kardashian and Floyd Mayweather Jr. These celebrities inflated the price of EthereumMax, after which firm officials pocketed the gains and left investors with useless cryptocurrency.
In January, the investors who had been duped filed a class-action complaint, alleging Kardashian and Mayweather of being complicit in the scheme.
Top 10 Crypto Rug Pulls In Defi
- OneCoin (Over $4 billion)
OneCoin is one of the biggest rug pulls in the crypto market’s history. The project’s creators were able to steal more than $4 billion from naïve investors.
Ruja Ignatov and other project members were involved in the OneCoin rug pull. Ignatova, dubbed the “Cryptoqueen,” announced OneCoin in June 2016, saying it was the “Bitcoin killer,” and successfully persuaded investors to spend billions of dollars.
Dr Ruja described OneCoin as the “Bitcoin Killer” to the Wembley crowd. “In two years, nobody will be talking about Bitcoin!” she said.
More than €4 billion was spent in dozens by investors from different countries between August 2014 and March 2017. Some of the investors were from Hong Kong, Palestine, Norway, Yemen, Pakistan, and Canada, among others.
According to reports by the BBC, some of the project’s leaders were eventually arrested, while others vanished, although the project progressed. To make matters worse, OneCoin was never traded and could not be used to purchase anything since it lacked a blockchain model and a payment mechanism.
2. Thodex (Over $2 Billion)
Thodex, a Turkish crypto exchange went missing in April 2021 with investors’ funds worth over $2 billion.
The CEO of Thodex said that the firm had to cease trading due to cyberattacks, but that the initial deposits were secure.
However, Özer apparently fled the country the night before the exchange was shut down, promising to refund the money when he returned to Turkey.
Some of their investors had a large amount of cryptocurrency in their accounts. A dealer named Kaan Savukduran has almost $12,000 in Dogecoin stored on Thodex. Mertcan Bayraktar, another dealer, represented seven investors, including one who had three Bitcoin ($150,000) locked up in Thodex.
3. AnubisDAO ($60 Million)
AnubisDAO, a fork of OlympusDAO, was released on October 28, 2021. OlympusDAO is a decentralized financial currency that is backed by bond sales and fees from liquidity providers.
The token’s creators established a discord server for the token and a Twitter account that provided regular updates before the launch.
Despite the lack of a platform, roughly $60 million was invested in the ICO, which would reward them with ANKH tokens. When the sale reached 20 hours, someone moved all of the pool’s liquidity to a new wallet. Many investors predicted that the token will gain public appeal in the same way that previous dog-themed tokens have.
After a few days, investors began offering 1,000 in Ethereum to anybody who could supply critical information. Despite a handle claiming that the devs were the victims of a phishing attempt, everything pointed to a clean sweep. The makers of AnubisDAO seem to have snatched investors, defrauding them of $60 million in the process.
4. Uranium Finance ($50 million)
Uranium Finance announced via a tweet in April 2021 that investors’ funds worth $50 million was stolen. However, this didn’t look like that was what happened but another clean sweep of investors’ funds.
Uranium Finance, a Binance Smart Chain-based decentralized finance (DeFi) startup, claimed it was hacked on April 28, 2021, and lost $50 million as a result.
According to Igor Igamberdiev of The Block Research, the Uranium protocol was drained of many tokens, including bitcoin and ether.
80 bitcoins ($4.3 million), 1,800 Ethereum ($4.7 million), 17.9 million BUSD ($17.9 million), 5.7 million USDT ($5.7 million), 638,000 ADA ($0.8 million), 26,500 DOT ($0.8 million), 34,000 wrapped BNB ($18 million), and 112,000 U92 tokens, Uranium’s native currency, were all drained.
The exploitation occurred during the conversion of Uranium’s protocol to version V2.1, according to the company, which was introduced this month.
Uranium is an automated market maker (AMM) protocol that promises to pay daily rewards to its subscribers. It is a fork of Uniswap V2.
5. Meerkat Finance ($31 million)
Meerkat Finance was established on the Binance Smart Chain on March 3, 2021, garnering a big number of investors.
A day later, Meerkat Finance stated that the company had been hacked. Hackers were able to obtain access and steal $31 million, according to the engineers. The majority of the investors, on the other hand, believe the developers cheated them out of their money.
The company’s vaults had been hacked, and the hackers had taken $13 million in BUSD and more than $17 million in BNB, according to the statement. The protocol, social media, and official platform all went black shortly after the breach.
As a result, investors were unable to contact the developers, leading them to believe they had been Rug pulled. Although Binance said that it will investigate the rug pull, nothing has been done after then.
6. Arbix Finance ($10 million)
Arbix Finance, an audited and apparently trustworthy yield farming platform, was labeled as a ‘rugpull,’ resulting in the deletion of its website, Twitter, and Telegram channel, as well as the transfer of $10 million in bitcoin deposits.
Arbix Finance promotes itself as a yield-farming aggregator and is built on the Binance Smart Chain. It has received nearly US$10 million in deposits from consumers thus far.
CertiK’s Skytrace program, which it uses to assess the likelihood of fraud, discovered multiple red lights in Arbix. Investor money had been distributed in unverified pools via the depositor contract, which was afterwards drained by the Arbix team, according to some of the firm’s first findings.
7. Luna Yield ($10 million)
Luna Yield was a Solana (SOL) platform-based ecological liquidity farming initiative. Before Luna Yield vanished, the SOL project had been rapidly increasing, topping $2 billion in total locked value (TVL).
The project’s creators abruptly removed their website, Telegram, and Twitter accounts, as well as withdrew over $10 million in cash.
Due to the pool’s negative value after the deletion of the social media profiles, Luna Yield investors attempted but failed to withdraw their unstaked funds. Following an additional inquiry, the Luna Yield community discovered that the transactions leading to the rug pull were allowed at the address of the project’s developer.
8. Snowdog ($10 million)
Snowdog (SDOG) was a meme currency that sold for more than $30 million, making it one of the year’s most valuable.
The crew acknowledged that they had “f**ked up.” That dog, on the other hand, does not hunt.
Insiders attempted to utilize mental gymnastics, referring to it as “game theory gone bad.” However, the fact is that Snowdog guaranteed enormous profits on a $40 million Snowdog token repurchase.
To do this, they transferred all liquidity from AVAX’s TraderJoe DEX to SnowSwap, a DEX and AMM that they allegedly copied and pasted from Uniswap code.
The fund’s contract featured a mechanism called a challenge key, which meant that without it, customers couldn’t access the contract for the buyback on the new DEX.
An insider liquidated the whole treasury that was meant to be utilized for the repurchase right after it debuted on their copy/pasted AMM. The token lost almost 90% of its value.
9. Squid game ($3.36 million)
Squid game is the most recent and one of the largest rug pulls in crypto history. The Squid token was a play-to-earn token based on the Netflix smash TV show Squid Game.
The token grew rapidly in the first few weeks following its inception, jumping more than 33,600% from a penny to $3.36.
The token’s phenomenal increase eventually reached $2861 before it disappeared. The Squid token had been disassembled, and its proponents had become unreachable. More than 43,000 investors had invested their money into the token at this point.
The current value of the coin is $0.003028. Simultaneously, investors have understood that they would be unable to sell their tokens. No one could sell the tokens from Uniswap’s decentralized exchange due to an anti-dumping feature set by the project’s creators. There’s no way the investors will ever come around.
10. TurtleDEX ($2.4 million)
TurtleDEX announced its entry into the Binance Smart Chain on March 15, claiming that it will offer customers safe online storage.
The decentralized exchange was able to generate $2.4 million in two hours during its presale. The platform’s creators rug drawn investors in only five days after it was launched.
All of the liquidity in the platform’s pools on ApeSwap and PancakeSwap was emptied, according to documents.
The funds in the liquidity pools were emptied and swapped to Ethereum before being transferred to a list of Binance wallets, according to Etherscan data. Following the incident, the creators removed their Twitter and Telegram accounts before shutting down their site.
How to detect a rug pull
There are several ways to detect a rug pull. Some of which will be mentioned here.
a. Developers are making money
Although this may not seem to be a fraud in a free market, it qualifies as such if the initiative was developed solely for this goal. The malevolent developer, as in the previous two frauds, builds a project with an exaggerated value proposition. A token feature or platform that is under development and will be launched shortly is generally the promise.
b. The project arose out of nowhere
Rug pulls seem to appear out of nowhere, while legitimate cryptocurrencies and DeFi initiatives take years to build. These phony enterprises are often backed by a lot of hype, leveraging on currently prevalent cultural memes. If a project that claims to alter the crypto world appears suddenly and sounds too good to be true, it most often is.
c. Developers that choose to remain anonymous
While Satoshi Nakamoto, a pseudonymous developer, created Bitcoin, the first and biggest cryptocurrency, anonymous creators of a crypto or DeFi project should be a significant warning signal that something is wrong.
The most successful cryptos of today, like Ethereum and Solana, have a team of well-known executives driving their development. If the creators of a cryptocurrency or DeFi project prefer to keep their names out of the public eye and stay anonymous, they may have excellent legal reasons for doing so, and you should probably avoid that coin.
d. Liquidity issues
You can’t always check the liquidity of DeFi projects, but you can always do it with a cryptocurrency. Low liquidity suggests that converting the token to cash is difficult, which might be due to the creator having a limited amount of funding to manufacture the token. The developer may control the token’s price more easily if the liquidity is limited.
The easiest technique to determine a cryptocurrency’s liquidity is to look at its 24-hour trading volume. Scam coins have appeared with trading volumes as low as US$10,000, compared to a truly decentralized platform like PancakeSwap, which had a trading volume of US$301 million at the time of writing.
Conclusion
Rug pulls are becoming increasingly widespread in crypto and DeFi, and frauds have begun to plague the NFT market as the blockchain business grows. Investors, on the other hand, may avoid them by doing a thorough research and searching for evident signals.
Detecting a bogus account is more difficult than anything else in the decentralized banking industry. You should try not to be carried away with most undertakings that seem to be too wonderful to be true. Another thing to consider before investing in the DeFi industry is to do extensive research on projects, tokens, and anything new.
Despite the fact that most scammers and hackers are able to hide their actions and deceive people, a thorough investigation will expose and assist traders in the market.
