You’ve been rugged is kinda synonymous with you’ve been punked. Except the difference here is it’s not that funny when your hard-earned money is swept. Especially when you willingly gave it away to the person scamming you. Sadly, that’s the comedic effect of a rugpull. You literally can’t do anything about it. Rugpulls are malicious scams that leave you second-guessing the reflection in your mirror. But don’t you worry, everyone falls victim as it’s the second most common type of security issue in web3.
In this guide you’ll know every important thing there is about rugpulls in crypto and NFTs. You’ll understand why it happens and whether there is any legal action against it. In the end you’ll learn how to protect yourself from this mischievous scam.
What Is A Rugpull?
The name of this scam comes from the idiom “to pull the rug out” from under someone. Imagine it like someone setting up a beautiful rug with a table on it. Preparing lovely meals for you every day. Sweet-talking you into giving out money for a business idea. Everyday you chat and eat and invest your money. You’re having fun and feeling like generational wealth is on the way. Until one day, the scammer pulls the rug right from under you and the whole set up collapses in your face. You’re left with ruins,empty hopes, and a drained pocket. That’s what a rugpull feels like. Technically speaking, it’s a type of scam in the DeFi and NFT industry. It’s a malicious maneuver that goes like:
Scammer hypes a new token
→ attracts investor money
→ runs away after collecting the money
→ Leaves investors in shambles.
What is an NFT Rugpull?
It’s the same concept that goes on in the De-Fi sector. Instead of hyping a certain new token – or alt coin- with promises of great gains, scammers use NFT projects. Therefore, NFT rugpulls are extremely common. Usually it starts during the pre-launch phase of an NFT project like this:
- Creators of the NFT collection attract early “minters” for whitelists
- They excessively promote and hype it on social media through crypto influencers
- Many degens rush to mint the collection, and after the collection mints out:
- Scammers transfer the funds out of the ecosystem and vanish
- OR wait for the floor price to a certain level THEN siphon the funds and vanish
This means that an NFT rugpull may take years to fully happen. That’s the tricky part, as you may never realize it. A Kid Called Beast was suspected of rugpulling upon mint, and some still believe in that controversy. Check out the story here.
Type of Rug Pulls
Dumping, liquidity stealing, and limiting sell orders are the three most common types of a rugpull. They fall into two categories:
-
- Hard rugpull: It’s when a developer has no intention of ever completing a project and intends to scam investors from the start. They hardwire a project’s smart contract code to leave an avenue open for theft.
- Soft rugpull: It doesn’t have code-level fraud. Instead, soft pulls tend to rely on marketing hype to falsely inflate a project’s value. Then the project’s founders shut it down. Either slowly over years or instantly run away with the money.
1- Dumping (Pump and Dump)
This type of soft rug pull is similar to penny stock pump-and-dump schemes.
- The developers of a project hype it up to draw investors. Then, they encourage trading activity using marketing tools – mainly social media and influencers.
- After inflating a coin or NFT’s value
→ the developers rapidly sell off their own supply
→ the token’s value flops
→ investors get stuck with mostly worthless assets. - Dumping schemes are soft rugpulls that can span hours or years – depending on the developers. Hence, it can sometimes look like normal market volatility rather than a deliberate scam.
2- Liquidity Stealing
Liquidity signifies how easily you can convert an asset (NFT or Cryptocurrency) to another asset (USD) without affecting its market price.
A liquidity pool is a collection of locked funds in a smart contract. so, people interested in the project or currency will stake the token in its smart contract to provide liquidity.
The more assets in a pool
→ the more liquidity the pool has
→ the easier it is to trade and convert the currency.
Liquidity stealing is a hard rugpull since developers intentionally build loopholes in the smart contract’s code:
They steal the pool of tokens from their investors
→ this removes all the value injected into the currency or NFT
→ drives its price down to zero
→ investors left with nothing.
3- Limiting Sell Orders
This is another kind of malicious hard rug pull. This scheme goes like:
The project’s developer includes restrictions on selling in the tokens’ code → Investors can keep buying BUT they can’t sell unless a developer allows it → Scammers can dump their tokens whenever they want → this leaves investors stuck with worthless assets.
Why Do Rugpulls Happen?
Long story short, the DeFi and NFT spaces are prone to rugpull scams because:
- It’s cheap and easy to create new tokens on any blockchain. Also, to get them listed on decentralized exchanges (DEX) without a code audit.
- It makes the scammers a shit ton of money with minimal effort. All they have to do is sell their ethics to the devil.
Actually the main reason it’s easy : FOMO and seeking generational wealth.
This is rooted in Bitcoin’s history and Cryptopunks NFTs in how they made people billionaires with time. Everyone is still looking out for the next Bitcoin-like or Cryptopunk success stories. But that’s not gonna happen. Bitcoin and Cryptopunks made people tons of money because THEY WERE THE FIRST CRYPTOCURRENCY AND NFT TO EVER EXIST. So, sorry to burst your bubble, but get over finding the new multi-million money-making hype.
Are Rugpulls Illegal?
Let’s make it clear that rugpulls are always unethical but unfortunately not always illegal.
-
- Hard rugpulls are illegal because there is software proof in the smart contract that the developer had the intention of stealing investor’s funds.
- However, there is no legal law against soft rugpulls, because the smart contract is clean. Since it may take years to finally occur, it seems as if the developers are still actively working on the project, and they may be. It may also look like the project tanked because of market fluctuations. Sorry.
Either way, like most fraudulent activities in the crypto industry, both types can be challenging to track and prosecute. Tracking illegal activities in crypto and NFTs is still very novel. Figuring out what counts as an investment contract (a security) or not is tricky. If you’re curious about the legal issues in web3, this guide is for you!
Examples: Incidents in Web3
According to findings of Comparitech, $26 billion has been lost to cryptocurrency and NFT rugpulls and scams to date! We can notice from the chart below how rugpulling scams have been insanely increasing at the beginning of 2022. Obviously, it’s a lucrative business.
Therefore, to give you more of an idea as to how much money such scammers make, here’s a swift list of the most common rugpulls to date:
2014
→ OneCoin: $4 billion
2021
→ StableMagnet, $27M drained
→ AnubisDAO $60 million
→ Frosties $1.1 million
→ Thodex, $2 B drained
2022
→ AniMoon NFT, $6.3M drained
→ Teddy Doge, $4.5M drained
2023
→ Franklinisbored 2000 ETH one-of-a-kind rugpull
→ According to Coindesk, a wave of scams and hacking incidents resulted in cumulative losses of $155.5 in the months of April and May. Which explains why the chart above is spiking with scams in 2023.
How To Protect Yourself From A Rugpull?
People fall victim to rugpulls due to insufficient awareness about cybersecurity. Here are 5 clear signs that scream “You’re being rugged!”
1- Undoxxed Developers
This should be obvious by now. Our mothers taught us at a young age not to take anything from strangers. So why the hell would anyone give away money to anonymous people online? Always double check who you are dealing with. Go all FBI on their backgrounds. This is the normal thing to do. I know it’s kind of ironic to say, since the founder of Bitcoin is anonymous to this day, but Bitcoin is the dominant coin we trust with a heartbeat. It’s not the same with new projects or coins, it’s a whole different case story.
2- No Liquidity Locked
Remember the explanation about liquidity stealing? To prevent falling victim to that:
CHECK IF THE CURENCY OR NFT IS LIQUIDITY LOCKED. With no liquidity lock on the token supply in place, nothing stops the project creators from running off with the entirety of the liquidity.
Also, check the percentage of the locked liquidity pool:
A lock is only helpful in proportion to the amount of the liquidity pool it secures
→ It’s known as total value locked (TVL)
→ should be between 80% and 100%.
3- Limits On Sell Orders
Good news is you can also protect yourself against limit-on-sell-order rugpulls. Since selling restrictions are buried in code, it can be difficult to identify whether there is malicious activity. The best way is to test it out yourself :
- Purchase a tiny amount of the new coin or NFT
- Immediately attempt to sell it
- If there are problems selling what was just purchased
→ the project is likely a hard rugpull.
4- Suspiciously High Yields
When tokens offer insanely high an annual percentage yield (APY), it usually means equally high risks. Not necessarily indicative of a scam, but seriously, if something sounds too good to be true… most of the time it is! WHY RISK IT?
Also, if the yields for a new coin seem suspiciously high YET it doesn’t turn out to be a rug pull → it’s likely a Ponzi scheme.
Rings any bells? Ah yes, SBF and his FTX ponzi scheme that crashed the market like a wrecking ball.
5- No External Audit
Since not all of us can understand smart contract code, there are third-party auditors who can do it. Also, NFT project or cryptocurrency audits are now standard practice. It makes a whole lot of sense. Because, if an asset’s smart contract can’t pass a basic audit, why the hell risk investing in it?
So point is, don’t just take a development team’s word that an audit has taken place. Do it yourself and use reputable third-party tools. They show you that there’s nothing malicious in the code and give you peace of mind. Here’s a couple handy trust-worthy audit tools:
Closing Thoughts: BE SKEPTIC
A healthy dose of FUD and skepticism is useful when sorting through crypto hype. Especially when it comes to rugpull plots. Therefore, as a rule of thumb , don’t invest money you can’t afford to lose. Always question the risks of web3 and whether anything makes sense to you.
Actually, you should always take care of your mental state. As the crypto space can become very toxic very easily. So, make sure you’re not easily intimidated into things.
Don’t stop researching and don’t stop reading! Carry on to the ultimate guide on NFT scams and stop losing your money.