Home Web3 Security Crypto & Defi Rug Pull: How to Spot?

Crypto & Defi Rug Pull: How to Spot?

by ImmuneBytes
Crypto & Defi Rug Pull: How to Spot?

Have you heard about the Squid game $2M scam that took only 35 minutes to be executed? 

Squid game rug pull tweeted by Immunebytes

The infamous squid game Rug pull scam, where the popular Netflix streaming show inspired the token, soared by 83,000% in a few days. 

squid game usd chart

Reference: https://coinmarketcap.com/currencies/squid-game/ 

CNBC says that “the squid games token was launched as the exclusive coin of the squid game project- play-to-earn platform, up by 2400% within 24hrs.” In fact, it cautioned users before trading in squid, as it had already received multiple reports that users could not sell this coin on the well-known decentralized exchange Pancakeswap.    

So, what is this Rug pulled all about, and how can you avoid your investment from going into the drain? 

Let’s find out!

In this blog, we will discuss the following topics in a row.

What is Rug Pull?

Suppose you are a new crypto investor and decided to invest your money in new and hot trending cryptos available in the space. Following social media advice in such cases, you probably tend to buy a low market cap and low-priced token.

Initially, you see your investment jumping doubled or tripled in merely a few hours, and then the next morning, you wake up to see that the token price has dropped to zero.  

This probably leaves you never wanting to trade in crypto again. This situation arises from the malicious developers who pulled out investors’ money and brought the token’s value to nearly zero, called the Crypto Rug pull. 

Rug Pull is a malicious gimmick in the crypto Universe. Here, a developer pumps its project’s token before taking the money and running, leaving their investors with a worthless asset. This phenomenon is quite common in the case of decentralized finances, especially Decentralized exchanges(DEX). 

Nasty developers create a token, list it on a DEX, and pair it with a leading cryptocurrency. Once a significant amount of crypto, says ETH, has been accumulated, creators then withdraw everything from the liquidity pool, driving the coin’s price to zero.

Now that we know what a rug pull is let us look at the different types of Rug pulls.

Types of Crypto Rug Pulls

Crypto & Defi Rug Pull: How to Spot?

There is more than one way of committing a rug pull. Following is a schematic showing the different types of crypto rug pulls. 

Liquidity Stealing

In this scenario, the project’s founder removes all the coins from the liquidity pool, eliminating the investor’s additional value to the currency and bringing the token’s price to zero.

Limiting Sell Orders

The developer programmed the tokens so only they could sell them. They wait for retail investors to use paired currencies to purchase their new crypto assets. Once there has been sufficient upward price movement, they exit their positions and leave behind a worthless token.


In this kind of rug pull, developers sell off / dump their enormous stock of tokens which results in a massive drop in the coin’s value, and the the investors are left high and dry with useless tokens, which now bear zero or insignificant value.

Dumping typically happens following intensive social media promotion.

Next on our list are the various ways of spotting a rug pull so that you can keep an open eye on such malicious maneuvers. 

Additional Resource: How to audit Crypto Tokens

How to Discover Rug Pull in Crypto?

In DeFi, rug pulls are frequent since tokens may be quickly generated and listed on DEXs with little to no KYC or AML. Anyone with simple due diligence requirements can create a liquidity pool that faces significant risk.

But still, there are a few pointers that you can keep in mind before investing in crypto. 

  1. The skyrocketing price of a scam coin within hours

Decentralized exchange platforms allow users to list their tokens free and without any audit requirements. Also, creating tokens on an open-source, decentralized platform is easy. 

It allows evil creators to inject substantial amounts of Liquidity into their pools and create temporary hype around it. Hence, cultivating investors’ confidence only to siphon off their funds. 

  1. Check for Liquidity in the Pool and lock period. 

Checking to see if a cryptocurrency is ‘liquidity-locked’ is one of the simplest methods to tell a fraudulent coin from a real cryptocurrency.

Nothing prevents the project’s developers from taking all of the Liquidity if there is no liquidity lock on the token supply.

Investors should also check the amount of the liquidity pool that has been locked. Only a fraction of the liquidity pool that a lock secures is useful.

  1. Low team credibility or Unknown founders

Anonymous project developers could be a red flag for investors looking to engage their assets in a project. 

Investors should think about the legitimacy of the individuals behind emerging crypto-projects. Well-known promoters and developers in the cryptocurrency world, their history, and the credibility of keeping their promises are a few aspects to be kept in mind. Also, Investors should be wary of brand-new, readily fabricated social media profiles and accounts.

  1. Ambiguous and Unclear white paper

If the whitepaper is just 15-20 pages long, stay cautioned it could be a promotional or sales brochure and not a whitepaper. 

The white paper, website, and other project-related media provide hints regarding the project’s overall validity.

  1. Large promotional spending and marketing

Usually, these nasty developers create temporary hype around their projects, which might involve using an influencer who has no part in the project. 

Beware! This might be a sign of a scam coin. Usually, reliable projects advertise themselves and not through an investor having no role to play in the project.  

  1. Very few wallet holders

If a small number of holders hold huge sums of tokens, they are likely to team wallets masking as regular holders, and this makes it simple for them to manipulate prices at the expense of unwitting investors. 

How to Avoid a Rug Pull?

Crypto Scams have been a show-stealer in the blockchain industry for some time, and no investor wants to nullify their investment.

Here are five important tips you should remember, especially before investing in a DeFi crypto space. 

  • Find established Projects; look for the projects listed on a centralized exchange. Although it is not a security stamp, centralized exchanges often review assets before listing them on the marketplace. 
  • Evaluate Whitepapers for the project’s intended behavior and tokenomics
  • See if the project has been audited. A formalized code audit by a reputable smart contract auditing firm increased investors’ confidence in the project. 
  • Knowing about the project creators as anonymous developers serves as a red flag. Investors must consider the developer’s credibility before investing in a project. 
  • Check for the project’s Liquidity (the amount of value in tokens that can be traded) along with the percentage of the liquidity pool locked. 

Are Crypto Rug Pulls Illegal?

Soft rug pulls( discussed above), although unethical in nature, are not illegal. Dumping only involves selling crypto assets to a level that drops the token value to a considerable extent. While hard rug pulls are illegal. 

Indeed, in some ways, the absence of regulations around crypto has its own set of effects. Investors should be cautious before choosing to invest, as they have less legal recourse or protection if an investment turns out to be a scam.

Sum Up

With crypto crimes hovering over the blockchain space, regulators and investors have been plagued by them since 2017.

Rug pulls are merely a recent scam scheme but have had negative effects. Chainalysis estimated in 2021, rug pull losses were more than $2.8 billion, or 37% of the total earnings from cryptocurrency scams of the year.

Increasing participation in the blockchain world has started exposing security vulnerabilities. One must keep an eye on the telltale signs of the bugs from becoming susceptible to crypto crimes. 

Stay tuned with ImmuneBytes, to be in the know with more such information about Rug pulls and other crypto-scams.

About ImmuneBytes

We at ImmuneBytes offer enterprises and startups comprehensive smart contract auditing solutions for their applications to have a secure commencement. Our journey begins with an aim to foster security in the upcoming blockchain world, improving the performance of large-scale systems.  

However, Blockchain fosters a secure transactional environment, and applications built on this technology come with their own set of vulnerabilities. As there is no scope for alterations in blockchain transactions, smart contracts must be thoroughly evaluated to prevent any further loopholes from turning your project into an extravagant exploit. 

ImmuneBytes administers stern smart contract audits, employing static and dynamic analysis and examining a contract’s code and gas optimization, leaving no escape route for bugs.

You may also like