X Icon

Secure your copy of the Rug Pull Report

Left arrow icon

What is a Rug Pull? DeFi and Exit Scams Explained

Solidus Labs
October 27, 2022

This blog is a preview of our Rug Pull Report — available now. Download your copy today.

The rug pull is the most common scam in crypto, with over 200,000 scams created and 2 million investors rug-pulled. This is greater than the number of investors harmed by the collapses of FTX, Celsius, and Voyager combined.

But what is a rug pull, exactly? And how do they work?

What is a rug pull?

A rug pull is when a scammer creates a new cryptocurrency, convinces users to invest, and then abandons its development and sells their tokens abruptly, leaving investors with assets worth nothing.

How do scammers pull the rug?

Crypto scammers pull the rug in one of two ways: by programming their token to steal from investors, or by promoting their token to steal from investors.

  • A DeFi scam is when a scammer programs a crypto token's underlying smart contract to pull the rug out from under investors. DeFi scammers may modify their token’s smart contract to make it impossible for others to sell the token, to allow the scammer to mint unlimited new tokens, or to charge exorbitant trading fees.
  • An exit scam is when a scammer aggressively promotes a token before pulling the rug out from under investors. Exit scammers may create fraudulent marketing websites, announce fake partnerships, or use bots to wash trade.

The rug pulls that steal the most funds the fastest tend to be both. The fraudsters behind the Squid Game token, for example, programmed the $SQUID token to include a honeypot exploit and created a website and whitepaper to promote the token. Within days of $SQUID’s release, it had netted its creators over $3 million.

DeFi scams

Solidus Threat Intelligence sorts all DeFi scams into one or more of the following exploits:

  • Honeypots prevent buyers from re-selling their tokens.
  • Hidden mints let developers create unlimited new tokens.
  • Fake ownership renunciations let token developers hide the fact that they can call sensitive functions.
  • Hidden balance modifiers let developers edit users' balances.
  • Hidden fee modifiers let developers establish sell fees as high as 100%.
  • Hidden max transaction amount modifiers let developers to set maximum transaction values as low as zero.
  • Hidden Transfers let developers to transfer tokens from users to themselves.

Below, we compare the number of rug pulls executed by smart contract exploit type.

Crypto rug pull example: The "Dictionary" DeFi Scammer

The dictionary scammer is a serial fraudster who has deployed over 4,000 scams on three different blockchains – Ethereum, BNB Chain, and Polygon. We refer to them as the dictionary scammer because they use dictionary words for the variable names in their tokens’ constructor and transfer functions.

In the source code of the token SafeUkraineInu, for example, the dictionary scammer uses variable names like shirt, uncle, herd, and ice, which are extremely uncommon in ERC-20 contracts.

The source code of each token deployed by this scammer has been edited to enable two exploits at once: a honeypot and a hidden mint. This means that 1) buyers of these tokens cannot resell them, and 2) at any time, the dictionary scammer can print any number of new ones. 

The name of each token is clearly designed to trick investors. Revisiting SafeUkraineInu ($SUI), this token impersonates both the legitimate donation token Ukraine Inu and the more popular Sui token, which has the same ticker.

The dictionary scammer’s entire rug pull process is visible on the blockchain. The typical steps in this process are:

  1. The scammer deploys the scam token
  2. The scammer pairs either Ether (ETH) or Binance Coin (BNB) with this token in a Uniswap or PancakeSwap liquidity pool
  3. The scammer waits for users to swap ETH/BNB for this token 
  4. The scammer mints an absurdly large number of new tokens — often more than 100x this token’s original supply
  5. The scammer swaps those tokens for ETH/BNB, draining the liquidity pool and making a 0.1 - 5 ETH profit per rug pull

Exit scams

In a crypto exit scam, a scammer creates a regular token – no smart contract exploit included – and then promotes that token fraudulently, only to abscond with investors’ funds. This can be either a fungible token (e.g. an ERC-20 token), or a non-fungible token (e.g. an ERC-721 NFT).

Prior to pulling the rug, exit scammers may hype up investor interest in a number of ways. Exit scammers may:

  • Create misleading marketing websites,
  • Announce partnerships that never materialize,
  • Assert untrue claims about their development team or backers,
  • Give themselves token allocations well beyond what they claim to own in public,
  • Engage in wash trading to artificially inflate their token’s volume or price, and/or 
  • Use social media bots to spam positive sentiment about the token on platforms like Twitter, Discord, Reddit, Signal, or Telegram

These actions represent calculated attempts to defraud investors — and prosecutors have taken note.

Crypto rug pull example: The FLiK token exit scammer

When fraudsters have been caught pulling exit scams, they have been convicted of crimes like money laundering, securities and wire fraud. The Atlanta film producer Ryan Felton, for example, pleaded guilty to twelve counts of wire fraud, ten counts of money laundering, and two counts of securities fraud after executing two 2018 exit scams — FLiK and CoinSpark.

The U.S. Attorney’s Office of the Northern District of Georgia’s press release announcing the convictions read:

Felton falsely represented to investors that a prominent Atlanta rapper and actor was a co-owner of FLiK, the United States military had agreed to distribute the streaming platform to service members, and FLiK was finalizing licensing deals with major film and television studios. In reality, the rapper had no role in the company beyond authorizing a promotional social media post, FLiK had no military contract, and Felton never had discussions with any studio about licensing content. Felton further claimed that he was actively developing the platform and would use all funds raised in the ICO to launch FLiK. After the ICO closed, Felton dumped more than 40 million FLiK coins on trading markets, causing the value of FLiK coins to plummet.

This case shows that U.S. prosecutors are both willing and able to convict exit scammers. This may soon become true of smart contract scammers, too.

Rug pull trends for 2023

Fraudsters created over 212,000 scam tokens between September 2020 and January 1st, 2022. This includes over 83,000 scams in 2021 and 125,000 scams in 2022.

This dwarfs previous industry research that identified only 24 rug pulls in 2021 and just 262 in 2022. It also reveals that a staggeringly high percentage of Ethereum and Binance Smart Chain tokens are programmed to steal from investors. 8% of Ethereum ERC-20 tokens are designed to pull the rug; 12% of Binance Smart Chain BEP-20 tokens are as well.

In our inaugural Rug Pull Report, we analyze crypto's rug pull problem in even more detail, using original research and case studies to explain how Solidus Labs detects and deters rug pulls at scale. Download your copy today.

Subscribe to our weekly newsletter
Loader Animation