Admit it: you wanted to possess a valuable thing at some point. It could be a luxurious property, a sports car, or a box full of money. Today the list of desires extended to virtual assets: cryptocurrencies, tokens, and NFTs. In their daily life, people see a lot of ads promoting crypto: in pop-up windows, street banners, newspaper articles, and even posters displayed on public transport.
This highlights a trend that is not going anywhere: crypto is full of opportunities to make a quick buck. And while true, crypto remains a wild west where you can easily become someone’s profit (or even victim). For the last few years, the crypto market has become full of scam schemes undermining users’ trust. Let’s take a look at the most bizarre and investigate where there is any place for trust in web3.
Crypto as a digital oriental bazaar
The total capitalization of virtual assets (the value of all cryptocurrencies and tokens) is just a bit below $1 trillion. At its peak (November 2021), this figure surpassed $3 trillion.
There are more than 13K coins traded on almost 600 cryptocurrency exchanges. For your understanding, there are only 180 national currencies. Thus, the number of circulating cryptocurrencies is at least 74 times greater than all national currencies. Imagine that each cryptocurrency is a separate store. That’s why the modern crypto market may be called an “oriental bazaar.”
But do all selling points (crypto projects) follow ethical principles? The answer is no: there is a high share of players for whom cheating users is the main business model. These players are referred to as scams.
How many scams are there in crypto?
A scam is a broad term covering activities aimed at stealing physical or digital assets by deceiving victims who send them. Between January and July 2022, crypto scammers managed to get $1.6B.
Why is scam common in crypto?
- There’s a big hype around virtual assets fueled by popular influencers, celebrities, and sportsmen
- There’s no central authority responsible for fighting against crime in crypto
- The irreversible nature of crypto transactions enable scams: once funds are transferred, you cannot get them back
- A lot of users are not fully aware about the nature of crypto and cybersecurity
The most common types of scams are:
- Investment scam: false promises of fast and easy money
- Romance scam: based on trustful or even romantic relationships between a hacker and a victim
- Impersonation scam: scammers posing themselves as celebrities
- Phishing scam: malicious emails and messages containing links to fake websites
For the past 2 years, a new widespread scam technique called rug pull has appeared. Let’s learn some more details about it.
Rug pulls as the latest form of a crypto scam
Rug pull is a scam whereby the development team suddenly abandons a project and removes all its liquidity. Rug pulls are widespread in the world of decentralized finance. The key reason for rug pulls is that DeFi tokens can be created and listed on decentralized exchanges with little to no KYC or AML standards.
The most obvious indicator of a rug pull is a skyrocketing price movement without any protection on liquidity, meaning that project owners can almost immediately remove all liquidity. Rug pull may also be referred to as an exit scam.
Are rug pulls a growing threat to crypto? In 2021, scammers stole $2.8B through rug pulls, which accounted for 37% of all yearly scam revenue compared to just 1% in 2020.
The biggest rug pull ever happened
OneCoin, $4B
The OneCoin incident started in 2014 and was a typical Ponzi scheme where users were rewarded for bringing new community members. The company’s primary business was selling course materials under the multi-level marketing structure. OneCoin was neither actively traded nor used to make purchases. To access the company’s exchange OneCoin, users were required to buy more than the beginner’s package. In 2017, the exchange was shut down, and users were denied any withdrawals.
In fact, OneCoin did not even exist on the blockchain, and value manipulation was based on the automatic generation of new coins. Users from 175 countries became lured by a typical rug pull. Now, OneCoin’s founder Ruja Ignatova is one of the top 10s most wanted by the FBI.
Examples of DeFi rug pulls
AnubisDAO, $60M
AnubisDAO, $60M AnubisDAO is a dog-meme project launched in October 2021 on the wave of the dogecoin surge. The project was launched on the Copper crowdfunding platform and was marketed as a fork of OlympusDAO. Almost immediately following its launch, the project managed to raise $60M, but shortly all the funds were drained from its liquidity pool. All liquidity pool was presumably controlled by a single developer and removed by the same wallet that created the Copper launch.
The suspect developer of this project claimed that he had opened the malicious link, exposing the project’s private keys used for its liquidity bootstrapping pool launch. However, funds in the wallet of the developer remained intact and under his full control. Thus, with a high degree of certainty, the AnubisDAO incident was a typical rug pull rather than a phishing attack.
Meerkat Finance, $31M
Meerkat Finance, $31M The project experienced the breach enabling the change in ownership of the DeFi platform’s smart contract address. Following this, all funds were transferred to the two addresses (BNB and BUSD), leading to investors losing $31M. Although the team posted an initial response to the transactions, they’ve been silent since then. Namely, the project website and Twitter account went offline, and its founders became unreachable. Thus, the case was likely a rug pull.
Snowdog DAO, $30M
Snowdog DAO, $30MSnowdog was the first meme-coin launched on the Avalanche network. The project used to demonstrate groundbreaking APY allowing investors to hope to get numerous 1 and numerous 0s for every $1 invested. It was too good to be true, wasn’t it? The project promised its investors a massive buyback of its token in eight days after its launch. To this end, the project’s team stated it would use its treasury reserves.
However, on the day of the buyback, the team announced that it would take place on custom SnowDog Automated Market Maker instead of Trader Joe, the decentralized exchange on which investors had purchased their $SDOG. However, when the majority of investors eventually managed to log in to AMM, two whale wallets had already surpassed everyone.
What is more, these wallets had not even previously approved the $SDOG contract on Trader Joe, the action they should have done if they had no insider information. Thus, the SnowDog DAO case was obviously a rug pull.
What do these big scam incidents teach us? Scammers exploit users’ poor awareness of crypto and its security and lure them by offering quick and big returns. Users do not check the personality of projects’ founders and do not control the use and distribution of their assets by crypto players. And what is even more shocking is that scammers do not even develop extraordinary schemes but just exploit typical techniques to cheat users.
Unethical influencers as a terrible trend in crypto
When users don’t have enough knowledge about the market, they are likely to look at various ratings or listen to the opinion expressed by industry leaders and experts, also called influencers. One of the recent examples of influencer scam in crypto was Save the Kids token. Influencers linked to FaZe Clan were actively promoting the new initiative. However, after the launch, the token’s value plummeted, and large holders almost immediately dumped their shares.
Celebrities may also be involved in the crypto scam. In 2017, the project Centra Tech, a promising cutting-edge crypto financial tool, created fake executives, partnerships, and licenses to trick users in order to transfer their assets. DJ Khaled and Floyd Mayweather were paid $50K and $100K for promoting the project.
Influencers may also be involved in pump-and-dump schemes whereby they buy cheap altcoins and then actively promote them on their social media pages for the sole purpose of selling high.
First anti-scam weapons in crypto
Although scam has reached an unprecedented scope in crypto, there are safeguarding mechanisms that limit the room for bad actors.
Projects involved in malicious activities have a big chance to be seen on blacklists or getting negative publicity across industry-leading media. These resources invest big sums of money in conducting deep research about the state of security in crypto and the basic rules to be followed by users. For example, CoinGecko, CoinDesk, Chainalysis, and CoinMarketCap are big libraries of valuable materials about the state of security in crypto. These resources inform readers about current and anticipated threats in crypto as well as the malicious behavior of industry players.
If a project appears on a reputable blacklist or its activities are under the investigation of law enforcement bodies, there is a high possibility that its assets may be frozen. Smart contract admins may also freeze tokens on external applications if these funds have been associated with criminal activity. Most layer-1 blockchains have the embedded freeze function.
The rise of industry sheriffs as the foundation of trust in the crypto Wild West
Crypto “bubbles” of 2018 and 2021 – let’s call them “waves” for what they have been – demonstrated that users tend to rely on external feedback when deciding to get involved in investment activities. Players capable of conducting deep industry research, analyzing market tendencies, and posting the most recent updates and insights are playing one of the central roles in web3. And the growing scope of scams and other security risks has pushed the entry of “crypto sheriffs,” professional teams that advise users on how to safely manage their virtual assets.
The most famous “crypto sheriffs” are Certik, Hacken, Quantstamp, OpenZeppelin, SlowMist, Trail of Bits, Utrust, and others. These teams generally tell the broad community if certain projects look like a scam.
For example, Hacken has developed its own security rating for crypto exchanges called CER.live where users can see whether their chosen projects meet at least basic security standards. Besides, they launched a Trust Army platform to crowdsource data analyst talent and keep web3 in check. In turn, Certik offers its community to follow the flow of funds using a special solution called SkyTrace. As a result, users can track suspicious activities to reduce the risk of fraud.
Although these “sheriffs” do not arrest bad actors, they create an environment where non-ethical players have little chance to lure users. At the same time, they act as the best friends for projects for whom users’ security is a #1 priority.
So, how to best build trust in crypto? Just by making it secure! As bitcoiners say,
don’t trust—verify!
Post Scriptum
I still love this meme remix on one of the biggest crypto scams: BitConneeeeect!