What Is a Rug Pull? How to Protect Yourself From Getting ‘Rugged’

Not all crypto projects end up being legitimate, so it’s important to understand how to protect yourself from common scams.

Updated May 11, 2023 at 4:50 p.m. UTC

Savvy investors are always looking for projects in their early stages that appear to be bound for success. If you’re lucky, getting involved early could result in huge returns – just ask the Winkelvoss twins, who invested in bitcoin (BTC) nearly a decade ago and have since become billionaires. On the other hand, “aping” into a project without doing thorough research can end in financial disaster, such as those who were lured by the Baller Ape Club non-fungible tokens (NFT) and collectively lost $2.6 million to scammers.

This appetite for high-risk, high-reward investment is particularly prevalent in the crypto space, where a steady stream of new projects builds buzz and encourages new investment. But unlike regulated financial markets, the crypto ecosystem is still in its early stages, and bad actors continue to find new ways to trick unsuspecting investors into making bad decisions.

One common scam in the crypto space is called a “rug pull,” where a developer or creator will promote a project such as a new coin or NFT release and then disappear with investor money. The perpetrators of rug pulls are difficult to track down after the fact, as the decentralized and pseudonymous nature of blockchain allows those involved to conceal their identities.

Still, there are ways you can detect possible rug pulls and protect yourself from financial loss.

What is a rug pull?

Ever heard of something being “too good to be true?”

The term “rug pull” comes from the phrase “pulling the rug out from underneath.” Many of these illegal schemes appear legitimate and enticing until the minds behind the project decide to suddenly drain investor funds.

Rug pulls have been observed across the crypto landscape in areas like decentralized finance (DeFi), non-fungible tokens (NFT), Web3 and various metaverse projects. In 2021, rug pulls took over $2.8 billion worth of cryptocurrency from victims, according to Chainalysis – accounting for 37% of all cryptocurrency scam revenue in 2021.

The emerging DeFi space is prone to rug pull scams because of the lack of intermediaries involved in transactions and the potential for massive returns. Additionally, many new cryptocurrency projects start out in the same place – a new, attractive token will emerge and investors will pour money into the project hoping that it rises in value – making these types of scams even more difficult to detect early on.

“Rug pulls are prevalent in DeFi because with the right technical know-how, it’s cheap and easy to create new tokens on the Ethereum blockchain or others and get them listed on decentralized exchanges (DEX) without a code audit,” Chainalysis explains. Code audits allow third parties to conduct security checks, ensuring that any smart contracts associated with the token are free of vulnerabilities.

Rug pull scams are also common in the NFT space, where heightened interest in crypto art and a constant influx of new projects have created an attractive environment for scammers. Many new collectors are still figuring out how to navigate the space, and popular projects like CryptoPunks have yielded millions of dollars in returns for early investors.

How to stay safe from rug pulls

Rug pull scams may not always be obvious, though there are ways to better detect these types of fraudulent projects and keep yourself safe.

Favor established projects

Many new projects don’t have a track record to prove their legitimacy or safety. While choosing to invest in an NFT project like Bored Ape Yacht Club is not entirely without risk, the project has established trust within its community over time. Some (not all) scams will often lazily imitate features from other popular projects, signaling that the project may not have originality or long-term value for investors.

In addition, centralized marketplaces like Binance or Coinbase (COIN) have certain standards in place and only list assets that are legal and safe, though their listings are not an indicator of quality or potential for gains.

Research projects and their founders

While it may be tempting to jump into a hyped-up project quickly, there’s a reason a common refrain in the crypto space is to “do your own research.” It’s extremely important to thoroughly examine the project, its team and blockchain features before deciding whether to invest.

While founders of NFT or DeFi projects often keep themselves anonymous, that approach could also protect them from being held accountable in case the launch of the project goes wrong. In some cases, the founders may maintain a pseudonymous crypto identity that they will use for years across projects and accounts. If their identities are visible, be sure to check out their social media accounts and other available information to see if they interact with other known people in the space and have legitimate followers.

Many legitimate DeFi projects will also audit their smart contracts to ensure there are no bugs in their code, a promising sign to investors. However, this process can be expensive and time-consuming and audits are not a guarantee that a project cannot be tampered with down the line.

In addition, it is also helpful to look through a project’s website, Discord channel, roadmap, white paper and associated materials to look out for anything that seems suspicious.

Be wary of projects promising high returns

Any project that promises sky-high returns should be carefully considered because DeFi scammers need liquidity to fund their scheme. Staking rewards and yield farming are two common features in DeFi ecosystems that scammers might seek to exploit or make false promises on.

List of notable rug pull scams

Here are some of the largest rug pull scams to date, which can help you recognize patterns and red flags as you research investments:

OneCoin:

In 2014, self-proclaimed “crypto queen” Ruja Ignatova and others set up a Bulgarian-based cryptocurrency company called OneCoin Ltd. Ignatova and her cohorts allegedly made false claims about the coin and its perceived value to solicit investments.

Ignatova disappeared and the exchange shut down without warning in 2017. In total, the platform is believed to have defrauded victims of over $4 billion.

She has been charged with conspiracy to commit wire fraud, wire fraud, conspiracy to commit money laundering, conspiracy to commit securities fraud and securities fraud, and was added to the FBI’s Ten Most Wanted list in June 2022.

Thodex:

Centralized Turkish cryptocurrency exchange Thodex was founded in 2017 and had amassed about 400,000 users, according to state news agency Anadolu.

In 2021, the exchange halted its users’ ability to withdraw funds and founder and CEO Faruk Fatih Ozer disappeared soon after. Users reported that certain cryptocurrencies, including dogecoin, were trading at much lower prices than other markets the night before the exchange shut down.

In total, users lost over $2 billion worth of cryptocurrency, according to Chainalysis.

Bloomberg reported in March that Turkish prosecutors are pursuing jail sentences for the exchange’s founders and executives, including Ozer, who is still missing.

AnubisDAO

The dog-themed DeFi project launched in 2021 and claimed to have been backed by several assets. The team behind the project launched a Discord server and Twitter account but had no website or white paper.

The project raised nearly $60 million worth of ether (ETH) from investors in its initial token sale to fund its liquidity pool in exchange for the project’s ANKH token. Less than 24 hours into the sale, the liquidity in the pool was sent to a different address, the project’s main Twitter account went offline and ANKH’s value plunged to zero.

According to Chainalysis, it’s unclear whether or not the developers were in on the scam, though it added that “all signs point to a standard rug pull.”

Frosties

The colorful NFT collection was announced in 2021 and quickly became popular, promising long-term utility and staking features. In January 2022, the 8,888-edition NFT collection sold out and, according to the U.S. Department of Justice, two men behind the project shut it down soon after and transferred the funds to various cryptocurrency wallets under their control.

The pair appeared to be planning to launch another NFT project called “Embers” prior to their arrest.

In total, the men allegedly earned $1.1 million and were charged with conspiracy to commit wire fraud and conspiracy to commit money laundering in March 2022. “[We] advise consumers to pursue emerging investment trends with diligence and skepticism,” the DOJ wrote in its release.

Baller Ape Club

In September 2021, Vietnamese national Le Ahn Tuan funded an NFT project called Baller Ape Club, promising holders benefits like a VIP lounge and exclusive rewards.

According to the indictment, when investors tried to purchase the Solana-based NFTs, they were falsely told that their transaction had failed. Shortly after, Tuan and his co-conspirators allegedly shut down the project early and stole $2.6 million worth of SOL from investors without ever providing them with the NFTs promised.

The stolen investor funds were then allegedly laundered through a process known as chain-hopping, where one coin is converted into another across multiple blockchains.

Tuan was charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit international money laundering in June 2022.

SudoRare

In August 2022, the developers behind a new decentralized NFT marketplace called SudoRare drained the project’s liquidity pool six hours after going live, stealing over 514 ETH, or about $815,000 at the time. They also deleted the project’s social media channels and websites.

Final thoughts

While DeFi protocols continue to be targeted by scammers and hackers, there are ways to prevent yourself from investing in fraudulent projects. In addition, law enforcement agencies and regulators are continuing to crack down on crypto scammers, showing a broader interest in holding scammers accountable and discouraging bad behavior.

Ultimately, none of these methods is 100% foolproof and we advise you to always use your best judgment. In addition, be sure to secure your accounts and educate yourself about other types of crypto scams in order to navigate the space safely.

This article was originally published on Aug 30, 2022 at 6:59 p.m. UTC

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Rosie Perper

Rosie Perper was the Deputy Managing Editor for Web3 and Learn, focusing on the metaverse, NFTs, DAOs and emerging technology like VR/AR. She has previously worked across breaking news, global finance, tech, culture and business. She holds a small amount of BTC and ETH and several NFTs. Subscribe to her weekly newsletter, The Airdrop.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.