Analyzing Common Eyewash in the Crypto Assets Industry: Rug Pull

Rug Pull is one of the most common eyewash methods in the field of Crypto Assets. Although many cases have been exposed, there are still a large number of potential scams that remain undiscovered. According to data statistics, there are at least 188,000 suspected Rug Pull scam projects on Ethereum, a well-known public chain, and other major Layer 1 blockchains.

Distribution of Rug Pull Projects

According to the data, 12% of the tokens on a well-known public chain exhibit characteristics of fraud, while 8% of ERC-20 tokens on Ethereum show suspicious signs. At the same time, approximately $910 million in ETH related to fraud has been processed through centralized or regulated exchanges. Other data also shows that in October, 11 DeFi protocols were attacked, affecting Crypto Assets worth $718 million, setting a record for the highest single-month crypto loss so far this year.

A well-known public chain has become a popular target for eyewash, possibly due to its continuous addition of new features and expansion of its user base as a large-scale Crypto Assets trading platform. The platform seems to have realized the prevalence of smart contract scams on its network and has currently integrated risk monitoring tools to detect and notify users of potential risk projects in real-time, including various scams such as Rug Pull.

Common Tactics of Rug Pull Projects

Rug Pull projects are usually carefully designed in smart contracts to siphon off funds from retail investors. The main design objectives include:

1. No secondary sales
2. Allow project developers to freely mint new coins
3. Charge the buyer a 100% sales fee

These malicious scripts are hidden in the tokens, and once unsuspecting investors purchase them, they face huge risks. In most cases, Rug Pull tokens appear no different from other Crypto Assets and also follow the homogenized token standards of blockchain, but the real problem is hidden in the source code of the smart contracts.

Scammers often launch Rug Pull projects after deploying tokens with vulnerabilities. Once deployed, they create liquidity pools on the decentralized exchange (DEX), pairing the token with other "legitimate" Crypto Assets. Subsequently, they artificially generate a large volume of trades to inflate the token's value, attracting the interest of retail investors.

In addition, Rug Pull projects may also package their "legitimacy" in the following ways:

1. Create eyewash websites and develop roadmaps
2. Claiming false partnerships, using fake avatars of well-known developers
3. Advertising on social media

When the number of people buying tokens reaches a certain scale, the scammers behind the project will begin to sell off. They will quickly sell the tokens and exchange them for other Crypto Assets on the DEX. A large-scale sell-off in a short period of time will lead to the token price rapidly dropping to zero, achieving the scam.

Main Types of Eyewash Token Frauds

Currently, there are three main types of Rug Pull in the market:

1. Hidden Honeypot Vulnerabilities
2. Hidden custom coin functionality
3. Hidden Balance Modification Backdoor

Honey pot vulnerabilities usually prevent token buyers from reselling, allowing only developers to sell the held Crypto Assets. Ordinary investors often receive error messages when trading, unable to withdraw. Such eyewash often drives up token prices in the short term, enticing more unsuspecting users to buy. As of October 25, 2022, there are approximately 96,008 token projects on the market that are hiding honey pot vulnerabilities.

The private token creation feature allows specific accounts to mint new tokens using hidden functionalities within the contract. When scammers invoke this feature, they can obtain a large number of tokens and dump them onto the market, resulting in a significant devaluation of other holders' tokens. As of October 25, 2022, there are approximately 40,569 projects in the market with hidden private token creation functionalities.

The balance modification backdoor is similar to the private token creation feature, allowing specific accounts to modify the balance of token holders. When these accounts set the holder's balance to zero, the victim will be unable to sell or withdraw, while the scammer can remove liquidity or sell the tokens to exit.

Conclusion

As eyewash in encryption continues to increase, investors need to carefully assess risks when choosing projects. At the same time, regulatory agencies should strengthen their crackdown efforts to protect consumer rights and enhance the integrity, transparency, and consumer protection standards of the market.