News and Publications

Crypto rug pulls: The latest scam

Posted: 20/01/2022


Recent news has again drawn attention to the crypto industry as fraudsters exploit unwitting investors looking for the next astronomically high returning altcoin. The most recent coins in question are CryptoEats, a supposed food delivery company where customers can pay using cryptocurrency, and the Squid Game coin SQUID that has capitalised on the recent success of a TV show by the same name.

While the coins are ostensibly different, the method of the fraud is the same: a “rug pull”, which is a term well-known in the crypto world. Around $3 billion was lost as a result of "rug pulling" in 2021.

These recent frauds highlight not only how errant developers can exploit exposed investors, but also how investors may be leaving themselves open to such ploys. In this article, we explore what a rug pull is, what red flags investors ought to be alert to, and how – if such an investment goes wrong – investors can seek to obtain compensation.

What is a “rug pull”?

The term refers to unknowing investors “having the rug pulled from underneath them” by the creators or developers of a cryptocurrency. This can take a number of forms, but the most common type of rug pull is the liquidity scam, which most commonly takes place on decentralised exchanges (DEXs). These are run by consensus with numerous machines working together as one network, rather than on a centralised exchange (CEX), which is privately owned by one central party.

On a DEX, developers can create a coin (a crypto asset, or cryptocurrency) and list it for purchase relatively easily, quickly and for free. In comparison, a more rigorous approval process takes place on CEXs, which usually require the details of their users to comply with KYC/AML.

A new coin created on a DEX must be paired with another cryptocurrency, as fiat currency (such as sterling pounds or US dollars) cannot be traded on DEXs. The creators or developers will be required to add an amount of the paired cryptocurrency along with an amount of their own new token to a “liquidity pool” which then facilitates the trading of the coin with a paired cryptocurrency.

Once a coin is listed on a DEX, developers of a new coin who intend on rug pulling will often whip up a PR storm around the coin on social media and inject substantial liquidity into the pool. They may also artificially pump up the price of the coin by purchasing large amounts of the coin themselves before gradually selling this as legitimate traders buy the coins (known as a “pump and dump” scheme, which three celebrities including Kim Kardashian and Floyd Mayweather Jr. have recently been sued for allegedly engaging in).

This activity generates a value for the coin in the market and encourages unwitting investors to rush to buy the coin as the price skyrockets. Once the trading volume for the coin reaches a high level, there will be a significant amount of paired cryptocurrency in the liquidity pool.

At this point, the rug pull takes place: rogue developers will withdraw all of the paired cryptocurrency in the liquidity pool and disappear into the ether, often closing down social media accounts, websites and other avenues for communication. This drives the price of the coin to zero, and any investors left “holding the bag” will have lost their investment in the coin.

This may take place over a number of months or a short period, as was the case in CryptoEats where the developer was reported to have pocketed $500,000 in just minutes!

Alternatively, rogue developers may manipulate the function of tokens to complete a rug pull. Legitimate developers will usually select a host such as ERC20 that contains a set of standards that are common to all coins that use the ERC20. These standards include a function called “approve” which permits a token holder to sell the token on a DEX for other assets.

However, a rogue developer may manipulate the “approve” function to prevent users from being able to sell the token, only allowing the token to be bought, and reserving the ability to sell the token to the developers themselves. In such a scenario, developers can liquidate their holding once the market has driven up prices of the token sufficiently, while users are left unable to liquidate their holding.

This is the kind of manipulation at the heart of the recent Squid Game token scam which left users unable to sell their tokens after the coin’s price soared from $0.012 to $2,861.80, at which point the founders liquidated their holdings and disappeared.

Hallmarks of a rug pull scam

Beyond the functionality and purpose of genuine cryptocurrency projects, the price volatility of cryptocurrency is appealing for those looking to make a quick buck from cryptocurrency. Users search for new coins on the DEX, hoping to get in early and to maximise their profit on what could potentially be the next big coin.

There is nothing wrong with that. However, users should consider their investments carefully. In particular, users should be wary of the following characteristics, which are commonly found in rug pulls:

  • buy only: as mentioned above, users are at risk when they are unable to sell or spend the coins they hold in their wallet. Coins with no sell functionality are often found to be scams;
  • mysterious founders or developers: if very little information is available about the coin’s origins or its founders, this may be a cause for concern. Recent genuine altcoins have taken to Reddit or YouTube to host AMAs (Ask Me Anything), for example. A genuine, reputable and transparent project leadership team is less likely to be the root of a rug pull;
  • attention to detail: this hallmark was particularly prevalent with the SQUID coin discussed above. The project’s website, promotional materials and white paper were littered with typos, grammatical errors and vague claims. This is a red flag for any coin;
  • developer holdings: check how many of the coins in circulation are held by the developers themselves, or in just a handful of wallets. A substantial proportion of the token supply held by the developers themselves indicates that they are well placed to manipulate the value of the coin.
  • liquidity: low liquidity, or trading volume, indicates that the token may be difficult to exchange for other coins or for fiat. If the coin’s liquidity is low, it is far easier for developers to manipulate the price. Generally, experienced crypto investors will look for a trading volume of 10% to 40% of the coin’s market capitalisation. Any less, and the liquidity of the coin could be suspicious;
  • locked liquidity: Developers of genuine crypto projects will often “lock liquidity” to protect the legitimacy of the coin. This action is where the developers will lock the liquidity on the blockchain or with a third party, which prevents developers from interacting with the token supply. While the liquidity is locked, developers are unable to sell the tokens, thus removing the opportunity for a rug pull. Coins with locked liquidity are seen as more trustworthy, and – generally speaking – the longer the liquidity is locked, the better; and
  • project code: most developers make the project code publicly available as particular hallmarks of a rug pull scam can be spotted in the code. If the code is not available to view, this may be a red flag.

These hallmarks are some of the more prominent characteristics of cryptocurrency rug pulls, although there are other signs. Generally, coins that appear overnight to great amounts of PR and hype should be approached with an abundance of caution, and research should be undertaken before committing to purchase coins on DEXs.

For those not prepared to invest in DEX-based coins, trusted cryptocurrency platforms (such as our client, coinpass) conduct a thorough vetting process before hosting any coins on their platform. While risks do still exist, some relief can be taken from the fact that some of the due diligence has been undertaken for you.

What happens if it goes wrong?

While cryptocurrency scams are difficult to trace, it is not impossible. There are several examples of cryptoassets having been traced and frozen to prevent them from being dissipated before proceedings can be commenced to obtain the return of such assets.

In England, the courts recognise cryptoassets as ‘property’, such that they can be frozen by a Mareva injunction or a proprietary injunction. Bankers Trust Orders are often made to compel exchanges to provide to the victim the KYC information of the wallet in which the assets are being held.

Other common law jurisdictions have followed England in this regard. In Hong Kong, for example, the Court of First Instance[1] granted a Mareva injunction to freeze the Bitcoin assets of the defendant, and in Singapore the courts have adopted a similar position. Consequently, the legal remedies appliable to personal property apply equally to cryptocurrency under English law. See our previous article: To bitcoin or not to bitcoin: Property, Jurisdiction and a step closer to global regulation?

The case of AA v Persons Unknown and others[2] provides some light for investors and highlights how crypto scammers can still be brought to justice, despite the apparent anonymity of the blockchain. The case arose following the hacking and encryption of a Canadian insurance company’s customer systems.

The Canadian company was subject to a ransomware demand for $1,200,000 in Bitcoin in exchange for the release of the systems, and the company’s insurer agreed to pay $950,000 in Bitcoin in settlement of the ransom. Once the payment was made, and the customer systems recovered, the destination of the funds and the source of the hacking was investigated by consultants hired by the insurer.

The consultants were successful, and the transfer of Bitcoin was tracked to a bitfinex.com address, at which point the insurer applied for an interim proprietary injunction over the Bitcoin ransom which was granted by the High Court, despite not knowing who the perpetrator was.

What this usefully illustrates is that there is indeed an existing framework within the judicial system that facilitates the tracking and retrieval of cryptocurrency obtained maliciously and through scams. This should provide some comfort to the victims of crypto scams.

Spot the red flags

There are no overarching authorities to authenticate tokens or projects on DEXs so tracking the architects of rug pulls is difficult (although not impossible). Some even allow developers to list tokens without an audit of the coin or project before listing. The decentralised nature of blockchain itself inherently affords relative anonymity to its users and this is what many see as one of its most appealing features.

Consequently, tracking and preventing scams is difficult to achieve once it has taken place although, as illustrated above, not impossible. As they say, prevention is better than cure and avid investors ought to remain vigilant and be alive to the red flags summarised above before investing in a new coin.

 

Been a victim of a scam or want  to find out more about crypto rug pull scams?

If you want to find out more about rug pulls in the crypto industry or have been a victim of a rug pull crypto scam and wish to speak with Charlotte Hill, you can email her here.

If you want to find out more about our experience visit our Cyber Security and Cyber Crime page.

 


This article was co-authored by trainee solicitor Tom Perkins.

[1] Nico Constantijn Antonius Samara v Stive Jean Paul Dan [2019] HKCFI 2718

[2] [2019] EWHC 56 (Comm)


Arrow GIFReturn to news headlines

Penningtons Manches Cooper LLP

Penningtons Manches Cooper LLP is a limited liability partnership registered in England and Wales with registered number OC311575 and is authorised and regulated by the Solicitors Regulation Authority under number 419867.

Penningtons Manches Cooper LLP