The appreciation of cryptocurrencies in 2021 was accompanied by an increase in a regrettable type of attack: the rug pull.
But what does this type of attack consist of? Which protocols are most susceptible to them and how do you protect yourself from losing funds? Check out now what a rug pull is and how it works.
Robbery with scams
The term rug pull literally means “pulling the mat”, and characterizes a situation in which a protocol is abandoned by developers. As a result, funds from that network are stolen and investors lose all their invested capital.
Generally speaking, a rug pull occurs when the price of the token suddenly appreciates. At this point, developers often dump their funds, selling the tokens high. On the other hand, investors cannot do the same, earning a worthless token in hand.
This type of attack is called liquidity fraud and is the most common type of rug pull, which also involves an aggressive marketing campaign. Developers perform a series of dissemination actions, such as listing the token on a decentralized exchange (DEX) such as Uniswap or Pancakeswap.
Another way to show security is to pair the token with a high-end cryptocurrency such as Ether (ETH). Thus, developers form liquidity pools to attract more money to the project.
Direct manipulation of smart contract code is the second form of rug pull. When a user exchanges one token for another in a DEX, the contract must allow him to spend that token. This function can be manipulated to prevent this expense.
In this sense, a malicious developer can modify the “approval” function by changing the contract. This modification can act so that users can only buy a certain token, but not spend it.
By purchasing a token, users believe they will be able to sell it when the price appreciates. However, handling the smart contract algorithm releases this function only to developers.
As a result, developers find it even easier to sell in the event of a market rally. The other investors, on the other hand, are at the mercy of the scammers.
Rug Pull Scams in 2021
At least two rug pull attacks gained prominence in 2021. The first was the WindSwap (WINDY) protocol, which lost 95% of its value after a large loss of liquidity. The project also had its social networks deleted by the team.
The second attack, and also the most emblematic, occurred with the Squid Token (SQUID). This attack was a classic example of rug pull, as the token spill was recorded live.
To avoid falling into this type of attack, always check the project data, especially the amount of tokens in the hands of developers. At the same time, also check out what power the team has with regard to trading tokens. If they manage to sell them under special conditions, it’s a red flag about the project.
Another factor to be aware of is the number of active wallets interacting with the protocol. The fewer active portfolios, the greater the centralization of the project. And greater is the chance of falling into such a scam in 2022.