Bybit Learn
Bybit Learn
27 août 2021

Why Crypto Rug Pulls Happen in DeFi — and How to Avoid Them

If you’re standing on a rug and it’s suddenly pulled out from under you, unless it’s a magic carpet, you’d fall on the floor. Worse yet, you might spill or lose everything you were holding onto at that moment. That’s exactly why you need to be aware of rug pulls, especially when you’re trading a volatile crypto asset.

In this guide, we’ll explain what a rug pull is, how it happens and how you can avoid them. Here’s what you need to know to stay ahead and minimize risks.

What Is a Crypto Rug Pull?

A crypto rug pull happens when developers create a token paired with a valuable cryptocurrency, list the token on decentralized exchanges (DEXs), and then pull all the funds out after the investor’s buy-in. 

Rug pulls are usually perpetrated by malicious scammers who create hype around a coin and then abandon the project, running away with the money. These cryptocurrencies are usually paired with reliable utility blockchains, be it on Ethereum or Binance Chain. This is because investors who swapped their ETH for the listed token gives the creators of the token a chance to withdraw the ETH from liquidity quickly. For example, meme coins are one of the craters that cause investors to concede into the FOMO spirit and get rug-pulled.

How Does a Rug Pull Happen?

Rug pulls usually happen within the decentralized finance (DeFi) space by pulling funds from a liquidity pool. To understand this in-depth, we need to know how liquidity pools function.

A liquidity pool is effectively a market maker for DEXs, meaning it provides buy and sell orders for a given token. Because there is no centralized system for facilitating trades, crypto exchanges need a way to keep order flow going. It’s also easy to list tokens on a decentralized exchange because there’s no one to audit the token. 

At its core, a liquidity pool is a pile of investor funds locked in crypto pairs that allow users to trade between different cryptocurrencies. Crypto pairs usually include a popular cryptocurrency like Ethereum’s (ETH) because it’s a well-established platform token with high availability. 

To encourage investors to pool their resources and act as a liquidity provider (LP), a trading fee is charged on orders and awarded based on the total value lent to the pool (similar to a dividend). In exchange for the crypto in their wallet dedicated to the pool, each user is entitled to a percentage of the overall fee. The higher the amount lent, the more money an investor stands to make. 

Creators of liquidity pools vie for more investors by offering higher yields. The below graphic depicts simply how liquidity pools function.

Liquidity pool explained
Image source:

Once the creators of a rug pull have amassed a large amount of liquidity providers with substantial capital, they pull all the available assets out. The coins are then exchanged in another marketplace and made untraceable to the victims. Because Ether is often used as the exchange currency, it’s easy to transfer between other wallets and “disappear” to other users. This removes all crypto assets — leaving the pool empty and the liquidity providers with nothing but disappointment. 

Why DeFi Became a Common Space for Rug Pulls 

As the name suggests, DeFi protocols have no centralized oversight relying only on smart contracts, making it a prime target for DeFi rug. In the first seven months of 2021 alone, DeFi saw record numbers of crimes. However, investors are getting savvier, and the amount of crypto stolen on DeFi platforms is down 64%.

Crypto fraud dips and DeFi hacks index

With DeFi projects, bad actors can create tokens, raise their profile and recruit investors. By using DEX platforms like SushiSwap or Uniswap, the tokens are created and listed without audit. All the scammers need to do is create a token with some apparent value, promise use cases, and create a market appeal for investors to buy it. 

As soon as money starts flowing into the project, its value shoots up and the creators sell these tokens, draining the value of the tokens to zero. They essentially take the money promised to the project in token sales for themselves, pack their bags and flee — in other words, pulling the rug from underneath their buyers. 

Since the DeFi space isn’t regulated, it’s easily targeted for crimes.

Real Examples of Rug Pulls 

Rug pulls in cryptocurrency markets are easy to pinpoint — after the fact.

Luna Yield

In August 2021, a criminal group walked away with nearly $7 million of funds taken from investors in one of the largest cryptocurrency DeFi scams to date. All social media accounts and the website for Luna Yield, a project on the DeFi platform Solana, were closed down. When users withdrew (or “unstake”) their funds, they found the pools were empty. They had fallen victim to a rug pull.

Image credit:


In one of the most publicized cases of 2021, Thodex, a Turkish-based platform, was closed, and its founder, Faruk Fatih Özer, is rumored to have fled to Albania with approximately $2 billion of investor funds. Özer is still on the run, but is being pursued internationally by Interpol and other agencies. Thodex built an active user base of 390,000 financial users. In April, the DEX was unexpectedly closed. It’s still unknown where the missing funds went.

Compounder Finance 

2021 also saw DeFi platform Compounder Finance set up a rug pull worth over $10.8 million in stolen customer funds. A breakdown revealed that contracts worth $5 million in Dai, $4.8 million in Ether and $750,000 in Wrapped Bitcoin (WBTC) were drained from Compounder Finance. In a scheme that sounds like something out of a thriller, the team replaced their secure and audited contracts with malicious ones that enabled them to steal locked investor money. They also cleverly mimicked the name of Compound Finance, a legit DeFi interest-earning protocol, to lure their marks into investing.

Meerkat Finance

In March 2021, Meerkat Finance, a DeFi yield project using a forked cryptocurrency of, perpetrated a rug pull worth $31 million in crypto assets. The platform’s official Telegram channel claimed that its smart contract vault had been compromised. Investigations suggested that either the private key of the Meerkat deployer was compromised or the incident was self-directed by the owners of the project. 


In June of this year WhaleFarm, a DeFi project token offering users unprecedented returns in exchange for staking its pool, crashed 99% in a matter of minutes (chart below), scamming investors out of $2.3 million worth of cryptocurrencies. The team, which was entirely anonymous from the start, is still unidentified.

So far, in 2021, over 1,300 exit scams have been pulled. These range from small value scams in the thousands to entire market users being taken for billions of dollars worth of ETH and other coins.

WhaleFarm Token Rug Pull
Image credit: TradingView and Reddit. An example of WhaleFarm Token Rug Pull.

Signs That an Exit Scam and Rug Pull Is About to Happen

Although exit scams and rug pulls have tripled in the last year, the total monetary amount stolen is dropping because investors are learning to watch for the signs. If you know what you’re looking for, it becomes easier to avoid these schemes. Below are some common signals to help you avoid falling victim to such an exit scheme.

Yields Are Too High

Many DeFi pools offer to facilitate the trade of tokens and lend them inside, creating extra yield to investors in the pool. WhaleFarm, for instance, offered rates that exceeded 100% APY. If you see a yield farm offering returns that are too good to be true, they probably are.

Creators Remain Anonymous

Image source:

There may be a rationale for creators to remain anonymous, from security and privacy to personal reasons. However, anonymity also makes it harder for bad actors to be tracked after pulling off a scam. If a project is started anonymously, with new social media accounts created within days or hours of a launch — that’s a big red flag. 

If projects have no ties to other successful projects or the crypto community as a whole, that’s also a red flag. Look on a project’s website for meaningful information about the team. If it’s just a bunch of fluff, proceed (if at all) with caution.

Coin Prices Skyrocket

With any asset, if you can’t see why the value is rapidly increasing, beware. Scammers can inflate a project by either putting in funds or creating false hype to get people involved in it by exploiting the “FOMO” — fear of missing out. Look for legitimate reasons such as new exchange listings, partnership announcements, or other good news that could be driving the spike. If these are non-existent, it may be a rug pull or pump-and-dump scheme. Remain skeptical unless you have a good reason not to be.

Extensive Marketing Tactics

Most crypto scams are designed with a rug pull in mind. Because of this, the use case for the token or pool is vague and unpractical. Instead, the creators rely on social media posts, crypto influencers and paid advertisements to gain support. Try to understand the legitimate use case for a project before jumping into a new token or pool. All sizzle and no steak won’t provide anyone with a good meal.

No Liquidity Lockup

Most legitimate liquidity pools lock in investor money for a certain amount of time. This does two things. First, the pool liquidity needed for token swapping, lending and other activities is ensured, so that the pool can continue to function. Second, it keeps the creators from quickly emptying the pool once it gets to a certain size — and running away with the money. A locked pool helps to safeguard investor interests. If there’s no lockup, it’s another red flag. 

How to Avoid a Crypto Rug Pull

By exercising caution and looking for the signs above, investors can mitigate the risk of becoming entrapped by a rug pull. Prudent investors exercise caution when entering new markets or investing in new pools. Greed can make poor business decisions seem much safer than otherwise, so knowing the signs of foul play will decrease one’s chances of falling prey.

Avoiding scams and potential rug pulls in crypto projects ultimately boils down to awareness before investing and doing your own research. Here are a few more ways to check the legitimacy of any project. 

Check liquidity

One way to assess a token’s legitimacy is to check its liquidity. Legitimate projects usually have millions in liquidity. These projects lock up a significant amount of tokens for a long time — and again, they cannot be withdrawn from the liquidity pool during that time frame. Check the project’s staking period, and verify the amount of liquidity belonging to a project’s owners. Legitimate platforms like PancakeSwap and Uniswap usually have liquidity information readily available. 

Review Github, Whitepaper and Social Media Channels 

Github is the code base hub for DeFi projects, usually containing their development activities. It’s well worth keeping an eye on these, as well as a project’s social media channels including Telegram, Twitter, etc. If the project is apparently not going through any active development and is a fork of another project, it might be a bad sign.

Confirm Team Credibility

Any project that’s potentially a rug pull is defined by its owners and creators. Their relevance to the cryptocurrency space, as well as their previous involvements, track records, social media and industry history and connections must add up if they are to gain credibility. The more questions than answers about the owners and team, the more likely the project is to be a scam. 

Look at Holders and Listings on DEX Platforms

If a token has only a few token holders and isn’t actively traded on multiple platforms, it’s possible that it might be a rug pull waiting. Tools like Etherscan and CoinGecko can reveal more information about a token. 

Should You Still Invest in DeFi?

DeFi is a young industry with great potential. It offers the freedom to borrow without any restrictions on credit history. All you need to borrow is collateral. Moreover, DeFi banking is truly private, as there is no centralized authority involved in dictating terms or taking high transaction fees. However, the downside of such an unregulated space is that anyone can list an asset with no central control over it. There’s no one to tell if a project is out to scam people, and that’s where rug pulls come in. 

As with any new technology, unethical players in the crypto space will try their best to con people who have less knowledge and experience. With many new projects, prices can be inflated short-term, and sometimes it can be difficult to separate hype from reality.

Investing in DeFi ultimately comes down to your available funds and your risk appetite. Make sure you do proper research before investing in a project, and really understand what the project is about. Online platforms and tools like Etherscan can help you evaluate the legitimacy of investments. 

Closing Thoughts

Rug pulls are usually very well planned and blatantly executed. The tokens that have been created promise exciting developments and garner a lot of attention in a short span of time. Instead of executing token sales, however, the teams behind the hoax are orchestrating an exit scam. Investors often don’t realize it until the token is drained of all value and its creators have long disappeared.

With growing interest in crypto, the stakes are becoming increasingly high. Scam artists are constantly looking for ways to make a quick buck off of unsuspecting victims. By keeping track of common signs of exit scams and conducting due diligence on prospective projects, you can decrease the chances that their next victim will be you.