Hacken Ecosystem

Star Names Rug Pull

On June 16, PeckShield Alert detected a rug pull in which scammers stole more than 1.6k BNB (around $350k) and laundered it via Tornado Cash. Before the drain, the attacker distributed 100 BNB among the following nine coins: Llama, Armadillo Coin, StarMan, SlothCoin, HellBender, BabyElon JackInTheBox, Starlink2, and ElonMVP. Fun fact: all these projects are named after celebrities. This helped the scammer pump the price of these “Star Names.” After the injection, the attacker drained dozens of coins. Most notably, they pulled out 189 BNB from Starlink2, causing the price to drop to one percent of its initial value. 

If you are interested in investing in projects bearing the names of celebrities, then, first of all, DYOR before investing in another “high-profile and attractive” project. In this article, we are going to help you.

Rug pull: What type of scam is it?

Pulling the rug out of someone means a sudden withdrawal of crucial support. In crypto, a rug pull refers to a scam where the team abandons their new crypto project. In particular, the team first attracts funding from investors for their new cryptocurrency and then sells their stock while the coin is worth something. Investors are left with nothing.

Rug pull trends

A rug pull has become increasingly common. According to the Defiyiled Rekt database, 16 rug scams have been registered in 2022. Scammers steal more and more money through rug pulls. At the beginning of the year, the first 13 rug pulls resulted in damages of around $100-$150k each. However, the last three rug pulls combined caused nearly $10 million in losses.

How do Rug Pulls Unfold?

Rug pulls are like phishing scams but for large investors. The malicious crypto project looks real, but that’s the point. The only purpose is to attract enough funds and pull out. This type of scam happens mostly on decentralized exchanges (DEXs). The new coin is paired with a leading cryptocurrency, such as ETH.

Developers may hype it on social media. They may even use deepfakes to make their scam project look more reputable. In another variation, a rug pull looks like a pump and dump. Developers themselves inject money into the project to boost confidence. Unsuspecting victims swap their ETH for the malicious coin. At this point, scammers abandon the project and flee with the money. 

Of course, the cryptocurrency price will drop to zero when developers sell all their stock at once. Even worse, there is no hope of recovery because the market learns that the project had been useless all along.

Preventing Rug Pulls

The decentralized finance (DeFi) ecosystem creates breeding conditions for rug pulls. The problem with DEXs is the lack of control. Unlike centralized exchanges, almost anyone can list a coin on DEX for free without any audit. Scammers also rely on open source, accessible, and simple blockchain protocols, such as Ethereum. However, it is possible to recognize and prevent rug pulls.

  1. Check liquidity. The first step is to check the liquidity in a pool of the available balances in the token. Uniswap and other DEXs provide this information automatically.
  2. The pool must be locked. Most credible projects have locked pools. The funds have to stay there for a specified period. Developers will not run with investors’ funds.
  3. Be aware of enormous price increases. A coin heading for a rug pull may skyrocket in price hours before the abandonment. The price increase is meant to push investors into the FOMO state.
  4. Consider token ownership structure. The risk of a rug pull is lower when the development team does not own any significant amount of coins.
  5. Rely on external experts. Don’t forget to check the external security rankings of a project and see if the smart contracts have been audited.
  6. Don’t ignore time-proven cybersecurity essentials.