Rob Behnke
April 28th, 2022
Exit scams are one of the major risks of investing in a cryptocurrency project. While some crypto projects are legitimate and offer the potential for significant rewards, others are scams. The challenge is differentiating between the two.
Exit scams – like rug pulls – don’t always come out of the blue. While none of these seven red flags is a guarantee that a crypto project is a potential future exit scam, they may be cause for concern.
Anonymity has been part of the blockchain from the very beginning with the true identity of Satoshi Nakamoto, Bitcoin’s creator, currently unknown. Many DeFi projects have followed this tradition with partially or fully anonymous teams behind them.
The fact that a DeFi project’s team is fully anonymous does not mean that it is a scam, but it is a warning sign. It is much easier for a project team to steal the project’s funds and disappear if no one knows who they truly are.
Exit scams are designed to be “get rich quick” schemes. The goal is to quickly create a project that users invest heavily in and then steal these funds.
Often, this means that the teams behind exit scams put less effort into the crypto project’s website, whitepaper, and other materials than a legitimate project. If the project website is incomplete, unprofessional, or largely ripped off from another DeFi project, it may indicate that the team was just throwing something together that was just designed to last long enough for the scam.
Most DeFi projects have big dreams. They promise to revolutionize finance by solving one of the biggest underlying problems or pain points that users face or offering significant rewards to investors.
However, while legitimate projects may have ambitious goals, they are within the realm of possibility or plausibility. If a DeFi project is promising something that seems too good to be true, then it probably is. In that case, the project likely isn’t planning to come through on those promises and is possibly a scam.
Carrying through on its promises and goals, regardless of their scope, requires a plan. A successful DeFi project has a strategy and defined milestones that carry it from its inception through meeting its goals.
It’s not uncommon for crypto projects to have gaps in their strategies or a roadmap that only reaches so far. However, having no strategy at all or one with major gaps may be a warning sign. The project may be a scam, and the team didn’t develop the roadmap because they didn’t need it. Even if this is not the case, a project without a plan is unlikely to meet its goals, making it a poor investment.
DeFi projects commonly create their own token and allocate a portion of the tokens to the project and the founding team. These tokens reward the team for their vision and work in making the project a success.
However, if too great of a percentage of the project tokens is allocated to the project team, this could be a red flag for a potential scam.
One form of rug pull involves the project team dumping their tokens and abandoning the project. The more tokens allocated to the project team, the easier this is and the more devastating it is for the project.
DeFi projects are implemented as smart contracts, and these contracts are commonly open source. This allows anyone to review the code of a contract to identify any vulnerabilities or malicious backdoors that could place the project and its users at risk.
If a project does not open source its code on Github or a similar platform, this could be a warning sign that the project has something to hide. This could be concealing malicious functionality or taking a “security by obscurity” approach to hiding vulnerabilities in code that could make it vulnerable to attack.
If a contract’s smart contract code is open source, then unusual functionality is a red flag. Many DeFi hacks and rug pulls have been enabled by custom implementations of common code. If a project is not using standard functions like the ones provided by OpenZeppelin or has modified the code, then this is a potential warning sign.
Other rug pulls have been made possible by code that allows deposits but not withdraws, trapping funds in the contract for the project team to steal.
DeFi projects involve complex, high risk smart contracts. These contracts are common targets of attack, and the price tag of a successful attack can be in the millions of dollars.
A security audit before launch is basic due diligence for a DeFi contract. If a smart contract has not undergone a security audit, then it is at much higher risk of being exploited by an attacker.
This also reduces the probability that oddities in the code, such as malicious backdoors, will be detected before they are exploited in an exit scam.
Just because a cryptocurrency project has one or more of these warning signs doesn’t mean that it is malicious. Projects without these red flags may also be malicious and lead to a rug pull. However, the presence of these warning signs may indicate an increased risk of an exit scam.
Investing in a crypto project is always a risk, and taking steps to manage that risk reduces your probability of falling for a scam. Do your own research and keep an eye out for potential indications that a project is not what it seems.