A rug pull is a type of scam where a cryptocurrency or NFT developer generates a buzz around their project to attract investors. Once the project gains sufficient traction, the developer abruptly pulls the kill switch on the project, removes, redirects, or sells all the liquidity, and disappears without a trace.
Recent Rug Pulls of 2023
The first half of 2023 saw more than 110 rug pulls amassing losses to the tune of $75.87 million. Here are some of the most notable ones:
Morgan DF Fintoch: DF Fintoch piggybacked on the credibility of reputed investment bank Morgan Stanley to rug 31.6 million USDT in May of 2023. The cryptocurrency investment platform promised investors a daily return of 1% on their investments, only to go radio silent.
BALD: BALD was a meme coin launched in July of 2023 on Base. Amongst other things, the quirky coin promised to donate a part of its proceeds to research on hair loss. Deployers invested about $12 million in BALD on the first day, causing it to skyrocket to 4,000,000% and pulling the rug in August to steal $9.28 million from the project.
Kokomo Finance: The Optimism-based lending protocol witnessed a rug pull in March 2023 as the KOKO deployer exploited the smart contract code to siphon funds to different addresses. This incident cost investors a whopping $5.5 million.
Magnate Finance: Magnate Finance, another lending and borrowing platform on Base, rug pulled its users off $5.3 million. The event took off in August 2023 when crypto watchdog ZachXBT discovered links between Mangate Finance with Solfire, another exit scam.
GMETA: The GMETA rug pull unfolded with the slippage of the token value by 96% in July 2023. It corresponded with the creator withdrawing the 1 million tokens into an externally owned account and dumping them for $3.6 million.
Swaprum: The deployers of Swaprum, an Arbitrum-based decentralised exchange, executed a rug pull in May 2023 using a backdoor function to drain liquidity from the profit pools. Such a move cost investors $3 million in losses.
Merlin: Based on the zkSync protocol, Merlin is a decentralised exchange that fell prey to insider rug pull in April 2023. The $1.8 million rug pull was orchestrated by Merlin’s Europe-based back-end team. Even though CertiK took responsibility for audit lapses and managed to freeze $160,000 of the stolen funds, the incident caused a major trust erosion.
Seeing the prevalence of rug pulls in the DeFi, NFT, and Web3 ecosystem, the best line of defence is to gain increased consciousness and awareness of the issue.
Overnight success and unfounded hype are often ominous red flags of an imminent rug pull. Further, investors should probe deeper into the project and founders and closely track the project’s socials. Finally, DYOR - if anything feels too good to be true, then it probably is!
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit https://rivanorth.com/ to find out more.
You build the future. We help you secure it.