Professional Documents
Culture Documents
Solidus Labs 2022 Rug Pull Report - Crypto + DeFi Scams
Solidus Labs 2022 Rug Pull Report - Crypto + DeFi Scams
The 2022
Rug Pull Report
Everything you need to know about
crypto and DeFi scams
December 2022
Solidus Labs Report Series www.soliduslabs.com
26 Broadway, New York, NY, 10004 United States
soliduslabs.com | @Solidus_Labs | hello@soliduslabs.com
The 2022 Rug Pull report 2
• The seven types of scam tokens, how they steal from users,
and how many investors they've harmed
Contents
What is a rug pull? 3
In total, five of these centralized crypto exchanges have more than $1 billion
worth of exposure to scam token deployers. 17 of these exchanges have more
than $100 million. Ninety-three exchanges have at least $1 million worth of
exposure to scam token deployers.
is likely that some of the crypto Voyager Digital - 9/5 Statement of Financial Affairs
Honeypots: 98,442
modifiers 40
Hidden max amount modiÞers:
Honeypots
External Contracts
Scams detected: 98,442
Scams detected: 35,424
A honeypot prevents the buyers of a token
from reselling it. This inability to sell causes In an external contract honeypot, a token’s
the token’s price to only increase for as transfer functionality is implemented in a sep-
long as the scammer would like, creating arate contract for which the source code is
the appearance of a “mooning” token and not public. This private contract blocks token
thereby tricking even more users into buying sales and swaps for all addresses except for
it. This is why honeypots are by far the most the deployer’s own.
popular rug pull — because they allow their
deployers to both manipulate their users
and the token’s price. Case study: The Squid Game token
The majority of honeypots to date have been The most famous example of the honeypot
implemented in one of four ways: liquid- exploit is the Squid Game ($SQUID) token. Cap-
ity pool blocks, using external contracts, italizing on the popularity of the eponymous
blocklists, or allowlists. Netflix series, SQUID called an external con-
tract in its deployment contract, making it look
like a rapidly-growing meme coin to many users.
Liquidity Pool Blocks Within days, investors had spent over $3.3 mil-
lion worth of cryptocurrency buying SQUID,
Scams detected: 30,323
none of which they could then sell. The devel-
A liquidity pool (LP) block honeypot pre- opers used this opportunity to drain SQUID’s
vents users from sending their tokens to liquidity pools and run off with users’ funds.
this token’s liquidity pool smart contract,
which is a necessary step in the sale/swap
of the token. Only purchases of the token
are allowed.
Blocklists/Allowlists
A hidden mint allows one or more exter- A hidden balance modifier allows one or more
nally owned accounts (EOAs) – in this externally-owned accounts (EOAs), or the
context, the personal address(es) of the token contract itself, to modify token holders’
token’s deployers – to mint new tokens balances. If the EOA sets holder balances to
using a hidden function within the token’s zero, this makes selling impossible, much like
contract. After calling this function, the a honeypot.
scammer can dump these extra tokens on
the market, devaluing the tokens held by
others.
Hidden transfers
Scams detected: 2,026
Fake ownership
A hidden transfer allows developers to send
renunciations tokens from other users’ addresses to them-
Scams detected: 48,974 selves.
Before pulling the rug, exit scammers may: The U.S. Attorney’s Office of the Northern Dis-
trict of Georgia’s press release announcing
• Create a misleading marketing website the convictions reads:
• Announce partnerships that don’t exist “Felton falsely represented to investors that
a prominent Atlanta rapper and actor was a
• Assert untrue claims about their develop-
co-owner of FLiK, the United States military
ment team or backers
had agreed to distribute the streaming plat-
form to service members, and FLiK was final-
• Give themselves token allocations well
izing licensing deals with major film and televi-
beyond what they claim to own in public
sion studios. In reality, the rapper had no role
• Engage in wash trading to artificially in the company beyond authorizing a promo-
inflate the token’s volume or price tional social media post, FLiK had no military
contract, and Felton never had discussions
• Use social media bots to spam positive with any studio about licensing content. Felton
sentiment about the token on platforms further claimed that he was actively develop-
like Twitter, Discord, Reddit, Signal, or ing the platform and would use all funds raised
Telegram in the ICO to launch FLiK. After the ICO closed,
Felton dumped more than 40 million FLiK
• When scammers have been caught coins on trading markets, causing the value of
making false representations like the FLiK coins to plummet.”
above, they have been convicted of crimes
like money laundering, securities and wire This case shows that U.S. prosecutors are
fraud. Atlanta film producer Ryan Felton, both willing and able to convict the scammers
for example, pleaded guilty to twelve behind soft rug pulls. The same may soon
counts of wire fraud, ten counts of money become true of hard rug pulls, too.
laundering, and two counts of securities
fraud after executing two 2018 rug pulls —
FLiK and CoinSpark.