Introduction
With the increasing interest and fascination with financial innovations made possible by DeFi, scammers are finding more ways and loopholes to take advantage of them and defraud innocent investors.
In 2021 alone, cryptocurrency scams and theft in the DeFi sector totalled over $12 billion in crypto assets stolen from user wallets, as well as exchange holdings. Part of this theft was due to poorly programmed smart contracts and weaknesses in platform security, but the rest were due to cryptocurrency fraud, with bad actors taking advantage of users new to the space.
DeFi is an especially unforgiving space – usually, there aren’t any good ways to recover funds or hold malicious actors accountable. So in this post, we will explain the concept of DeFi in layman’s terms, thereby decreasing the chances of scammers taking advantage of you. This guide will educate users on how cryptocurrency scams work and how to recognize crypto scams.
AFTER READING THIS, YOU should be able to understand the following;
• The Concept of Decentralized finance (DeFi)
• How to do your own research before investing in any DeFi.
• Identify various crypto scams.
• General security measures against DeFi scams.
What is Decentralized Finance (DeFi)?
Decentralized Finance (or simply DeFi) refers to an ecosystem of financial applications that are built on top of blockchain networks. It attempts to recreate traditional financial services via a decentralized financial infrastructure. More specifically, the term Decentralized Finance may refer to a movement that aims to create an open-source, permissionless, and transparent financial service ecosystem that is available to everyone and operates without any central authority. The users would maintain full control over their assets and interact with this ecosystem through peer-to-peer (P2P), decentralized applications (dapps). The core benefit of DeFi is easy access to finance.
How to recognize crypto scams and DeFi scams and how to avoid them
How to recognize crypto scams and DeFi scams and how to avoid them
Decentralized Finance (DeFi) is abundant with innovation. It seems like new DeFi projects are launching by the minute, and it’s extremely difficult to keep up, let alone DYOR. Blockchains are permissionless – which is basically a fancy way of saying they are “public.”
No one needs permission to use them, develop for them, or launch projects on them. While this value is inherent to cryptocurrencies such as Bitcoin, it has its negative aspects as well. Anyone can launch scammy or misleading projects, and there’s nothing there to stop them. Hence the need to identify some common pattern that separates legitimate innovations from misleading ones.
Here is what to look out for before investing in any project.
- What is the purpose of the project?
This may seem like an obvious question to ask, especially if you’re new to the DeFi space. However, a good majority of crypto assets don’t bring anything new to the table. Sure, there’s extremely exciting innovation as well – that’s why we’re all here after all! But many new projects try to just piggyback on the attention on DeFi without even trying to innovate.
So, one thing you can ask is – does this project try to do something new and innovative? Are they trying to contribute to the new digital economy with their project? How is it different from its competitors? Is there a unique value proposition here? These are very simple, common-sense questions. But, by asking them, you can already weed out a good portion of scams.
- Development activity
Another thing you can look at is developer activity. DeFi is closely intertwined with the ethos of open-source. So, if you know a bit about coding, you can go ahead and take a look at the code yourself. The great thing about open-source, though, is that if there’s enough interest around the project, others will surely do.
This can likely uncover if the project has malicious intentions. In addition, you can also look at the development activity. Are the developers continually shipping new code? While this metric can be gamed, it can still be a good barometer for finding out whether the developers are for real or if they just want to make a quick buck
- Smart contract audits
Something that gets thrown around a lot with smart contracts and DeFi is auditing. Audits are supposed to make sure that the code is secure. While they are an essential part of smart contract development, many developers deploy their code without any audits. This can greatly increase the risk of using these contracts.
One thing to note here is that audits are expensive. Legitimate projects will typically be able to pay for audits, but scam projects usually won’t bother. So, does it mean that if a project had an audit, it’s completely safe to use? No. Audits are necessary, but no audit will ever mean total safety. Always be aware of the risks of depositing your funds into a smart contract.
- Are the founders anonymous?
The world of crypto is deep-seated in the freedom of anonymity (and pseudonymity) that the Internet can provide. After all, we’ll likely never know the identity of Satoshi Nakamoto – the very person (or group) that created the first cryptocurrency.
However, teams with anonymous founders still pose an additional risk you need to consider. If they turn out to be scammers, there’s a good chance they can’t be held accountable. While on-chain analysis tools are getting more and more sophisticated, it’s still different if the founders have a reputation at stake that’s tied to their real-world identity.
Note that not all projects led by anonymous teams are scams. There are certainly many examples of legitimate projects with anonymous teams out there. Still, you should consider the implications of team anonymity when evaluating projects.
- How are the tokens distributed?
Token economics is a crucial aspect to consider when researching a DeFi project. One of the ways a scammer can make money is inflating the token price while having a huge holding and then dumping it on the market.
What happens if, say, 40-50-60% of the circulating supply gets sold on the open market? The token price drops, losing almost all its value. While a significant founder allocation isn’t in itself considered a red flag by some, it can lead to problems down the line.
In addition to allocations, you need to consider how the tokens are distributed. Is it done through an exclusive pre-sale, available only to insiders who get a great deal then hype the project on social media? Is it an Initial Coin Offering (ICO)? Are they doing an Initial Exchange Offering (IEO) where a crypto exchange is putting their reputation at stake? Are they distributing tokens through an airdrop that likely causes a lot of sell pressure?
Token distribution models have a lot of nuances to consider. In many cases, it’s difficult to even get ahold of this information, which in itself can be a red flag. However, if you’d like to get a full picture of the project, this is absolutely essential information.
- How likely is an exit scam?
Yield farming (or liquidity mining) is a new way to launch DeFi tokens. Many new DeFi projects use this distribution method as it can create some favorable distribution metrics for the project. The idea is that users lock their funds into smart contracts and get a portion of the newly minted tokens in return.
You can probably see where this is going. Some projects will just outright take the funds in the liquidity pool. Some will use more sophisticated methods, or have a huge pre-mine.
In addition, new altcoins often get listed on automated market makers (AMM) such as Uniswap or Sushiswap first. If the project team is providing a good portion of the liquidity for the market pair on the AMM, they can just as well remove it and dump the tokens on the market. This typically results in the token price essentially going to zero. As there basically isn’t a market left to sell in, this is often called a rug pull.
SOME COMMON CRYPTO SCAMS
While it’s impossible to prevent crypto fraud and theft throughout the industry, the following common scams should be a part of every DeFi trader’s watchlist.
- A rug pull
Rug pulls are arguably the most common cryptocurrency scams in the DeFi space but can be one of the easier ones to spot for those who know what to look for.
A rug pull is when developers promote what appears to be an exciting revolutionary project. They gain a following and gather hundreds of thousands, if not millions of dollars, in support from investors.
Then, one day, these developers simply sell the tokens and disappear with the funds. These developers never intended to build a project with investors’ money. They simply wanted to conduct a scam. Investors will suddenly have nothing and the project will cease to exist. Investors essentially get the rug pulled out from underneath them.
By paying attention to a developer’s relationship with their communities, as well as their token distribution plans, it can be easy to spot a rug pull from a mile away. If a project fails to detail any sort of token lock-up period, especially a lock-up period for the developers, then these teams can do whatever they’d like with tokens at any point.
It’s best to align with projects that have detailed token lock-up periods to prevent developers from running off with funds. These projects will generally be very open with their community, providing consistent updates and a long-term plan. (While not exclusive to DeFi, a pump and dump scam is very similar to a rug pull.)
When a project is declared “none rug pull,” it signifies that the development team has not contributed many tokens. For example, a project could be termed none rug pull if it lacks the considerable hallmark of team-held tokens that could be taken in a rug pull or exit scam.
Another approach to consider a not rug pull project is if the team relinquishes control of any tokens, such as those obtained during a presale.
- Social media scams
All over Twitter are scam accounts impersonating various celebrities — some in the crypto space and others not. Regardless, these impersonators will reach out to crypto enthusiasts regarding their new project and might pretend to hold giveaways and competitions where users must send funds to a specific address.
It’s easy to check if these accounts are legitimate. For example, an impersonator will probably have a few thousand followers compared to the millions of followers on the actual celebrity account. These accounts often have basic grammatical errors and misspellings. Regardless, one should simply never respond to or send funds to an account on Twitter in the first place.
Such a seemingly simple cryptocurrency fraud plan might sound ridiculous, but they occur daily. In fact, in 2020, bad actors hacked legitimate celebrity accounts to send out such scammy tweets.
- Phishing scams
Phishing is a scam tactic as old as the internet — one where scammers pretend to be legitimate companies and gather personal info about their victims.
Defi phishing is usually conducted via email, with a bad actor pretending to be a representative from a trading platform or protocol. A scammer will make up an error such as “your account has been compromised. Send over your email and password so we can secure it.” Such tactics can include asking for wallet addresses and passwords, or demanding the victim send over funds.
Phishing emails might link to fake websites similar to an existing platform, enticing victims to input their private information only to have it stolen by the scammers.
To prevent falling for phishing blockchain scams, one must always check the contact’s email address. Often, the email will be full of random characters instead of an actual website name. Otherwise, never click on a link in a suspicious seeming email. If there may be a legitimate security problem, navigate to a platform’s website manually and double-check URLs to avoid such scams. For example, ensuring the URL has an HTTPS security certificate and that the URL is spelt perfectly correct.
General security measures to follow
It’s vital to keep an eye out for the aforementioned scams and frauds within Defi, but some generalized methods exist to help one stay off of a cryptocurrency scammer list.
Two-factor authentication (2FA)
No matter which realm of Defi one chooses to invest within, all platforms should have some form of two-factor authentication. 2FA is a security method that sends a text or email to a verified account, required after one inputs their password. This way, even if a bad actor gains access to one’s password, they’d need access to a mobile device or email to break into an account.
Use a hardware wallet
Hardware wallets are external devices in which users can store their private keys. As the Defi space develops, more decentralized applications (DApps) are becoming compatible with hardware wallets, meaning users can store their assets in a secure space while still easily accessing their Defi platforms of choice.
It’s difficult to recommend storing one’s assets in an online wallet, even if a platform provides that wallet. By holding assets online, users leave their funds open to theft. Defi attacks often result in thousands of users losing millions in funds. By removing a platform’s access to users’ funds, users are stepping their security up one level higher.
Investigate a community
Successful Defi projects often cultivate a fruitful community full of active users and developers who communicate back and forth. Such communication is vital to safely develop a platform everyone can enjoy.
That said, if there’s a project with inactive or quiet developers, they may be planning a rug pull or other type of scam. Crypto enthusiasts will always say that it’s best to know the team behind a project. If a team keeps their plans a secret or does not communicate with their community, there’s reason to believe they have bad intentions.
It is considered best to get involved in projects with thriving communities and, even then, do some additional research before forming an opinion. One can also pay attention to listing platforms and why they may or may not include a token. If a listing platform denies a token, it’s probably not one to invest in.
Conclusion
Whether you want to take part in the wild west of yield farming or simply use decentralized protocols to exchange and trade, Defi scams are abundant. Hopefully, these general guidelines can help you spot malicious projects and bad actors better.
Still, got questions about the Defi market and exit scams? Check out our Q&A platform, and join our telegram channel for more information.