Chainalysis: Rug Pulls Became Top Scam of 2021

The rapid growth of open finance in 2021 opened the door to a new type of scam – the rug pull. Chainalysis noted this scam made about 37% of all losses for the past twelve months. 

Rug pulls accounted for over 35% of all crypto scam revenue in 2021! Get a preview of what’s included in our 2022 Crypto Crime Report at the link below and don’t forget to sign up and be the first to get the whole report direct to your inbox next year

— Chainalysis (@chainalysis) December 16, 2021

Decentralized Trading Opens Rug Pull Opportunities

Rug pulls happen when a token-based decentralized project collects significant funds from investors in exchange for a new token. The new token is then usually listed on decentralized exchanges such as SushiSwap or PancakeSwap. The project team, instead of providing liquidity and waiting for its token to appreciate, usually dumps its holdings and takes any liquidity deposited into the trading pair. 

The team may also simply disappear after grabbing any funds made available through token sales. Among notable rug pull scams was the Evolved Apes collection, which raised millions with the promise of launching a game based on the collectible cards. 

Chainalysis notes that the usual level of scams in terms of blatant Ponzi schemes remains similar to previous years. But the appearance of short-term rug pulls is creating a long list of smaller losses, usually affecting new crypto investors interested in play to earn. 

Higher cryptocurrency prices meant the losses amounted to $7.7B in cryptocurrencies taken from investors. Exchange thefts continue, usually through compromised wallets. The other big source of scams is faulty smart contracts that can be exploited.

PeckShield, one of the major scam tracking services, also warns of new play to earn projects abusing its reputation. 

#ScamAlert We notice that a project OrionWarriors claims audited by PeckShield, which is not true. The audit report posted on its website is forged (https[:]//orionwarriors.com). This project is currently on so-called presale, stay *AWAY* from it! https://t.co/7kGa9EfR1f pic.twitter.com/ktp1PtAc8C

— PeckShield Inc. (@peckshield) December 8, 2021

With the addition of thousands of new token sales and collections, there is no guarantee their smart contracts and other infrastructure has been audited for flaws or maliciously placed exploit tools.

Play to earn also relies on reward smart contracts, which can become a point of failure for losses or exploits. Black Eye Galaxy, a new metaverse project, is currently overhauling its reward system. 

We are working on securing our reward contracts. So today some functionality could be temporarily disabled
We contacted Inspex https://t.co/3jZHbPOgGd to verify all our rewards contracts.
Our entire team apologizes for this. We will do our best so that this does not happen again

— Black Eye Galaxy (@blackeyegalaxy_) December 16, 2021

Other vectors of attack include attempts to scam a Discord community, as in the case of the Phantom Galaxies project. The gaming community was called through a faked team account and sent funds to a fake minting event.