Risks of DeFi - Rugs
We all get a little defensive when it comes to our precious DeFi space. I know I’ve been guilty of defending DeFi even when it didn’t make a lot of sense. For outsiders, some aspects of DeFi can be very daunting and hard to understand. Not a lot of people realize that this is the Wild West out here and there’s a gold rush happening right before us.
However, knowing that, I think it’s important not to forget that there are risks associated with DeFi and some of the more prevalent ones are Rugs. No, I don’t mean that sweet rug your grandma has in her living room. I’m talking about the protocols that rip all the money out from underneath the investors like you and me.
In the NFT and Node spaces, rugs were a common setback unfortunately. This is because crypto operates in waves. While everything is happening all at once in the background, money flows in and out of DeFi in a unique way. As we saw the boom of NFTs of course we can expect to see fraud follow. This is the same for Nodes.
Before we can dive into the different types of rugs and how to do your due diligence to protect yourself from potential disasters it’s important to understand what exactly a rug pull is.
Rug Pull - When a protocol quickly drains the treasury of all its value and the owners walk away with all the money leaving the investors with their pockets empty and spirits crushed.
It’s sad, but rug pulls happen often and to an outsider of Defi it seems very hard to wrap your head around. So, let’s break it all down and hopefully we can help prevent you or someone you know from taking an unnecessary loss in the future.
There are two types of rug pulls in the DeFi space:
A soft rug typically occurs as an after-thought, while a hard rug is usually prepared in advance. Don’t get it twisted though, they’re both fraud and both leave the investor in shambles.
Imagine going on a blind date to a really nice rooftop dinner. Your guest arrives wearing a mask and some sunglasses. This may be odd but not totally unusual, especially for the times. You’re seated at a nice table in the corner and you get an opportunity to have a nice conversation. Mostly it’s pleasantries and you don’t get a whole lot of information from them. You can see them, you can hear them but do you really know them? No.
The two of you order a nice meal and have some drinks and when the bill arrives you notice your date excuses themselves from the table to use the restroom. You decide to be a nice person and pick up the tab and you wait for your guest to come back but the problem is they never return.
This is a soft rug.
Now, let’s repeat this scenario on the rooftop but this time your blind date shows up wearing a full on Halloween costume. They’re impossible to identify. They say a couple things to you but the conversation is really dry. They decide to order the most expensive steak and a very nice bottle of wine to go with it.
When the check comes instead of walking away they stand up and flip the table over, land a few punches to your gut, throw off their Halloween costume to reveal a squirrel suit and then leap off the building gliding away to never be seen or heard from again.
Now, the number one question I see after a project rugs is: Why?
Investors always want to know why the rug-pull has happened. The simplest answer is typically the right answer:
These individuals are slimy little thieves.
How can we prevent these from happening? We can’t. But one thing we can do is look for the red flags because hindsight when we look back at some of these fraudulent projects we can see a lot of red flags stacked on top of another and being able to identify those will help us avoid costly mistakes.
Now, when I say a soft rug is an afterthought it means that the creators didn’t setup the protocol with the intention of stealing your money. They could have originally started out with a vision to change the world and make the DeFi space a better place. Their protocol could have been an amazing idea with a road-map that sounded very promising.
There are many reasons why these soft rugs can happen but again, at the end of the day, these re slimy little thieves at the core.
Some signs of a Soft Rug:
-Lack of Experience
-Money changes people
A project can fail for many reasons. Most of the time we see projects collapse due to egregious tokenomics or inexperience of the team. A lot of people forget that these project leaders need to have a certain degree of technical skills along with an understanding of finance and economics.
When a project is failing due to a technical reason it can be easier for the team to just walk away rather than admit the problem and figure out a solution. Sometimes that solution may just be closing up shop and divvying the treasury up back to the investors.
I’ve noticed there is a severe lack of economic understanding when it comes to crypto. People are quick to discuss the crypto ecosystem but they aren’t looking beyond the space. For instance go into just about any Discord server and when the prices are down people are just regurgitating that the whole market is down. Very few understand why the market is down though.
As a wealth management company, which is what most of these projects are, there should be an understanding of the ‘Why’ behind the price action. Most of the time it isn’t that the whole market is down. It is a combination of many factors but most importantly that project’s tokenomics does not support a sustainable pay-out.
In other words, when markets are green there is more and more money dumped into projects. This of course drives positive price action and from an outside perspective it seems like the project is healthily growing. When markets are down though we don’t have that new money coming in. This should be the phase that the project is designed to operate in and if it has proper tokenomics it should be able to survive the winter until the next flourishing spring arrives.
Don’t be afraid to ask the team how they plan to manage your money. How do they intend to invest the treasury and what is their plan should things go sideways. If they have no plan or can’t answer your question this is for sure a red flag as it can lead to failed project.
Running a project takes ample amount of time. Very few understand the time commitment required to run a successful project in the crypto space. This can’t be your second job and it surely isn’t a side-hustle. Most protocols operate with millions of seed money and if they want their baby to grow they will need to invest their precious time to help it succeed.
This of course leads to long days and even longer nights. Eventually, those late nights become less and less romantic and when you have a project full of investors constantly seeking your attention it can become extremely overwhelming.
I have seen some projects balance their time properly. Those projects still exist today in-fact. I’ve also seen what can happen when the leaders, founders and staff don’t manage their time effectively. As the protocol slowly sucks away all their available free-time they are consumed and eventually break.
Lastly, when it comes to soft rugs we can’t ignore the giant golden goose in the room. Money really does change people. Have you ever had a friend that suddenly found wealth and now they are no longer your friend? It’s so common that it’s a Hollywood trope in movies.
It’s easy to say that money won’t change you or your beliefs but have you ever seen a million dollars? How about 10 million? It’s called life-changing because it is. The hard truth is some individuals just don’t have the mental fortitude to hold that kind of money without running away with it.
We don’t want to make excuses for soft-rugs. At the end of the day these are all still fraud. Typically, when it comes to soft-rugs, investors have made a portion of their money back but most do not end up with a return on investment.
How to Identify Hard Rugs
Now let’s deep dive into hard rugs and how you can prevent yourself from catching a big nasty bag.
Some signs of a Hard Rug:
-No contract audit
-No locked liquidity
-Team spends big money on marketing
-Templated websites & whitepapers
-Team can’t answer technical questions
-Team has a lack of community engagement
Individually, some of these are normal and okay. All together though and it is a recipe for disaster.
Anonymous teams are common in DeFi. It’s also one of the main reasons there is a lack of mainstream adoption in the DeFi space from traditional investors. There are many projects that have been successful with anonymous teams.
The problem and the most blatant concern is that if something bad happens there’s no recourse. This increases the chance for fraud to occur in the DeFi space when people can’t blame you for the crime.
A multi-sig helps prevent a sole entity from draining all the protocol funds or making decisions that could potentially hurt the project. You can think of the multi-sig sort of like the board of a traditional company. Individually, none of them can do anything except try and persuade others to vote in their favor.
When projects refuse to get a multi-sig this is a major red flag and every project should want to have a multi-sig as it protects their company from malicious activity. Of course, unless that malicious activity is coming from themselves, then it would make sense in their eyes to not have a multi-sig.
We’ve seen so many vulnerabilities in smart contracts in DeFi. A contract audit by a reputable company is a must-have from every protocol. This ensures that the contract is not open to potential unwanted liabilities.
Contract audits aren’t cheap. In-fact they can be quite expensive at times and most protocols would rather be spending that money in helping their project grow. However, you can think of the audit as a security system on your house. Intruders can still get in but it does make it a little more difficult to do so.
Projects that refuse the audit are leaving themselves open for potential comprising events to happen. Every project should want to protect their investment and every investor needs to have their investment protected as much as possible.
Keep in mind that audit is only good for the contract that was sent to them. If protocols make changes to their contract after an audit has been performed, those changes were not reviewed by the audit company.
If the protocol does not seek an additional audit this could null and void the original audit report and open the protocol up to more unnecessary vulnerabilities. Believe it or not, there are shady individuals scouring DeFi and reviewing smart contracts for holes and backdoors in to commit fraud.
Locked Liquidity & Team Pay
New projects are start-up businesses. These new companies are trying to beat all the odds to survive and it is exponentially harder to survive if the new business is rewarding the founders with high paychecks the investors are paying for.
Does that mean that I believe the team shouldn’t be paid? Definitely not. However, depending on the project as well, the community should be able to see exactly what that pay is going into the investment. In some cases projects advertise being a decentralized autonomous organization (DAO) where the community gets to vote on every decision, including team pay.
Locking up the liquidity in a project is an additional safety measure to ensure the team, founders or any shady character cannot drain all of the projects money for themselves. It’s hard to justify protocols that aren’t locking up that liquidity.
In my opinion, these project developers and founders have a vision and if they truly believe in their vision it should be no problem locking up those funds. Be weary otherwise.
Spending big on Marketing
When we studied the worst rugs in DeFi space we see some common similarities. One in particular is the marketing budget. Those projects paid an unnatural amount of money to influencers and we saw them heavily shilled all across the Crypto Twitter space.
These projects didn’t care about the influencer audience either. As long as their project was being promoted they were happy to pay an absorbent amount of money to anyone willing to talk about their project. This can feel a bit uneasy.
When a project spends big on marketing though it doesn’t necessarily mean it’s a red flag. We want to see a healthy amount of promotion happening as it does spread word of the project and attracts more investors to their project. However, there are some “pink flags”:
-Token Pre-Sales (sometimes across multiple rounds)
-NFT Pre-Sales & Auctions
All of the above are ways we have seen projects acquire large quantities of money before the project even opens the doors. When you couple that with large Twitter accounts shilling and you get a lot of hungry investors shelling out their cash. Which, to a thief, can be a massive payday.
Templated Websites & Whitepapers
I’ve looked at so many different protocol websites & whitepapers in my time in DeFi. This is typically the only information we have from the team that is “selling” their project over others. A proper whitepaper should include the following:
-A high-level overview of what the project is
-A clear understanding of how an investor makes a return
-A breakdown of the tokenomics
-How the project is innovating the space they are launching in
-What the road-map going forward looks like
The above isn’t a requirement but when a project fails to deliver these important details it can sometimes lead to confusion or a lack of vision from the team. This isn’t necessarily a red-flag. In my opinion, sometimes these teams may just not know how their project is going to evolve. They may not be solving any problems right now but their road-map may show how they plan to innovate in the future.
Where things become sketchy is when the team uses a template for their investor-facing content. A white paper can be templated on purpose but if you start to notice the same tokenomics, the same “vision” and road-map as other projects this is a major red flag.
If the website is an exact replica of another protocol in DeFi it may also be a major red flag. In some cases the team may use the same website designer but there is a difference from a similar website to an exact replica. Believe it or not some project websites in DeFi can rip off a website word for word. Sadly, I’ve never seen one of these protocols end without stealing from their investors.
If you happen to notice a project has similar tokenomics, gamification or utility it may be wise to review the original project to see how well they have done. Some forks of projects do better than the originating parent project because of the team. The team may make better investment choices that drive the success of the project further than the originator.
Lastly, remember that the whitepaper is the sales pitch. It needs to be unique to the protocol. Otherwise, the protocol is not unique, which can lead to a lack of innovation and ultimately can end up a failure.
Community Engagement & Team Experience
I’m in over 200+ Discord communities. There are some teams who do an excellent job of communicating everything with their investors. They host weekly AMAs, game nights and have moderators 24/7 monitoring the chats for investor questions and concerns. These teams typically can provide detailed responses to all of their community questions.
Unfortunately, there are some other teams that have a severe lack of team engagement. They rarely communicate with the investors, cherry pick the questions they answer, often delete messages from members and utilize the ban feature a little too heavily.
This insinuates that the project leaders and team don’t understand their own protocol. This could mean a lot of different things but typically points to outsourcing their code. Without in-house technical support the pesky problems that all protocols seem to face could be lingering for longer than they should, which would leave the project open to outside vulnerabilities.
It’s important to clarify that the project leaders and team don’t need to have all the answers. They just need to know how to find the answer and when it comes to what they designed they surely need someone on their team that understands how to answer those questions.
Transparency is key to success in DeFi. Projects that never host AMAs or only have Mods answering questions tend to give me pause. Seriously, who cares about a trivia night if the leaders are never around to face their investors?
Everything you just read is what I look for in a project before I put my hard earned money into their hands. My goal is always to provide my investments with the best chance of success as possible. While it doesn’t always work out it definitely helps prevent unnecessary losses. The next time you see the term, “DYOR”, just remember that this is the research you should be doing. Every time. No exceptions.