"Rug pulls" have caused a loss of $2.8 billion, becoming the biggest scam in the DeFi ecosystem
Rug pulls accounted for 37% of all cryptocurrency scam revenue in 2021, compared to only 1% in 2020.Source: Chainalysis
By transaction volume, scams have once again become the largest form of cryptocurrency crime, causing global victims to lose over $7.7 billion worth of cryptocurrency.
Compared to 2020, scam revenue increased by 81%, while it significantly decreased compared to 2019, largely due to the absence of large-scale Ponzi schemes. In 2021, Finiko changed this trend, a Ponzi scheme primarily targeting Eastern Europe, profiting over $1.1 billion from victims.
Another change contributing to the increase in scam revenue in 2021 was the emergence of rug pulls, a new type of scam particularly common in the DeFi ecosystem (referring to cryptocurrency developers withdrawing support, DEX liquidity pools, or suddenly abandoning a project, taking investors' funds without warning). We will explore rug pulls and the Finiko Ponzi scheme in more detail later in the report.
Scams, as the largest form of crypto crime, specifically target new users, making this one of the biggest obstacles to the continued adoption of cryptocurrency. Some crypto companies are taking innovative measures to leverage blockchain data to protect their users and nip scams in the bud before users are defrauded.
2021: More Scams, Shorter Lifespans
Although scam revenue in 2021 significantly increased, at the same time, the number of deposits to scam addresses dropped from 10.7 million to 4.1 million, suggesting that the number of victims decreased, and thus the average amount scammed from each victim increased.
However, the money laundering strategies of scammers have not changed much. As in previous years, most of the cryptocurrency sent from scam addresses ultimately flows into mainstream exchanges.
The number of active scams (scammers' addresses receiving funds) also significantly increased in 2021, rising from 2,052 in 2020 to 3,300.
This is closely related to another trend we have observed in recent years: the average lifespan of financial scams is getting shorter.
In 2021, the average active days of financial scams was only 70 days, down from 192 days in 2020. Further observation shows that the average active days of related cryptocurrency scams was 2,369 days, which has been steadily declining since then. One reason may be that regulatory and law enforcement personnel are getting better at investigating and prosecuting scams.
For example, in September 2021, the CFTC (Commodity Futures Trading Commission) filed a lawsuit against 14 investment scams claiming to offer compliant cryptocurrency derivatives trading services, but they were not registered with the CFTC as futures commission merchants, which is a common type of scam in the crypto industry. Previously, these scams might have lasted longer. As scammers become aware of the "threat" from regulators, they may feel pressured to "shut down" before attracting the attention of regulatory and law enforcement agencies.
Meanwhile, we can observe the end of the long-standing correlation between cryptocurrency prices and scam activities.
Scams typically arise during periods of sustained price increases of popular cryptocurrencies (such as Bitcoin and Ethereum), which is also when a large influx of new users enters the market. We can observe this in the chart below—after the bull markets of 2017 and 2020, the number of scam activities surged. This is not surprising. Compared to experienced users, new users attracted by the growth of the crypto market are more likely to fall victim to scams.
However, the relationship between asset prices and scam activities now seems to be fading. In the chart below, we can see that scam activities rose alongside the prices of Bitcoin and Ethereum until 2021, after which scam activities remained steady or even began to decline regardless of price fluctuations.
Rug Pulls Become the Latest Scam Form
Rug pulls have become the largest type of scam in the DeFi ecosystem, accounting for 37% of all cryptocurrency scam revenue in 2021, compared to just 1% in 2020.
In summary, in 2021, various rug pull scams defrauded victims of over $2.8 billion worth of cryptocurrency.
Like many emerging terms in the crypto industry, the definition of "rug pulls" is not fixed, but it generally refers to developers of new crypto projects withdrawing from DEX liquidity pools or suddenly abandoning a project, taking investors' funds without warning.
Rug pulls are most common in DeFi. Most rug pulls require developers to create new tokens and promote them to investors, who trade this new token in the hope of appreciation, providing liquidity for the project. However, developers ultimately withdraw funds from the liquidity pool, rendering the token worthless and then absconding.
The reason rug pulls are so prevalent in DeFi is that scammers possess some knowledge of blockchain technology, making it cheap and easy to create new tokens on the Ethereum blockchain or other blockchains, and they can list them on decentralized exchanges (DEXes) without code audits.
It is worth noting that decentralized tokens are designed to allow investors to vote on issues such as how the assets in the liquidity pool are used while holding the tokens, which prevents developers from directly withdrawing funds from the liquidity pool. While auditing firms that help identify code vulnerabilities are common in the crypto industry, the ability to list new tokens directly on most DEXes has led to the proliferation of rug pulls.
The chart below shows the top 15 rug pull scams ranked by the value of stolen assets in 2021, with the "Squid" game that the Chinese community was more widely exposed to only ranking 9th.
However, not all rug pulls occur in the DeFi space. In fact, the largest rug pull of the year was Thodex, a centralized exchange that claimed to be a major exchange in Turkey, whose CEO fled shortly after the exchange stopped allowing users to withdraw funds. In total, this scam caused its users to lose over $2 billion worth of cryptocurrency, accounting for nearly 90% of the value of stolen assets in all rug pull scams.
AnubisDAO was the second-largest rug pull in 2021, with over $58 million worth of cryptocurrency stolen. This scam occurred in the DeFi space, so let's discuss how it was carried out.
AnubisDAO launched on October 28, 2021, planning to provide a decentralized, price-floating currency backed by "a basket of assets." The project had no website or white paper, only a logo resembling Dogecoin (DOGE). The developers publicly listed were also pseudonymous. Investors nearly overnight provided a liquidity pool of nearly $60 million for the project's tokens, but just 20 hours later, all the raised funds (mainly wETH) disappeared from AnubisDAO's liquidity pool and were transferred to a series of new addresses.
We can see these transactions in the chart above. AnubisDAO used a contract created through the Balancer Liquidity Bootstrapping Protocol to receive investors' wETH. However, the address that deployed the liquidity pool contract already held the vast majority of the liquidity provider (LP) tokens for that pool. Just 20 hours after the sale began, the address that created the liquidity pool dumped a large amount of its LP tokens, allowing the scammers to withdraw almost all of the wETH and project tokens from the liquidity pool.
Subsequently, the scammers "obfuscated" the stolen assets by transferring them through a series of wallets. Shortly thereafter, AnubisDAO's Twitter account was deactivated, and the token's value plummeted to zero.
The AnubisDAO incident served as a warning to investors. The most important point is to avoid trading new tokens that have not undergone code audits. A code audit is the process by which a third-party company analyzes the smart contract code behind a new token or DeFi project, and after the audit, the project's contract status is published, confirming that there are no mechanisms that would allow developers to steal investors' funds. Investors should also be wary of tokens lacking legitimate documentation (such as websites or white papers) and tokens created by anonymous individuals.
DeFi is one of the most exciting and innovative areas of the crypto ecosystem, clearly offering significant opportunities for early adopters. However, the lack of experience among many investors provides opportunities for scammers. The focus is that if potential new users no longer trust new projects, the growth of DeFi will be difficult to sustain, so it is crucial for credible information sources in the crypto industry—whether influencers, media organizations, or project developers—to help new users understand how to avoid scams.
Finiko: A Billion-Dollar Ponzi Scheme
Finiko was a Ponzi scheme based in Russia that operated from December 2019 until July 2021, collapsing after users discovered they could not withdraw funds from their accounts. Finiko allowed users to invest using Bitcoin or USDT, promising monthly returns of up to 30%, and eventually launched its own token, which could be traded on multiple exchanges.
During its active 19 months, Finiko received over $1.5 billion worth of Bitcoin through more than 800,000 user deposits. Finiko sent most of this cryptocurrency to mainstream exchanges, high-risk exchanges, custodial wallet services, and more. While it is unclear how this $1.5 billion would be paid out to investors to sustain the Ponzi scheme, it is evident that Finiko implemented large-scale fraud targeting cryptocurrency users in Eastern Europe (Russia and Ukraine).
Like most scams, Finiko primarily defrauded funds from victims, but we also found that Finiko may have gained additional benefits by helping money launderers.
The money launderer obtained millions of dollars worth of cryptocurrency from addresses associated with ransomware, hacking, and other forms of crime. Although the amount sent to Finiko was very small, at less than 1 Bitcoin, it illustrates that scams can also be used to clean funds obtained from other criminal activities.
Finiko also sent $34 million to a DeFi protocol designed for cross-chain transactions through a series of intermediary wallets, where it was likely converted into ERC-20 tokens and sent elsewhere.
Interestingly, Finiko had overlapping transaction history with Suex, an over-the-counter brokerage sanctioned by OFAC (Office of Foreign Assets Control) for laundering money for crypto crime teams. Between March and July 2020, Finiko sent over $9 million worth of Bitcoin to an address that was marked by OFAC as belonging to Suex. This connection highlights the massive scale of Suex's money laundering and the important role such services play in enabling cybercriminal activities.
After Finiko collapsed in July 2021, Russian authorities arrested two key members of the scam, while others have been issued arrest warrants.
Scams are an obstacle to the mainstream large-scale adoption of cryptocurrency, and it cannot be left solely to law enforcement and regulatory agencies to combat them. Crypto companies, financial institutions, and of course, blockchain data analysis firms like Chainalysis should also play a role. We hope the crypto industry can continue to grow.
