Revenue from crypto scams surges 81 percent in 2021, "rug pulls" make for most of it

(Image: Reuters)

The money garnered from cryptocurrency-related scams and crimes worldwide touched almost $7.7 billion, reaching an all-time high in 2021,  surging almost 81 percent over the last year, per the Chainalysis' 2022 Crypto Crime Report.

However, the lion's share of this $7.7 billion, almost 37 percent to stand at $2.8 billion belonged to "rug pulls" scams taking place in the Defi ecosystem.

Notably, this figure was just 1 percent in 2020, when the total illicit revenue collection was under $5 billion, highlighting the increased and urgent need to bring in regulations in this "shady" sector, as noted by US senator Elizabeth Warren recently.

Changing ways of scamming

Trends suggested that most cryptocurrencies sent from scam addresses, nearly 75 percent, ended up at mainstream cryptocurrency exchanges. Notable mentions include rug pulls at the Turkish centralised crypto exchange Thodex, which came to light after its founders went missing with over $2 billion in investor funds this April.

This was followed by AnubisDAO, which raised almost $60 million from investors overnight in October 2021, only to disappear 20 hours later and Uranium Finance on the Binance smart chain, which swindled investors of $50 million.

But in what can be seen as a slim note of positivity amidst this gloom, there were fewer individual scam victims, given that the number of deposits to investment scam addresses fell from 10.7 million last year to 4.1 million in 2021. The average duration of a scam also fell to 70 days in 2021, from a substantial 192 days last year.

However, the rip-off amount from the same has risen in proportion, and so has the numbers of financial scams active and receiving funds at any given point, from 2,052 in 2020 to 3,300 in 2021.

However, the long-standing, statistically proven and directly proportional relationship between sustained cryptocurrency price surges and scamming activity seems to have broken, indicating that the influx of new users during this time is potentially not being targeted for such frauds.

What are rug-pulls? 

Rug pulls happen when developers list a seemingly legitimate crypto or blockchain project and then, suddenly disappear with investor funds. It starts when the program is launched, proceeding to list them on a decentralised exchange (DEX) in exchange for issuing a token.

Lured by the prospect of the scam project, investors purchase this token in hope that its price will rise and supply liquidity, which is provided in the native token of the underlying blockchain, will increase. While the project is live, the liquidity pool for the project runs into hundreds and thousands of dollars, providing the perfect opportunity for scammers to "pull" at all liquidity and siphon all funds from the DEXs.

Have you checked for a code audit?

Experts suggest that developers not "locking in" in their control over the token liquidity pool, or burning their private key used to start the liquidity pool, allows them to pocket all the funds. Another reason highlighted in the report was the lack of code audits, which is not an essential prerequisite to list projects on DEXs.

With code audit mechanisms in place, a third-party firm can analyse the underlining smart code contract behind the project, providing public confirmation that the governance rules surrounding the project are solid, with no scope of scammers duping away investor money.