DeFi Fraud: What are they and how to avoid them?

Tiempo de lectura: 7 minutos

In an unregulated ecosystem, with an overwhelming level of innovation, we can expect no less from malicious actors looking to make their own profit. It is a must for every user to be able to identify fraud in DeFi and thus protect their funds. For those who have been in this ecosystem for a few years, the number of frauds, scams or outright thefts they have witnessed may be a number they have lost track of. Although no user is free from falling prey to these malicious actors, it is essential for those who are taking their first steps in this world to be informed and alert. Without further introduction, let’s review the details to keep in mind to avoid these unfortunate situations.  

What are the typical frauds in DeFi?

When we talk about fraud in DeFi, we encounter a wide variety of events. But, for the purposes of this article we can summarize that “rug pulls”, seed phrase thefts and hacks suspected to have been generated by the team itself, are the most common ones we encounter. Let us briefly analyze each of these frauds, so that we all know them better.

Rug Pull

A “rug pull” is when those behind a project run off with the project funds. There are several methodologies to carry out this type of fraud and their executions are perfected daily, making them less predictable and, therefore, avoidable. Let’s understand how a RugPull works:

  • First, a DeFi project is created, which has its own token. Generally, these platforms are copies, with minor modifications, of existing platforms.
  • Liquidity is provided to a DEX, creating the pair to exchange this new token.
  • Through violent marketing strategies, interest in the platform and, therefore, its token is promoted.
  • As interest on the platform grows, so do deposits on it and the price of its token.
  • Once the amount deposited reaches the desired or necessary number to get a good loot, the “scammer” drains the platform’s liquidity, disappearing with the funds of its users.

Another common practice is the following:

  • Developers pre-mined a significant amount of platform tokens.
  • In theory, they are “burned” in a wallet created for this purpose, but in reality they are hosted at different addresses.
  • When the token reaches a considerable value, its creators begin to sell it, generating a selling pressure capable of driving the price to nothing.

This method of fraud is undoubtedly the one that causes the greatest impact due to the amount of funds that disappear from the hands of crypto-users. Perhaps now it is clearer why it is called “rug pull”. Imagine crypto-users standing on a rug and, suddenly, the developers violently pull it out. Just like their finances, they will be left on the ground… In this article, you can learn more about what it is and how to identify a RugPull.

Seed phrase theft

This is an extremely common practice, by means of which a large number of new users of the ecosystem tend to lose their holdings. To avoid this fraud, it is necessary to engrave the following commandment:

  • “The seed phrase, to no one!” (the seed phrase is also known as “the 12 or 24 words of safety”).

Upon entering this ecosystem, one hint we get right away is “the seed phrase is not shared with anyone”. And, boy, is that a great piece of advice. The only time we should use it is to retrieve our wallet on a device. This fraud operates as follows:

  • The user enters a platform.
  • To connect to it, you are asked for your seed phrase.
  • Once shared, the perpetrators of the fraud automatically own the funds in that wallet.

2 tips to avoid this fraud:

  • The phrase seed is not shared with anyone.
  • Do not search for protocol websites on google. It is better to search for the website on the official Twitter account of the protocol and save it in favorites.

Suspicious hacks

The DeFi universe has had the, oddly enough, privilege of witnessing a lot of “hacks” in which thieves try to teach developers a lesson and end up giving back some of what they stole. Yes, I can imagine your surprise when reading this, but we pile up cases of this kind. The suspicion, when faced with this type of event, is that it is a simulation that comes from the bowels of the project itself. Undoubtedly, by entrusting our funds to a decentralized platform, we are assuming that those behind it will behave honestly. In the next section, I will develop some guidelines to be alert and try to avoid this complex situation, which in too many occasions, we only become aware of once it has been consummated.

Como evitar fraudes en DEFI

How to recognize DeFi fraud or scams

It is not easy to have a history free of fraud or scams when we interact with this ecosystem on a daily basis. However, there are certain rules and points on which we should focus our inevitable research on the applications to which we entrust our money.

The rules to avoid fraud in DeFi 

Estas simples reglas, te ayudarán en tu camino por el “lejano oeste” de DeFi:

  • Never invest in a platform whose operation you do not understand.
  • Not to be a victim of FOMO (“fear of missing out”).
  • Avoid investments based solely on Twitter threads, Telegram groups or Reddit.
  • Conduct a thorough prior research on the platform in which you want to invest.
  • Be wary of influencers until they prove otherwise.
  • By no means, share your seed phrase or passwords.
  • Avoid investments based solely on technical analysis

7 questions you should ask yourself before depositing your funds in a DeFi protocol

In order to avoid falling prey to malicious actors in our ecosystem, we should be able to confidently answer the following questions about each of the protocols in which we choose to invest.

How are tokens distributed?

This is a key question. The tokenomics of the projects can give us a sense of the intentions behind them. When the total amount of the issue has a large percentage dedicated to the founding team, it can be a red flag.

Do you know the anonymous founders?

Although we are not facing an infallible indicator, the fact of the anonymity of those who develop a project can facilitate the escape routes, of course, with the users’ money in their wallets.

Are there audits of contracts?

Much has been discussed about the validity of audits. We have seen cases of non-exhaustive audits, carried out in a testimonial or light manner, with the sole purpose of having that seal. On the other hand, we have seen cases in which, after a “reliable” audit, contracts are modified and frauds are perpetrated.

Is the code “Open Source”?

Key point for a community that favors transparency. If the code of a project is not shared publicly, we are facing a warning that may indicate that there is something to hide…

What does it contribute to the ecosystem?

Generally, DeFi frauds come from platforms that are nothing more than a quasi-exact copy of existing protocols. Innovation, although not a guarantee, usually gives us another peace of mind.

Are the movements in the price of your token suspicious?

When we encounter exaggerated movements in the price of a platform’s token, crypto-signs pucker up. Generally, suspicious movements indicate price manipulation, prior coordination or centralization in distribution.

Does it have a genuine community?

Do those who support the platform in question through social networks have a reliable track record? It is important to verify that those who are within the community of a project are users who do it on their own initiative and do not pursue an extra interest.

Como evitar fraudes en DEFI

Tools to identify fraud in DeFi

In order to prevent and identify fraud at DeFi in time, there is no better practice than the famous “DYOR”. This acronym condenses the phrase “do your own research”, which translated into our language, means “let’s do our own research”. However, when researching a DeFi project or platform, we must take into account the speed with which they proliferate. Therefore, the use of tools that facilitate our research is always welcome.  Let’s briefly review some of them:

Blockchain Scanners

Blockchain explorers, those that allow us to observe all the transactions that take place in them, are also a great ally when it comes to anticipating fraud. If we have doubts about a platform or its token, here we can:

  • View all your transactions
  • Finding out your addresses on the blockchain
  • For the more experienced, read the code of the token contract
  • Observe the addresses intended for the storage of funds

Armed with this data, we can draw important conclusions about a project. On the other hand, there is a section for user comments, which can contribute to our research. Examples of blockchain explorers are:

In any case, a google search for the name of the network plus the word explorer should return the expected result.

Dextools

Using this tool, we can analyze tokens from Ethereum and Binance Smart Chain networks. By simply pasting the token’s contract address, we will obtain a list of all the orders executed in relation to it. In case we find that there are no sales, it is probably a token programmed with the impossibility of sale, thus when buying it the user’s funds are trapped. Of course, the only one able to sell them is the holder of the address that gave birth to them, so he will be able to get the money from his creation. You can also use Coindix, which allows us to verify features of DeFi applications such as:

  • Liquidity
  • APR or interest rates

Undoubtedly, a tool to always have at your fingertips when it comes to avoiding fraud in DeFi.

Token Sniffer

It is a simple platform, adapted to the analysis of Ethereum and Binance Smart Chain networks. After copying and pasting the token’s contract address into the search bar, TokenSniffer will provide an analysis of important points to consider about the contract in question.  Another highlight of this tool is that it has a list of known frauds and hacks. The platform we are investigating may not be found, but it can save us time in the future or provide us with information to warn other users. As we already know, in the crypto-metaverse information is shared and we are all empowered by each other.

Final thoughts

Far be it from the objectives of this article to discourage new users from entering the DeFi ecosystem, due to the risks to which we expose ourselves here. The intention is just the opposite. Knowing the common types of frauds in DeFi and having tools to prevent them, we will be able to dive with greater confidence. The reality is that an unregulated environment based on programming and finance is the perfect context for the birth of fraud. Comparisons between the DeFi ecosystem and the famous “Wild West” at times materialize in front of astonished crypto-eyes. Either way, by conducting our own research and being careful with our movements, we will be able to successfully surf this “no man’s land”. It is said ad nauseam that the greater the risk, the greater the benefit. Let’s mitigate the risks through research in order to come out on top by accumulating profits.


Leave a comment
Your email address will not be published. Required fields are marked *