The popularity that the DeFi sector has seen in the past year is, frankly, unquestionable. There are countless numbers of new projects that both have already made headlines, or are still popping up left, right, and center. Unfortunately, in addition to these new projects, there are a lot of DeFi scams floating around the market, as well. In 2023 alone, nearly $1 billion was lost to crypto scams.
Naturally, the more popular the sector, the more foul players are going to be attracted to it. As sad as that may be, this is usually the case with most areas, especially those related to all-things finance.
No matter if you’re an industry veteran, or a completely new trader that has entered the market this year - everyone’s prone to making mistakes. In order to minimize the chances of you making these mistakes, though, we’re going to discuss DeFi scams, and how to avoid them while trading on your favorite dApps.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is FUD in Crypto? (Fear, Uncertainty & Doubt Explained)
Table of Contents
- 1. What is a Crypto Scam, in the First Place?
- 1.1. The Oldest Tricks in the Book, Remastered
- 2. The Most Common DeFi Scams - Rug (Liquidity) Pulls
- 3. How to Now Fall for DeFi Scams?
- 3.1. Token Distribution (Allocation)
- 3.2. Who is the Team Behind the Token?
- 3.3. The Purpose of the Token (Project)
- 3.4. Is the Project Audited?
- 3.5. Developer / Community Activity
- 3.6. Market Cap VS Liquidity: Two ESSENTIAL Metrics
- 4. Why are Cryptocurrency Scams so Common?
- 5. Conclusions
What is a Crypto Scam, in the First Place?
Admittedly, DeFi scams have been around for as long as decentralized finance was a thing - this is probably not a surprise to most. However, there are actually quite a few different types of crypto scams out there - not all of them try to gain access to your private keys or seed phrases (hint - they're not the same thing!).
Latest Deal Active Right Now:
REDEEM $600 PRIZE
Binance Cyber Monday
Attention new Binance users: this Cyber Monday, you can score up to $600 in rewards by completing special tasks. Activate this amazing Binance Cyber Monday deal using the code – 49316610!
While we’ll be focussing on a rather specific niche of DeFi scams in this article, it’s worth going over some of the more-common malicious activities that you might come across. After all, once you’re aware of how to spot crypto scams, you’ll be able to successfully avoid them, as well.
Probably the most common image that pops up in people’s heads when they think about what is a crypto scam is that of a thief (scammer) trying to persuade you to do their bidding, whatever that bidding might be. Another popular scam has to do with an activity known as "phishing". Phishing emails may contain malicious links to steal your crypto & NFTs.
In many cases, DeFi and NFT scammers will try to make you install some sort of program on your computer. This could be a coin (token) miner, an exchange application, an auto-trader bot, a wallet, or anything else (not necessarily) related to crypto.
Once you do so, a whole variety of things could happen. I’ll give you an example by re-telling a story I’ve read on some cryptocurrency forums:
A man was scammed during a transaction. He wanted to send some Ether to another wallet address - to his friend. Everything seemed as usual - he logged into his hot wallet, pasted the friend’s address, entered the amount, double-checked the information, and confirmed the transaction. After the friend didn’t receive their crypto, the man went on to investigate what had happened, and learned that he had fallen for a pretty clever scam.
The man in question had unknowingly downloaded some sort of a DeFi scam virus to his computer. This virus would generate a wallet address that would have the same beginning and end as the original receiver wallet address, and paste it instead of the said original address into the “receiver” tab.
Thus, if the man were to only glance at the wallet address of his friend, he might not spot that the actual address is switched. This is, evidently, one of the more-advanced malware out there.
However, there are multiple scams like this - ones that are powered by some sort of a software-based virus. Thus, if you’d like to avoid a potential crypto scam, one way to do so is to be mindful of the links that you click on, the websites that you visit, and the files that you download.
The success of DeFi & crypto scams also largely depends on the fact that the space still lacks proper regulations. Since crypto, by nature, is pseudonymous, it makes it easier for scammers to plague the space, so to speak.
The Oldest Tricks in the Book, Remastered
With the DeFi sector booming now more than ever before, doing one’s own research becomes extraordinarily difficult. Keeping up with all of the new projects coming out seemingly every day can be a full-time commitment, on its own!
Crypto and DeFi scams aim to capitalize on this, even with some of the oldest tricks in the book, remastered to “fit the bill” of the new crypto technology.
What do I mean by that, exactly?
Well, remember when many of the well-known influencer accounts got hacked some time ago, and random social media stars started offering their users free cryptocurrencies? This is the perfect example of what I’m talking about.
Scammers nowadays will say anything to get you to part with your assets - they’ll promise otherworldly APYs, crypto doubling services, automated trading bots with guaranteed profits, risk-free investment models, and so on.
Needless to say, none of these things are legitimate, and none of them work. Well, perhaps trading bots will be the one exception, but that’s not the case, as of now.
So, if someone calls you and talks about an amazing new investment opportunity, or invites you to a “secret, exclusive” Telegram group in order to “provide you with the best NFT or DeFi trading signals”, you’d do well to block all communication with these individuals, and avoid any further contact with them.
The Most Common DeFi Scams - Rug (Liquidity) Pulls
While “traditional” crypto scams haven’t really changed all that much, when it comes to DeFi scams, there’s one, specific type of foul trickery that has become very prevalent in the past year - liquidity pulls, more commonly known as “rug pulls”.
Now, what is a “rug pull”, exactly? This scam relates to the thousands of new tokens coming into existence every single day - in order for you to get rug pulled, you will need to be invested in the project.
All that happens then is simple - the developer (rather, token owner - it’s not always the same person(s) as the developer) simply dumps all of their tokens unto the market, thus draining all of the liquidity, and subsequently crashing the token price to complete zero.
Once the project gets rug pulled, there’s no turning back - it’s over.
So, then, why are rug pulls so effective, and why do people keep falling for them?
Well, the answers to the above-questions are actually rather multidimensional.
First of all, these days, anyone can create a token. Doing so has never been simpler - if you’re not tech-savvy yourself, you can simply pay a developer a small sum of money, and they’ll copy-paste code from another token, with a few altered lines. And voila - you have your own cryptocurrency!
The same is true with NFTs, as well - creating an NFT these days takes minutes, and requires minimal preparation or topic-specific knowledge.
With such ease of access, DeFi scammers can copy-paste tokens left and right. If one project doesn’t take off, another one can be created in a matter of hours. This creates a lot of space for the scammers to do their dirty work.
Secondly, the position that the market is currently in does actually have a lot to do with all of this, too. Allow me to elaborate.
The common sentiment within the market today is that “no matter which token you will throw your money at, it will appreciate in price”. I cannot begin to emphasize how WRONG this is - nonetheless, such mentality is often the result of an extended bull run.
Due to such sentiments, though, newcomers come to the market looking for the “cheapest” and newest tokens that they could throw their money at, hoping that they will explode in the coming days / weeks. Sometimes, they get lucky - oftentimes, though, this ends in those same newcomers losing all of their initial capital to DeFi scams.
The combination of all of these aspects (and more, honestly) results in some people questioning - what is crypto scam? -, while others find themselves on the receiving end of such DeFi scams. Thus, in order to stay protected, you need to know the key rules of DeFi, and how to properly do your own research - in other words, what to look out for.
Let’s talk about that, shall we? Also, if you’re interested to learn more about the topic, make sure to check out Binance’s Academy - it’s full of relevant information that’ll help you learn more about the topic in question.
How to Now Fall for DeFi Scams?
As with any other industry out there, there are a few set “rules of thumb” that you can follow in order to minimize the potential of falling for a crypto scam. For example, for many advanced users, a common security concern when using dApps would be smart contract vulnerability - in other words, just how vulnerable is the underlying smart contract when it comes to hacking attempts?
However, naturally, if you’re wondering how to spot crypto scams, the very first thing that you’ll want to look at is the token allocation of your chosen project.
Token Distribution (Allocation)
When it comes to the token itself, there are two big things that you need to look at, in order to identify potential DeFi scams - how the tokens are allocated, and how they were distributed during the launch of the project.
Allocation-wise, all you need to do is follow common sense. If you see that a project that you’d like to invest in has around 50% of all token supply located in the top-5 wallet addresses, that would probably raise some red flags, right?
If you don’t see the problem, I urge you to think about it this way - if those five wallets (whales) were to collectively dump their tokens into the market, this would probably cause a huge crash, and send the price of the token plummeting. Many DeFi scams will do just that.
Evidently, the “50% of the total token supply held by 5 wallets” example is rather broad. Even if there are around 20 wallets holding 40% of the tokens, this is still a huge red flag. You don’t know who the 20 wallets belong to - it might perfectly well be the same person, just with different wallets!
No less important is the actual distribution process of said tokens. Some projects prefer to distribute their tokens via an airdrop, others - through an ICO (Initial Coin Offering). There are multiple ways to distribute the tokens of the project - some are better than others, however.
If you notice that the project participates in fair and transparent tokenomics, and there’s tangible backing to it (i.e. tokens being distributed via an IEO - an Initial Exchange Offering), this minimizes the chances of it being a future rug pull. However, if there’s a lot of pressure to sell your tokens as soon as you receive them (as with an airdrop), this works in the opposite manner.
It’s worth noting that not all projects that participate in airdrops or other, similar token distribution techniques are DeFi scams waiting to happen. However, these things should raise some red flags, nonetheless.
Who is the Team Behind the Token?
So, you’ve figured out that the tokens for your project are allocated fairly, and that their distribution process was also legitimate, and worry-free. The next logical step is to take a look at the creators of the project!
The rule of thumb here is rather simple - if the creator(s) is anonymous, and you can find any information about them while looking through the project’s website or whitepaper, chances are that you’ll be better off avoiding this project, altogether. While it may not necessarily be a DeFi scam, it certainly increases the chances of you getting tricked, in the end.
Scammers remain anonymous with their projects simply because, well - they can! Thanks to the anonymity-preserving features of blockchain technology, scammers and thieves are often able to run away with their investor funds, and never get caught - in other words, their true identities are never revealed.
If the creators of the token (project) have “doxed” themselves (meaning, they provide you with their names, faces, and other relevant, identifiable information), it can show you that they mean no ill will, and want the project to truly be successful. After all, once your name is out there, and attached to a specific project, your reputation is at stake!
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Yield Farming in Crypto? (Animated Explanation)
The Purpose of the Token (Project)
It seems very obvious, right? If there’s a project out there, it should have some sort of a purpose - in one way or another, reliable and well-crafted, crypto token-powered projects work to further the innovative nature of blockchain technology.
Unfortunately, this isn’t always the case - one might argue that, in regards to DeFi scams, most of such tokens have no unique purpose, and only serve as “memecoins” or empty promise-filled shells.
While this point might relate more to the tokenomics of the token in question, rather than the actual purpose of the project, there’s actually a really interesting method of how you can check to see just how unique the token is. There are multiple token sniffers on the internet - inputting your select project into these sniffers will reveal how many other exact same tokens are out there (code-wise).
If you find that there are tens or hundreds of the same type of token on the market, chances are that your project of choice won’t really have a “unique mission”, or an interesting idea of how to further-innovate the DeFi sector.
Assuming that your project of choice has an official website and a whitepaper (if it doesn’t - you should run away from it as fast as you can), you should definitely take the time and read about the mission statements and roadmap of the team behind said project.
If you see that the whitepaper is full of random buzzwords, and terms that don’t even make sense, that’s already a tell-tale sign that something’s fishy. On top of that, if the same whitepaper introduces the project as just another “memecoin”, this isn’t ideal, either - memecoins are “all hot rage” nowadays, and new ones are being minted on a daily basis. Chances are that the token you’re investigating isn’t anything special.
Is the Project Audited?
A common method to secure smart contracts is by conducting an audit to discover any vulnerabilities.
Smart contract audits are, evidently, a mandatory part of a reliable token project. The absolute majority of legitimate token projects out there are going to have their smart contract code audited before launch, with the results available to be observed and analyzed publicly.
Obviously, the audit should be done by a third party, as well. This will remove any potential bias from the process.
DeFi scams often don’t bother with audits. A great way of how to spot a crypto scam is to try and find any auditing results - if there aren’t any, you should already be suspicious. Audits cost money, and if you’re a scammer who aims to perform a rug pull, well… Chances are that you’re not going to bother with an audit, and will simply move on from one token to another.
Do keep in mind that even if the project is audited, it’s only as good as the sum of its components. Do not trust audits blindly, and always do your own research before investing in a smart contract! On top of that, even if a dApp has a large user base and is very popular, but lacks an audit, you should still remain skeptical!
When interacting with non-audited DeFi projects, you need to "do your own research", or DYOR!
Developer / Community Activity
While initial hype around the project is important, sure, the continuous support and activity surrounding the platform (project, token) after launch is even more crucial.
This is true both in regards to the development works of said project, as well as the community surrounding it.
Most tokens out there are open-source - meaning, their code can be inspected by anyone, at any given point in time. If you yourself are programming-savvy, you can check the code behind the token, and analyze whether or not it contains any malicious or suspicious lines.
Naturally, if the project is popular, ill intent disguised within the code is bound to come out, at some point in time.
Community-wise, you should check on the token’s Telegram, Twitter, and other social media pages. DeFi scam pages are usually full of shills and FOMOers (FOMO - Fear of Missing Out) who are trying to cause panic, and make people jump aboard as soon as possible.
Proper, healthy communities should contain discussions around the potential improvements to the project, different future updates, and so on. Naturally, price and investing talks are unavoidable, no matter where you go, but there’s a clear difference between being hyped, and being an empty shill.
Market Cap VS Liquidity: Two ESSENTIAL Metrics
While searching for the different ways of how to spot crypto scams, you’ll undoubtedly run into a term “market capitalization”, or market cap, for short.
Many newcomers to the market will tell you that “this is the most important metric to look at”, if you want to decide whether a project is a DeFi scam or not. Well, that’s not necessarily true.
Market cap is calculated by multiplying the total number of tokens in circulation by the current price of a single token. It can give you an estimate of just “how big” the project is, at any given point in time.
Usually, these numbers are going to be pretty big. Market cap is important, sure - however, arguably, the stat that you should really be looking at is liquidity.
Liquidity tells you how many people are currently ready to purchase or sell their tokens, at any given point in time. This number is often going to be much smaller than the aforementioned market cap - that’s alright.
However, if the liquidity of the project is actually really small, and, say, the biggest whale holds a number of tokens that, if sold, would drain the entirety of the liquidity out of the project, this is your sign to jump ship, and stay away from the token.
In other words, you should always note the market cap of a project, sure, but liquidity is the stat that should be paid the most attention to, out of the two.
Why are Cryptocurrency Scams so Common?
Over the past year, there have been a few notable DeFi scams that have made mainstream news source headlines. Probably the most well-known of these scams was the SquidGame token - as with most rug pulls of its kind, it was a token that capitalized on the success of the popular Netflix series, pumped up in price, and then plummeted when the liquidity was suddenly drained, in a matter of seconds.
Another popular type of scams that have become very popular during this period of time are yield farms (also known as liquidity pools). Naturally, not all yield farms are scams, but their model of functioning opens up a lot of doors for potential exploitation.
Basically, you would add your funds to a pool, with the promise to receive a huge ROI, and once your funds are locked within said pool, the project would then simply drain it, and steal all of your locked assets.
The same can be said about certain projects that submit their tokens to AMM platforms such as Uniswap, and then provide the majority of liquidity in order for users to trade the assets. If the liquidity is then suddenly drained, you are left “holding the bag”, with the “rug being pulled from right under your feet”.
With all of that being said… Why are crypto scams and DeFi scams so popular?
Pro tip: It's not recommended to allow a smart contract unlimited approval to spend your tokens!
To be completely frank, the answer is actually somewhat insulting - because they can be.
For the longest time now, there have been discussions on regulations that need to be imposed on the cryptocurrency industry. While these debates are rather heated all around the world (with some countries outright banning crypto, altogether), most people turn to the US for clarity.
The Securities Exchange Commission (SEC), however, has failed to provide the general population with clear guidelines on crypto trading and investing - so much so, that even Congress is contemplating on stepping in.
The situation with DeFi scams has become so dire that even large social media influencers have been caught promoting outright scams, and not disclosing that they have been paid to do so, or - even worse - that the projects actually belong to them. Here, you needn’t look further than “Save the Kids” tokens.
This is, once again, happening due to a lack of regulatory clarification from the relevant governmental institutions. If the SEC had clear guidelines on how they classify crypto, things would likely be different, at least to a noticeable extent.
Naturally, however, a lack of regulation is just one part of the deal. DeFi scams would exist, either way, since where there’s a lot of people, scammers are always going to find a way of sneaking in.
Examples can go on, and range from the $325M Wormhole hack, all the way to the $625M Ronin Network hack, Terra Luna collapse, and the FTX debacle. While some of these have to do with CEXs, they are still notable events that everyone in the larger community can learn from!
Hopefully, however, the tips of how to avoid DeFi scams while trading on dApps that we’ve discussed above will help you stay safe, and away from any potential crypto scams!
The decentralized finance sector is flourishing, and there are new, innovative projects coming up every day - this is amazing news for anyone who believes in the future of DeFi, and Web 3.0 innovations, in general.
With great innovations, however, there come risks of getting scammed - DeFi scams are no exception to this rule.
Now that you know what is a crypto scam and how to spot crypto scams, in general, you should be able to trade and invest in different projects with a much bigger peace of mind. Obviously, however, you should always do your own research - this can’t be emphasized enough! Be critical of opportunities that seem too good to be true, and only trust apps and software from official sources!
If all else fails, remember that you can revoke token spending approvals after you've interacted with a dApp - it's one of the ways to prevent unauthorized access to your tokens! This is especially important if the protocol where you granted approvals got hacked - in a scenario like this, your tokens may be stolen, so aim to stay ahead of the curve!
While we’ve discussed the most popular points to look at, from a skeptic's point of view, the truth is that things are rarely simple, and you really need to dig into the project’s fundamentals to see if it’s legitimate or not.
Do keep in mind, though, that you should take the time and explore the Binance Academy! Here, you’ll find ample amounts of information regarding the topics that interest you - this includes everything from how to spot DeFi scams, all the way to simple explanations of the often-complicated lingo associated with crypto.
With all of that being said, thank you for reading, and good luck with all of your crypto ventures to come!