Hackers have learned to manipulate smart contracts so they can engage in what are known as crypto “rug pulls” and make off with heavy profits.
Rug Pulls Are Becoming Too Common
According to a recent document published by blockchain analysis firm Chainalysis, rug pulls were the most common cyberattack to occur in the crypto space throughout 2021. Rug pulls are when new coins or tokens are established very quickly. The developers ultimately do all they can to bring investors to the table and the coin in question is able to raise a lot of money.
Right as things are beginning to look promising, the developers “pull the rug” out from underneath the coin. They make off with all the funds and end the project early, thereby stealing all the investor funds that have gone into it thus far.
One of the big examples of a rug pull to occur in recent months was the SQUID token, which was based on the popular “Squid Game” television program on Netflix. The currency – which initially started out at only a few cents – instantly rose to more than $2,800 per unit. From there, the developers pulled the plug on the project and made off with all the investors’ funds. The currency crashed, losing more than 99 percent of its value, while traders were left with empty pockets and bruised egos.
Though some of the red flags surrounding these rug pulls can be obvious – for example, some of them contain 99 percent buy fees and don’t allow traders to resell – others, such as vulnerabilities in the tokens’ smart contracts, are less noticeable. These little doorways can be utilized by hackers and malicious individuals to increase a project’s value, placing investors at risk of losing their funds to outside influence.
In addition, there are also several social media channels that these hackers use to hype up a token project. They get everyone to fall for the idea that the coin’s value is somehow stronger than it is. From there, investors begin to pump their funds into the token, which paves the way for a potential exit scam. Furthermore, time locks are not set in place.
This Occurs Through Smart Contract Manipulation
According to researchers at Check Point Research (CPR):
Time locks are mostly used to delay administrative actions and are generally considered a strong indicator that a project is legitimate. A legitimate token will not charge fees or will charge hardcoded values that can’t be adjusted by the developer. It’s hard to ignore the appeal of crypto. It’s a shiny new thing that promises to change the world, and if prices continue their upward trajectory, people have an opportunity to win a significant amount of money. However, cryptocurrency is a volatile market. Scammers will always find new ways to steal your money using cryptocurrency.