Exit scams, popularly referred to as rug pulls, are “an ongoing criminal scheme in Web3,” according to an update shared by CertiK.
CertiK writes in a blog post that a rug pull “involves fraudsters robbing a crypto project by liquidating their holdings without warning and leaving investors holding worthless tokens.”
While there is plenty of statistical information available detailing the prevalence and impact of exit scams over the years, there is “less data examining the characteristics of rug pulls and the criminals committing these rug pulls.”
Filling this gap can “result in actionable security methods that are informed by data-driven research.” According to CertiK, this research can “improve anti-money laundering (AML) efforts, consumer protection, and the integrity of the crypto market as a whole.”
This report from CertiK “analyzes the life cycle of an exit scam, from inception right up to completion.”
It is now possible to better understand “the anatomy of a rug pull in its entirety when the entire life cycle of the scam is examined.”
From analyzing common characteristics, the team “can better understand potential risk factors and commonalities leading up to these scams.”
By identifying these trends and indicators, they can “work to more efficiently secure the Web3 world by responding with more informed security approaches and tactics, both now and in the future.”
CertiK conducted “a study of 40 rug pulls to better understand the commonalities and differences leading up to the eventual removal of liquidity.”
By identifying both quantitative and qualitative variables of project characteristics, they were able “to identify and analyze common features of rug pulls.”
In this study, they define “an exit scam or rug pull as a criminal scheme involving a project being drained of its funds by one or more team members, after having used aggressive marketing and hype building to dupe investors.”
For this study, only “hard” rug pulls were examined. which is “when a project’s team suddenly withdraws the funds from a project after garnering a significant amount of investment from their community.”
A soft rug pull is “a more subtle way for founders to achieve the same goal of scamming their community.”
Rather than “dumping all of their tokens on the market at once, founders will slowly sell their tokens while maintaining the front that they are still invested in and are supporting the project.”
CertiK selected “a random sample of 40 hard rug pulls from our comprehensive list of all rug pulls that occurred between 2020 and 2023.” The sample collected “ranged widely in the total amount stolen, ranging from approximately $3,000 to $12,000,000.”
The bad actor(s) responsible “for hard rug pulls is always related to the project team. This is what makes an incident a rug pull.” Otherwise, the event would be “considered an exploit or hack if the project team was not responsible.”
This research “highlights the importance of being vigilant when evaluating new projects and their associated risks.”
With the majority of rug pulls “being caused by the project team, it’s crucial to consider the team’s motivations, intentions, and track record before investing in a project.”
An established track record of integrity from a project is “a strong positive signal.”
The report further noted:
“The average rug pull is active for 93 days before the eventual scam. Newly deployed projects with unknown developers and no commitment to transparency or decentralization should be treated with caution.”
The report added:
“To combat the risk of these kinds of scams and help users make informed decisions, CertiK developed the KYC Badge initiative. This program focuses on verifying and vetting the teams behind projects, granting the badge only to those teams that agree to undergo a thorough background investigation. CertiK KYC helps to separate verified, transparent, and accountable teams from other projects. KYC investigators come from a variety of intelligence and law enforcement backgrounds and apply their skills to the comprehensive KYC process.”
Through an enhanced due diligence process and thorough audits of the team and project management, CertiK investigators “were able to identify a number of projects that raised major red flags.”
This risk was repeatedly “detected through an analysis of intelligence discrepancies, a proprietary set of risk signals, and a dataset of known malicious Web3 operators.”
Their investigators “gained further insights through direct conversations with applicants to our KYC program who were identified as highly exposed to this risk.”
Out of the sample of 40 projects that ultimately executed a rug pull, they were “able to interview two projects that eventually committed exit scams.”
For more details on this update, check here.