In the Web3 space, new tokens are constantly emerging, the team at CertiK noted while pointing out that these new tokens may not be safe and could pose certain (serious) risks for holders and traders.
CertiK revealed that in the past few months, their security team has identified numerous cases of “rug pull transactions.”
Notably, all of the tokens involved in these cases were “newly listed on the blockchain.”
CertiK also mentioned that upon investigating these rug pull incidents, they uncovered organized groups behind these scams and “identified patterns in their fraudulent operations.”
CertiK further noted that through detailed analysis of their methods, they discovered a “potential scam promotion channel used by rug pull groups: Telegram groups.”
These scammers leverage tools like “New Token Tracer” features in groups such as Banana Gun and Unibot to “lure users into purchasing fraudulent tokens, ultimately profiting from rug pulls.”
CertiK analyzed token promotion data “from these Telegram groups between November 2023 and early August 2024.”
During this period, 93,930 new tokens “were promoted, with 46,526 of them involved in rug pull schemes — an astonishing 49.53%.”
According to the update from CertiK, these rug pull schemes cost the scam groups a total of “149,813.72 ETH, yet they profited 282,699.96 ETH, achieving a staggering 188.7% return on investment.”
This profit equates to “approximately $800 million.”
To assess the proportion of new tokens promoted through Telegram groups in relation to the Ethereum mainnet, CertiK analyzed the number of new tokens issued “on the Ethereum network during the same period.”
The data showed that “100,260 new tokens were launched, 89.99% of which were promoted via Telegram groups.”
On average, around 370 new tokens are issued daily, “significantly exceeding reasonable expectations.”
Further investigation revealed an unsettling truth — “at least 48,265 tokens were involved in rug pull scams, representing 48.14% of the total.”
In other words, almost “one out of every two new tokens on the Ethereum mainnet is linked to fraudulent activity.”
CertiK has identified additional rug pull cases “on other blockchain networks.”
This indicates that the security risks within the entire Web3 new token ecosystem are “far more severe than previously anticipated.”
In response, CertiK has compiled this research report to “help all Web3 participants raise their awareness, stay vigilant against the ever-evolving scams, and take necessary precautions to protect their assets.”
The ERC-20 token standard is “fundamental to the Ethereum ecosystem, as it defines a set of rules and functions that enable the creation, transfer, and management of digital assets.”
Tokens that adhere to the ERC-20 standard are “compatible with a vast array of smart contracts and decentralized applications (dApps), promoting interoperability and composability.”
One of the primary benefits of the ERC-20 standard is its “ease of use.”
Developers can leverage the standard to create their own tokens, facilitating fundraising efforts “through initial coin offerings (ICOs) and decentralized finance (DeFi) projects.”
For instance, tokens like USDT, PEPE, and DOGE adhere to the ERC-20 standard and can be “traded with one another on decentralized exchanges (DEXs).”
CertiK added that the widespread adoption of ERC-20 tokens “has also opened doors for malicious actors to target users.”
Many scammers create fraudulent ERC-20 tokens with “hidden vulnerabilities or back doors in the code, and list them on DEXs to deceive unsuspecting investors.”
In the DeFi ecosystem, rug pull scams typically involve the following steps:
- Malicious actors create tokens using the ERC-20 standard.
- They hype the token by advertising it on popular social channels, such as Telegram.
- They may also engage in strategies such as wash trading to artificially inflate volume.
- The token will likely rise in price.
- The malicious actors sell their tokens for a profit, then abandon the project entirely.
- Investors are left with worthless tokens.