You may have seen this statistic floating around blogs and influencer feeds recently: an estimated 80% of ICO’s in 2017 were scams. This may have been four years ago but there is good reason to be concerned. That’s an alarming number, and it underscores a sober reality in the crypto community — grifters remain a serious threat. But users and developers in the DeFi space are creating robust measures to ensure more reliability and security in the decentralized community.
Recently, Mark Cuban got a taste of being “rugged” when the price of $TITAN, a stablecoin from Iron Finance, tanked from $60 a coin to $0. While the mogul claims the loss was only a small percentage of his crypto portfolio – and that investing in burgeoning tokens is just as risky as angel investing – he also admits that soft regulatory measures and crypto literacy are necessary.
There are three steps we can all take to reduce this 80% to a fraction, or even zero. First, the community needs to learn what to avoid. Second, the community needs to establish guidelines for new projects if they want to be accepted as a legitimate coin. Third, we need to develop and deploy our own regulatory agents into the ecosystem that are governed in a decentralized manner.
Step One: Know What to Avoid
Types of scams
One of the most appealing components of decentralized tech, specifically in DeFi, can be a vulnerability as well. Distributed ledgers and smart contracts allow users to operate under the armor that is blockchain anonymity. It’s worn by both defense and offense. Scammers are able to get in and get out with investors’ money with none the wiser.
This anonymity is the main source of two common fschemes: exit scams and rug pulls. Both involve ICO’s connected to vague promises of growth and ROI, only to see the coin’s value pulled from the market as soon as the scammer has raked in a satisfactory haul. Users are left depleted of cash and unable to sell or trade the coin.
Exit scams involve a developer heavily promoting a new ICO and then ghosting investors and “exiting” with their money. Rug pulls, a variation on this move,differ only in the timing of the exit.
Exit scams: heavily promote, release coin, gain lots of immediate buyers, and then ghost.
Rug pulls: promote, release coin, continue to promote, let coin go up in value, steal the value from the liquidity pool.
These scams have so riddled the industry (accounting for 99% of all crypto fraud in 2020), that securing the trust of investors has now become a vital variable in executing a DeFi business model.
Another double-edged sword of DeFi is its almost non-existent barrier to entry. Popular exchange protocols like Uniswap, which allow free and open token listings, create a saturated market susceptible to fraud from malicious players. Additionally, many exchanges offer flexibility that encourages users to be creative and innovative in the contracts for their coins and transactions. This often invites forms of crypto fraud that are more sophisticated, such as social engineering.
One scammer utilized an advanced feature on Uniswap’s signature “swap” screen, manipulating the transaction logs. This setting allowed the stealthy trader to change the “recipient” of the coin, making it appear as though popular crypto influencer and Lead Casting Couch Interviewer at eGirl Capital, DegenSpartan, had purchased a large amount of the scam coin. The swindler used a celebrity-endorsement tactic that tricks investors into purchasing an illegitimate ICO. Though roundabout in its strategy, this is just an exit scam with extra steps.
Another example of advanced fraud is contract manipulation. Twitter user and self-professed anti-rugster, R0฿ST3R, explains how scammers with programming knowledge can exploit the legitimate function of apps like DEXTools, a dapp providing real-time crypto market data analysis, to produce fake, convincing contracts that mimic legitimate code to the untrained eye. Users’ trust in well-curated platforms, as well as their low experience in interpreting data and code, can render even the most credible dapps and DEXs susceptible to high rates of fraud.
Many fake projects will tout extravagant return projections (“folks we anticipate ROI to be 150% or more – if you get in NOW”). Some will even double down on the scam once they’ve lured in buyers, directing investors to pay a fee in order to see those returns, a scheme called advance fee fraud scam.
Research should always precede investment rather than being considered extra leg work. And with blockchain and crypto in a stage of innovative infancy, that due diligence becomes even more important. Legitimate developers and users alike are facing the challenge of recognizing and combating the novel forms of fraud born from decentralization. Fortunately, consistent patterns are emerging in identifying developers and ICO’s that are legitimate versus scams.
One of the easiest ways to differentiate between the good, the bad, and the ugly is team credibility. If a new ICO becomes available on the market, an investor’s very first action of recourse should be to vet the development team and founders. Founders should be real people with somewhat successful histories. Do these people have a social media presence? If so, are they engaging with that community? Does a quick browser search bring up any material? If so, do they seem to have a good reputation?
Take a look at the team page at SafeMars. (Warning: this coin is not legitimate, do not purchase!) It’s strange that five out of the eight team members have the same astronaut illustration as their profile photo. Also, those same members use pseudonym usernames. You may think that anonymity is a perfectly reasonable consequence of decentralization, but with potentially millions of dollars on the line founding members of any large, public-facing project must be identifiable.
This red flag is affirmed by the fact that every member’s Twitter link leads to the same profile: the SafeMars Twitter profile. Every individual Telegram link leads to an “inactive user” message. And the CEO, Kenneth Churchill, has a vague LinkedIn profile without any past work experience.
Another box to check is the company’s whitepaper. A whitepaper is a document that a company creates in order to provide a detailed breakdown of its purpose, business model, plans for longevity, and an actionable road map to get there. Check out the Ethereum whitepaper written by Vitalik Buterin. The document is extremely well-developed, including a history, explanation of concepts, applications of the technology, and a section addressing the concerns over ETH scalability.
Of course, ETH was the first of many to come that would expand on the concept of blockchain technology, creating the smart-contract system that the majority of the world’s decentralized tech would operate within. So you would expect its whitepaper to be exhaustive. But even if new software, products, and technologies are piggybacking off of this project, they should be able to provide a solid case for why you should invest your money (i.e., buying their ICO).
Unfortunately, scammers have caught on to this prerequisite. They know investors are getting serious and will be looking for a strong whitepaper, or at least some sort of persuasive material to entice them to buy.
And lastly, be wary of heavily promoted offerings. A common phenomenon, called “shilling” in the world of crypto, enlists paid actors to endorse an ICO and generate buzz. If you see phrases like “will solve world hunger” or “the most promising solution to fighting climate change” or similar pseudo-activist statements, a coin is likely being shilled. In early 2018, Twitter, along with most other major social media networks, moved to ban advertisements of ICO’s after a significant amount of deceptive fraud tactics.
But, naturally, scammers know that when one door closes, it’s only a matter of time before they’re able to find an open window.
Step Two: Establish Community Guidelines
Scamming tactics will innovate alongside and at the same rate as that which they are trying to exploit. While crypto investors should do their part in keeping an eye out for those warning signs listed above, developers should not expect to leave the burden of policing fraud completely to their users, especially as these tactics become more and more technical.
Because ICO’s have garnered such a negative reputation for rug pulls, companies must bite the bullet and implement legitimization standards to prove their authenticity. Likewise, DEXs must exhaust every possible strategy to de-risk fraud specific to their protocol. Luckily, the structure of blockchain technology itself grants certain advantages for achieving a safeguarded crypto future, and many dapps and companies are already implementing governance standards that respect the principles of decentralization.
Lock in Liquidity
Unicrypt offers a suite of decentralized security services to prevent exit scams and rug pulls. The first of these is liquidity lockers, a concept actually invented by Unicrypt and one in which a developer must “lock away” LP (liquidity provider) tokens for a certain amount of time when they initiate a pool. Another one is token vesting, the practice of locking up tokens for a certain amount of time.
Founders can also set up a “vesting schedule” to determine of when and how much they are able to take from their wallet. This adds , adding a level of safety from exit scams. Operating on an audited smart contract, the tokens must sit dormant until the set date of access. This letscommunicates to investors know that a company is committed to the token accruing long-term value. AOr, alternatively, founders can create a customized schedule. For example, founders may be able to access a quarter of their tokens per month. Usually vesting periods extend a year or more.
On the subject of founder tokens, typically no team tokens is a good sign. Certainly, an excessive amounts of team tokens is a red flag. One wallet shouldn’t hold more thanover a fifth20% of the tokens from the very start.
Developers can also “burn” a significant amount of their coin by putting it in a dead wallet. Dead wallets are those which are rendered inaccessible because the address has been lost or destroyed or scrambled. Often this happens by accident, but when founders do it intentionally , that’s athe motivation is to signal that they are committed to the long-term game.
Contrary to initial intuition, burning a certain amount of a coin’s market cap can actually be beneficial for both developers and investors beyond just the layer of trust it provides. Because the portion burned by founders decreases the amount of the coin in circulation but does not lower the market cap. As a result, demand for the coin rises against the lower supply and increases its value. But in terms of investor security, funnelling coins into a dead wallet reassures users that the developers are not buying those coins to turn a quick profit.
Make All Info Public
TrustSwap takes the concept of developer-initiated locking techniques and enhances it through publication. Their new platform, Team, provides a database of team members of various coins and companies who are currently ion lock- up, as well as how many tokens they stand to gain once their lock period comes to an end ends. Additionally, Teamit also shows the details of their vesting schedule, if there is one. Similar to resources like the SEC’s EDGAR search tool and the eFD Senate, TrustSwap provides the public with pertinent information to help them better make better financial decisions.
Remember that scam from earlier? The one- with the underlying code written to prevent buyers from selling and giving power to the developer to blacklist any (and all) holders from trading? The user who leaked and explained that scam used an open-source platform called Etherscan to analyze the code.
As its name suggests, Etherscan is an ethereum-based block explorer and analytics platform with a mission of ”providing equitable access to blockchain data”. Users canhave access to a gold mine of resources, including a database of contracts with verified source code, transactions updated everyby the second, a multitude of various charts and data, and the ability to search for any of this using very specific parameters like address or transaction hash.
Another widely utilized mechanism for security and risk assessment is auditing. While it sounds like the pinnacle of centralized regulation tactics, auditing in the decentralized space instead reviews the smart contracts and software code of new developers and then releases an internal score or certificate based on their findings. Quantistamp, one of the largest organizations currently running digital auditing, also provides Layer1 Blockchain security to protect the blockchain underneath the smart contracts, further mitigating the risk of hacking and fraud.
Step Three: Hunt Down the Scammers
Solutions for crypto scamming don’t have to stop at defensive measures.
Anyone with children or pets knows that bad behavior cannot be solved simply by cleaning up the mess, and it is certainly not reduced by pretending the behavior isn’t happening. Likewise, scammers will continue to wreak havoc if consequences are not delivered. Instead of turning a blind eye, the next step in DeFi’s evolution should involve entities that are designed to catch scammers in the act.
Currently, the state of legal action and asset recovery as it relates to crypto fraud is limited. Upon realizing they have been scammed, users reach out to the exchange platform for help only to be directed to contact law enforcement. In other words, a dead-end. There are some law firms and attorneys dedicated to seeking justice for victims of this type of fraud: Wolfe Miglio, Dilendorf Law Firm, Haas Law. But even with these, the potential for asset recovery is slim, and the chances of possibility of seeking justice by locating and prosecuting the scammer are is almost nilnext to none.
As decentralized spaces figure out how to incorporate regulatory measures without compromising the value system it was built on, they will also start to innovating judicial measures. Thankfully, some developers are already ideating and implementing strategies to do this.
Swiss Litigation Finance company, Liti Capital, is devoting a portion of their profits to finance lawsuits against crypto-fraud. The company envisions developing a community around the legal and investment opportunities that open up are implicated when litigation finance meets decentralized technologies.
Liti commits between 5%-10% of its yearly investment budget is committed to pursuing class-action lawsuits on behalf of its shareholders. The title of shareholder also applies to those who own Liti Capital’s token options (they have two), and any token holder is able to report suspected fraud , fraud found on any exchange protocol, to the company. If enough people come forward, or if it looks promising enough, Liti Capital will sue.take the case forward into litigation.
In doing so, it effectively incentivizes a culture of whistle-blowing, disincentivizes scammers from exploiting the system, and operates as a form of investment insurance for token holders.
One such example of a case currently in progress involves YouTube crypto personality, Coach K, and the fraud he suffered from a scam on the Binance exchange. Two of Liti Capital’s founders sat down with Coach K to provide the details of how they were pursuing the case and how they were able to identify the scammer. They explained why current models of policing fraud just don’t work, partly because of the absurd notion that in practice they the model involves asking the scammer to authorize Binance to give the money back. They even provided a non-litigation alternative option to the scammer.
Coach K had strong words for the con artist and others who may think about engaging in crypto fraud:
“I don’t care about the money anymore. It’s about doing the right thing, it’s about making this industry more legit, it’s about getting all the people that are watching this video that are scammers, or that may be a scammer, never to think about it twice. Because we’ll find you, and when we do? You’re done.”
A bit menacing, (and also a little reminiscent of that Liam Neeson scene in Taken) but again, fraud isn’t a joke or a victimless crime.
This move to introduce the variable of justice into the realm of DeFi is a creative and inevitable measure on the path to decentralized regulation. Even if flawed, the regulatory institutions which currently govern centralized finance models exist as they do for a reason. Decentralization purists and crypto-anarchists should do well to acknowledge the reality of a need for a regulatory framework.
Disclosure: I own wLiti tokens.