Between decentralized finance intro, applications, investment opportunities, and getting started guide, we’ve come a long since the start of this series. You’re at a point where you know your way around this fascinating new sector of finance. Perhaps you’ve already bought your first token.
Whatever the case may be, it’s time to take a step back and have a word about safety. Even if you can stomach the unparalleled volatility of these emerging assets, you still have to watch out for another set of threats. We’re talking about unscrupulous characters who actively prey on newcomers and exploit their lack of experience.
To prepare you against such schemes, we’re going to look at some of the most common scams within decentralized finance.
Table of Contents
- Why DeFi is a Honeypot for Dishonest Characters
- Common DeFi Scams
- Phishing Attacks
- Rug Pulls
- Key Takeaways
Why DeFi is a Honeypot for Dishonest Characters
Scams, frauds, and theft are a sad part of reality for anyone traversing the treacherous lands of decentralized finance. The tally for last year’s losses alone closed in at over $10 billion. Unfortunately, this number continues to grow sharply as more and more people join this financial revolution.
While that figure may seem staggering at first, it’s completely explainable once you consider the underlying dynamics at play. The lack of central authorities means all transactions are final with no medium for cancellations or interventions.
Many users take pride in the anonymity this space offers. While that’s fantastic from the perspective of privacy, it’s also a nightmare in terms of containing criminal activity. Groups of completely anonymous and untraceable creators can pull headline-worthy scams and still get away with them. There’s no reliable option to trace them.
This is why a seemingly eccentric but very much ordinary couple was able to walk free for years despite stealing billions of dollars worth of bitcoin in 2016. They only got caught this year because they made more than a handful of blunders. From laundering vast amounts of funds to storing the wallet key on their cloud note-taking app account, they did a comically poor job of covering their tracks. Yet it still took authorities over half a decade to catch them.
All these dynamics have led to the proliferation of scams in decentralized finance.
Common DeFi Scams
To keep your portfolio safe from such incidents, we’ve compiled a list of three primary categories under which the vast majority of scams fall.
Just by watching out for these three categories, you’ll be able to dramatically improve your odds of a safer and fairer DeFi experience:
1. Phishing Attacks
Phishing attacks are common in the world of legacy finance and they are even more widespread in DeFi. Since the assets are stored digitally, attackers have an easier time transferring the exploits of their nefarious campaigns from the victim’s wallet to their own.
In terms of DeFi, these attacks typically take shape in the form of an impersonator copying the details of a popular social media account. For example, they may create an account with the same name, bio, and avatar as a trusted influencer or a project’s official account.
From there, it’s a numbers game as they make promises ranging from personalized advice to special offers. However, their ultimate goal is to either get the victim to transfer funds to their wallet or share the private key of their wallet.
Another attack vector for these schemes is email. For instance, just last month OpenSea users received emails prompting them to transfer their account to a new contract. In reality, however, the links sent people to a fake website that stole all the NFTs from their accounts.
Here are some tips to avoid phishing attacks:
- Avoid Links: Never login by clicking on a third-party link. It’s better to bookmark the websites of your favorite protocols, applications, and exchanges and open them through there.
- Verify Accounts: Always double-check the authenticity of a user on social media. If Elon Musk invites you to a private Twitter group chat (a popular phishing scheme), trust your gut and report that account.
- Never Share Private Key: Another popular phishing attack is where hackers pretend to be part of a project’s team and ask unsuspecting victims to share their private key for support. For example, users of MetaMask were recently hit with this ploy and many ended up losing their funds.
2. Rug Pulls
Rug pulls are exactly what they sound like. The creators of a project pull the rug from underneath the investor’s feet and their whole world comes crashing down. While that may sound dramatic, it captures the feeling that many victims face when the creators of their trusted project defraud them.
Rug pulls typically happen in one of the following two forms:
- Pump-and-Dump Schemes: As the name implies, creators and their inner circle pump a project by investing heavily in marketing. Since they own the supply of the project tokens, however, they start selling their holdings at the peak to “dump” their assets on unsuspecting investors.
- Outright Theft: For instance, the creators may completely drain the liquidity pool, making the tokens worthless. As we covered in a previous installment, liquidity pools typically contain two tokens. An emerging token by the creator and a popular token like ether. By taking all ether out of the pool, the price of the project token falls to practically zero.
To avoid rug pulls, the key is to dig into the creators and the community of a project before entrusting them with your financial future. You want to invest in projects that have a professional online presence, with a strong focus on the utility of their project and not endless chest-thumping accompanied by shouts of “to the moon”.
Key Takeaways
- Absolute anonymity combined with lack of regulatory oversight has made decentralized finance the wild, Wild West of finance
- The two most common scams include phishing and rug pull
- The key, however, lies in trusting your gut. If something sounds too good to be true or something feels off about a project, it probably is. This space is overflowing with opportunities. You’ll always find a better option at some point.
