Crypto Red Flags: How to Spot Scams Before They Strike

Every single day, decentralized exchanges like Uniswap and PancakeSwap combine for around $1B USD in total volume. This monetary total and the decentralized nature of the blockchain open countless windows of opportunity for amazing DeFi protocols and unmatched financial gain.

The problem? As we all know, many tokens launched on Uniswap are scams and each and every one is detrimental to DeFi as they scare away new potential investors and drain honest liquidity from current users.

Understanding the Threat

Through our years of experience personally trading live pairs and new tokens, we have learned a lot about how scams work and have been actively building solutions to lower these risks.

Here are a few of the most common types of DeFi scams having to do with ERC-20 tokens only: Note: There are plenty of other scams including wallet drainers, private/presale scams, ERC-721 scams, and more.

1. Classic Rug Pull

a) Deployer creates a liquidity pair for his/her token and owns 100% of the liquidity pool

b) Deployer promotes the token and seeks buys that add more ETH to the pool (see here to find out more about liquidity pools)

c) Deployer removes all the liquidity from the pool, including the ETH from victims

2. Honeypot (Tax Change)

a) Deployer creates a liquidity pair for his/her token and owns 100% of the liquidity pool

b) Deployer promotes the token and seeks buys that add more ETH to the pool (see here to find out more about liquidity pools)

NOTE: Deployer may lock liquidity at this point to increase investor trust. This would cause an influx of new buyers

c) Deployer changes the sell tax of the token to 99%, disallowing anyone from selling the token

Deployer may buy his/her own token with large amounts of ETH to lure new buyers and create FOMO

d) If liquidity was unlocked, the deployer removes all the liquidity of the pool. If it was locked, they wait out the lock and remove the liquidity once the lock timer is up.

3. Honeypot (Transfer disabled)

a) Deployer creates a liquidity pair for his/her token and owns 100% of the liquidity pool

b) Deployer promotes the token and seeks buys that add more ETH to the pool (see here to find out more about liquidity pools)

NOTE: Deployer may lock liquidity at this point to increase investor trust. This would cause an influx of new buyers

c) When the deployer has decided he/she has collected enough ETH from victims, they simply turn off the ability to sell the token.

Deployer may buy his/her own token with large amounts of ETH to lure new buyers and create FOMO

d) If liquidity was unlocked, the deployer removes all the liquidity of the pool. If it was locked, they wait out the lock and remove the liquidity once the lock timer is up.

4. Hidden Mint

a) Deployer creates a liquidity pair for his/her token and owns 100% of the liquidity pool

b) Deployer promotes the token and seeks buys that add more ETH to the pool (see here to find out more about liquidity pools)

NOTE: Deployer may lock liquidity at this point to increase investor trust. This would cause an influx of new buyers

c) When the deployer has decided he/she has collected enough ETH from victims, they will mint an outrageously large amount of tokens within the contract. If you previously held 1% of the supply, you will now hold, for example, .000001% of the supply.

d) Deployer sells every token they minted, effectively draining the entire liquidity pool.

5. Tax Farm (Soft rug)

a) Deployer creates a liquidity pair for his/her token and owns 100% of the liquidity pool

b) Deployer snipes 10+ wallets in the first block of his/her token and thus has large supply control

c) Deployer locks AND renounces the smart contract. The project at this point is “unruggable.”

d) The contract is designed to clog with tokens to sell for ETH to the developer. Every sell is doubled meaning an immense amount of buy pressure is required for any buyer to make profit

e)

In this chart, you can see the deployer’s snipe on the far left. The chart forms multiple bullish patterns, but each one ends up being a bull trap as the deployer ends up selling one of his/her sniped wallets on every uptrend.

f) IMPORTANT: These are the hardest scams to detect because everything seems completely safe. The developer will normally even do some paid marketing to seem even more legit.

What Can You Do?

Lucky for you, we have some tips, tricks, and secure technology that will help you navigate DeFi like a pro. Let’s start with the easiest ways to mitigate falling for each of the previously defined scams.

1. Classic Rug Pull

a) Use a sniper like Maestro that allows you to set up “anti-rug”. The bot will sell all your tokens and front run a developer’s malicious action (whether this be a liquidity removal, a malicious tax change, or disabling token transfer)

b) Many scammers are either very wealthy or the opposite. If you see a very small liquidity pool or a very large liquidity pool with a low amount of buys, this is often an obvious tell of a rug pull.

c) The only 100% sure way to avoid any rug pull is to make sure the deployer has locked their liquidity tokens. The most used and trusted token locker is UNCX.

2. Honeypot (Tax Change & Transfer disabled)

a) Use a sniper like Maestro that allows you to set up “anti-rug”. The bot will sell all your tokens and front run a developer’s malicious action (whether this be a liquidity removal, a malicious tax change, or disabling token transfer)

b) Use a token scanner like Token Sniffer, Token Pocket, PirbView, or many others. These will often outline any potential threats to investors in an easy-to-read fashion.

c) Learn basic Solidity and check it is possible for the deployer to raise taxes. The more well-written smart contracts will contain “require” statements that prevent a deployer from having the power to raise taxes above a predefined threshold shown here:

d) In the case that the ownership has been renounced, you are no longer vulnerable to scams like this. Going to a token’s etherscan page and selecting “Read Contract” will almost always allow you to see the owner of the contract. This is what a renounced contract looks like:

3. Hidden Mint

a) Use a sniper like Maestro that allows you to set up “anti-rug”. The bot will sell all your tokens and front run a developer’s malicious action (whether this be a liquidity removal, a malicious tax change, or disabling token transfer)

b) Many hidden mint scams employ the use of a proxy smart contract. In the case that the token you are interacting with is not a major protocol or DeFi product, it is normally best practice to stay away from anything that is not immutable. Here is what something using an OpenZeppelin’s Proxy Upgrade Pattern might look like on etherscan:

4. Tax Farm

a) Detecting this scam normally has a lot to do with feeling out the overall connotation of a token’s development team. Here are a few steps a farming team might take to trap money:

i. Immediately lock liquidity and renounce the contract ii. Pay for basic marketing at the very beginning (a trending service, socials update, and 1 KOL) iii. Leave buy/sell taxes high for an extended period of time (usually longer than 5 minutes after launch is a sign) iv. After initial marketing push, only using Twitter shilling until the token slowly dies v. Developer sending extra tokens to the contract for it to sell

b) There is a very popular contract circulating that is meant for farming. It is cheap to deploy, extremely “safe” as far as the previously mentioned rugs, and very trivial to copy/paste and use. The contract is regularly deployed with either pragma solidity 0.8.20 or 0.8.21. At the head of the contract there are a few very distinct lines of code as shown below:

Note: Not every token using this contract fails. Not every person who uses this contract means to farm, but almost every farm uses this contract. The above token is a GOOD example of a token that was successful. The taxes were lowered to 0 so the contract was eventually able to empty the collected tax tokens.

Checking For Locked Liquidity

While the DeFi landscape shines with potential, it is also littered with pitfalls. The allure to quick profits draws more participation from both genuine investors and, unfortunately, bad actors. With the right tools and knowledge, you can significantly reduce your risk.

UNCX Network’s liquidity locking services offer a tangible layer of protection against the main scams in this guide. Additionally, the premium a developer pays to lock on UNCX shows a level of commitment to their token’s success that many scam artists would not demonstrate. Always remember to ask questions and stay informed. Here’s to a more secure DeFi experience!

--