Fraud is endemic in the crypto markets as most participants and regulators are quick to admit, if they are honest, of course. “Rug pulls” are one form of fraud where an issuer of a given crypto-asset markets and sells the asset to buyers/investors through either an unregistered offering in violation of US securities laws, an offshore non-US offering, or a legitimate utility token offering (a token that fails the Howey test). Such issuer retains a substantial portion of this crypto-asset in its company wallet(s) and creates liquidity for the token or coin by registering it with any number of dozens of decentralized or centralized exchanges, usually tier 3 or just extremely poorly managed and monetized centralized exchanges desperate to add coins to their trading pool so as to increase commission revenues. Some CEXs conduct little to no KYC.
The issuer may promise purchasers a token/coin lock-up period or vesting period for any number of months, usually from 3-12, or there may be no lock-up stated, and purchasers don’t know to look for one or inquire about it. As a related point, this firm recommends longer lockups or smart-contract coded periodic vesting in publicly disclosed wallets so that the developer team maintains credibility in their long-term commitment to the project. The liquidity created by one or more exchanges enable the purchase and sale of the issued crypto-asset, but unwittingly or recklessly, such exchanges play a significant and foreseeable part in the fraud.
The rug pull occurs when the issuer/developer proceeds to pump the price of the issued crypto-asset through media hype, marketing savvy, hired pitchmen/celebs, real or feigned apparent demand, or demonstration of the final product; generally in alpha or beta testing which is usually fraudulent. During the pump of the crypto asset the issuer is in fact selling into the pump on one or more exchanges and converting the token to a more valuable cryptocurrency such as ETH, BTC, USDC, USDT, or one of dozens of other stablecoins or privacy coins. If the developer’s wallets are public then the rug pull is evident and cannot be concealed, but if the wallets remain private, which is more common, then the proceeds of the sale may have their records erased by means of a number of ‘mixers’ which remove traces of the source of a given cryptocurrency otherwise known as a wallet address. Privacy coins don’t need to be ‘mixed’ or ‘anonymized’ as the process is known, which makes ascertaining the origin wallet of the current holder wallet impossible or extremely difficult. So called ‘privacy coins’ which do the same thing as a ‘mixer’ are not widely used and most users do not use the anonymizing features in any case, so chances are a rug puller will move into a larger cap token which will be washed through a mixer and not be able to be traced to its final destination.
How do exchanges facilitate rug pulls and how can the industry police itself to prevent regulator intervention? It may be too late to prevent regulatory action with respect to exchanges, but the industry still needs to portray itself as a beneficent actor and actively make efforts to stop and prevent fraudulent activity that stains the reputation of crypto and keeps investors and innovators away due to fear or mistrust of industry actors. Exchanges directly facilitate rug pulls by failing to properly vet issuers they list and allowing mass dumps of a given crypto-asset without any kind of gate to prevent pump and dumps.
Decentralized exchanges by definition do not conduct KYC or identity verification of any kind on any token, which would violate the entire purpose of an automated exchange, and the trade becomes nothing more than a swap of one crypto-asset for another, no fiat involved. However, DEXs need still need to VOLUNTARILY code prudent swap practices into their platforms so that rug pulls are more difficult or impossible to carry out so as to protect their own users and the crypto community as a whole. There are many solutions, but a few examples which may be used include:
- This type of sale limiter gate can also be implemented into a token’s smart contract and goes a long way to demonstrate good faith, but an exchange may program their swap algorithms which limit the number of tokens/coins that may be swapped by any single user to a certain low amount in any given day or a week. The criteria for such limitations may apply only to new crypto-assets of for example younger than one year. Crypto-assets older than a year may have a higher cap. And two+ year old established projects may have no cap. A cap may depend on total supply and start with a percentage limit per day or week which increases with greater age and/or volume.
- Post large token/coin sales publicly though anonymously. Purchasers/traders that own a crypto-asset being traded on only one or a few small exchanges should be made aware that large blocks of their holdings are being dumped on a regular basis, hence an exchange might post its largest block swaps for the past week or fourteen days or any other period somewhere easily found by platform users. For example, if #1 above is used to limit the blocks that are being swapped for new tokens on a regular basis, then any tokens which have the maximum allowable amounts being swapped for more than two or three days in a row could be made public, as it could indicate a rug pull.
- Block certain wallets from swapping on their exchange. For example, for all newly listed tokens there is certain to be an issuer with a large block of such crypto-asset retained in one or more wallets for various expenses. The DEX may require the listing party to disclose all of the issuer’s wallets with substantial holdings and block those wallets from swapping/trading its own token for a certain lock-up period. The exchange should then list such wallets publicly for each such newly listed token to allow DEX users to monitor any movement or crypto-assets out of the listed wallets, which may be a red flag warning of a rug pull.
- Large price movements for the top dozen or more thinly traded or newly listed crypto-assets should be posted as well, which some exchanges already currently do.
- Of course, DEXs could certainly prohibit any crypto-assets which do not have a website and/or do not disclose their development team. These items would be publicly disclosed by the issuer during the DEX sign-up process. Anonymity is one thing with transactions but entirely different when it comes to investments, protection of the unsophisticated public, and integrity of this bourgeoning industry, particularly with respect to ultra-risky start-up ventures.
- DEXs should have a contact address where notices of ongoing/exposed rug-pulls and other emergency information would be sent with immediate action being taken by the DEX; thereby placing the onus on the platform to halt all trading of an offending rug pulled crypto-asset.
Most reputable tier 1 and 2 CEXs already conduct some due diligence on a new listings, require an attorney Howey opinion, and conduct KYC on the developer team, so this should generally continue with more disclosure being better. Disreputable CEXs will continue their nefarious activities and refuse to police themselves; hence education is key, in that such low quality exchanges should be avoided by all honest crypto participants.
The above could be used by any exchange, and transparency in new projects is key to gaining investor trust and growing the investor base to include far more professional investors, seed capital, and venture funds than there are currently involved. Most projects that raise start-up capital for platform development are offering securities and need to comply with Reg D, Reg CF, or Reg A. My prior blogs describe a two-tier token system issuance; one a security token sold and traded for profit and one a utility token to be used to fuel the platform. This industry has a lot of credibility problems and then when there is a 50%-80% retracement people wonder why it is so volatile.