The development of decentralized finance (DeFi) has brought a revolution in the way people interact with capital and assets. However, parallel to this innovation is the rise of sophisticated forms of cybercrime, of which "Rug Pull" has emerged as one of the most pressing problems. According to the latest report compiled by Tan Phat Digital, in 2024 alone there will be about 92 rug pulling incidents worldwide with losses of nearly 126 million USD. This number is just a fraction of the overall picture from 2023, when these scams took an estimated $760 million globally. Cumulatively to date, total losses from cryptocurrency and NFT scams have exceeded $27 billion. In the Vietnamese market, Tan Phat Digital's research data from 2020 to 2025 shows that losses from rug pulling and related forms range from 11 to 12 billion USD, and if all types of digital asset fraud are included, the number can reach 20-25 billion USD. These figures not only reflect the huge financial scale but also indicate a serious break in investor confidence in the Web3 ecosystem.
The nature and origin of the term Rug Pull
The term "Rug Pull" originates from the English idiom "to pull the rug out from under someone", which metaphorically means the act of suddenly withdrawing the support or foundation from under someone's feet, causing them to lose their balance. flat and collapsed. In the context of the cryptocurrency market, this is a form of exit scam, where project developers attract capital flows from investors through promises of profits or breakthrough technology, then suddenly abandon the project and take with them all accumulated assets.
The essence of a rug pull lies in the asymmetry of information and control. While investors participate based on public announcements and growth expectations, developers retain the right to intervene in the source code or liquidity pools. The frequent appearance of rug pulls in the DeFi space is due to its "permissionless" nature, allowing anyone to create a token and list it on decentralized exchanges (DEX) without the need for strict control processes.
Hierarchy between Hard Rug Pull and Soft Rug Pull
Classifying rug pulls based on intent and execution method is key to understanding legal and technical nature. Experts at Tan Phat Digital divide cases into two main groups with the following characteristics:
Hard Rug Pull:
Intent: Malice and plan to commit fraud right from the inception of the project.
Technical mechanism: Using malicious code, "backdoor" or functions mint unlimited coins to withdraw illegal money.
Speed: Happens extremely fast, instantaneous.
Post-fraud behavior: Wipe all traces from the website to social networks immediately.
Possibility of prosecution: High, because of direct violation of source code regulations and theft assets.
Soft Rug Pull:
Intent: Can start from a real project but then switch to the goal of profiteering.
Technical mechanism: Based on selling off a large number of tokens (dumping) and gradually abandoning the project.
Speed degree: Occurs silently and gradually over time.
Post-fraud behavior: Gradually reduces interaction, giving objective market reasons to justify.
Possibility of prosecution: Low, due to "plausible denial" making it difficult to prove initial fraudulent intent.
Basis Technical operations of popular forms of Rug Pull
To understand how a rug pull takes place, it is necessary to deeply analyze the technical operations that fraudsters use to manipulate liquidity pools and smart contracts.
Liquidity Stealing
In the DeFi ecosystem, liquidity is the lifeblood of every transaction. New projects often list tokens on DEXs by creating liquidity pools. Developers will pair their tokens with a cryptocurrency with stable value such as Ethereum (ETH) or Binance Coin (BNB).
This mechanism occurs when developers attract investors to exchange valuable assets for project tokens. When the amount of assets in the pool reaches the expected level, the developer uses administrative rights to withdraw all valuable assets. Wiping out the counterpart assets causes the project's tokens to immediately lose their swap value, turning them into meaningless numbers.
Honeypot Tokens and Sell Order Restrictions
Honeypot is a rug pull technique that relies on smart contract programming to create artificial price increases. Developers design the source code so that only authorized wallet addresses have the right to make sell orders. Ordinary investors can buy easily but cannot take profits or cut losses.
Only having buy orders without selling orders leads to galloping growth on the chart, stimulating FOMO psychology from the community. After accumulating enough capital, the fraudster will use his own wallet to dump all tokens and appropriate assets in the liquidity pool. Token Squid Game is a typical example of this tactic.
Manipulating the money supply through additional minting and dumping
Dumping is often associated with Soft Rug Pull. Developers hold a large proportion of total supply and begin to sell goods after marketing pushes prices up. In more sophisticated cases, they use a hidden "mint" function to create billions of new tokens, instantly diluting value to capture valuable assets before the market can react.
Impact of Rug Pulls on investors and markets
The consequences of rug pulls go beyond monetary losses and create profound ripple effects.
Damages Economic harm and tax consequences:Victims often lose all their investment capital. However, according to advice from Tan Phat Digital's financial experts, in some areas, investors can record these losses to deduct from taxable income from other investments.
Erosion of trust: Large-scale incidents make institutional investors and ordinary users skeptical about the safety of blockchain technology, hindering the development of genuine projects. main.
Psychological trap: Fraudsters often use time pressure and fake guarantees from celebrities to force victims to make wrong decisions.
Signs to identify a potentially risky project
Below are the "Red Flags" warning signs that Tan Phat Digital recommends that investors should pay special attention to. Special note:
Liquidity is not locked: Developer has the right to withdraw capital at any time. This is the highest risk sign. Should check with tools like Dexscreener or Unicrypt.
Anonymous team: Identity, experience or professional profile cannot be verified on platforms like LinkedIn or GitHub.
Concentrated ownership: A few individual wallets hold more than 50% of the total token supply, making price manipulation easy easy.
Unaudited source code: Unaudited smart contracts from reputable third parties, such as CertiK, may contain malicious backdoors.
Unrealistic profit commitments: Promises of guaranteed interest rates in excess of 15% per year or “x account” numbers as quickly as game.
Honeypot: Source code to prevent selling orders of common users, can be tested with a small amount or using the tool Honeypot.is.
Prevention strategy from Tan Phat Digital
To enter the market safe, Tan Phat Digital proposes a checking process (Due Diligence) including the following steps:
Contract Verification: Always look for the green check mark "Contract Source Code Verified" on Etherscan or BscScan.
Check Token Approvals: Use the Token Approval Checker tool to revoke spending rights of applications that do not necessary.
Liquidity analysis: Check if liquidity representative tokens (LP tokens) are being moved to burn addresses or long-term lock wallets (over 6 months).
Use scanning tools: Leverage platforms like RugDoc, Token Sniffer and De.Fi Scanner for automatic risk assessment. In Vietnam, you can use the utility from the ChongLuaDao.vn project to warn about malicious websites.
Wallet security: Use hardware wallets for long-term assets and enable two-factor authentication (2FA) for all accounts clause.
Analysis of major cases and lessons learned
Market history has recorded painful cases that Tan Phat Digital wants to repeat as lessons:
OneCoin (2014-2017): Multi-level fraud with a scale of more than 4 billion USD without any real blockchain. Lesson: Always check technical authenticity instead of believing in hype.
Thodex (2021): Turkish exchange closes, causing $2 billion to disappear. Lesson: "Not your keys, not your coins" - don't leave too many assets on centralized exchanges.
AnubisDAO (2021): Draining the liquidity pool caused a loss of 60 million USD. Lesson: Be wary of projects without a white paper or a completely anonymous team.
Squid Game Token (2021): Honeypot trick causes the price to increase virtually and then crash to zero, causing a loss of 3.38 million USD. Lesson: If you can't sell, it's definitely a trap.
Procedure to respond when becoming a victim
If you're unlucky enough to fall into the trap, Tan Phat Digital guides you through the following emergency steps:
Withdraw remaining capital: Implement a sell order immediately if the liquidity pool still has money.
Collect by Evidence: Take a screenshot, save the transaction code (TXID) and contact information of the fraudster.
Report to the authorities: In Vietnam, immediately contact the nearest police station or High-Tech Crime Prevention Police.
Report the exchange: Request large exchanges such as Binance or OKX to freeze the account if the money flow is fraudulent The island is moved there.
Frequently Asked Questions (FAQ)
Can Audited Projects be Rug Pulled? Yes. An audit only confirms the source code has no technical errors, does not guarantee ethics or the intention of the development team to sell off.
Why is Rug Pull popular in DeFi? Due to its anonymous and permissionless nature, anyone can create tokens without going through the strict KYC process like traditional finance.
Is it possible to get money back? The rate is very low because irreversibility of blockchain. The only chance is that the funds are transferred to a centralized exchange and promptly frozen by legal authorities.
Rug Pull is a major test of trust in the digital asset era. However, equipped with full knowledge and support from reputable units such as Tan Phat Digital, investors can completely protect themselves. The fight against cybercrime will continue with the help of AI, but resistance from the community and an increasingly perfect legal framework — such as the Digital Technology Industry Law 2025 in Vietnam — will be the foundation for a more transparent future. Always keep a cool head, research carefully and never let greed overcome reason in every investment decision.
Share
