Despite the herculean efforts to clean up DeFi, hardly a day passes without some major breach of trust making the headlines on CoinDesk or Cointelegraph. As the financial and human costs of deceitful actors “pulling the rug” mount up, investors are not the only ones losing balance.
Our latest installment in the “DeFi 101” series looks at the rising prominence of “soft” rug pulls, explaining what they are, how they differ from traditional “hard” rugs, and how the thin line between the “illegal” and the “unethical” is slowly being blurred out of existence.
Betrayals of Epic Proportions
Like most forms of betrayal, rug pulls within DeFi have been the subject of both immense private pain and public fascination.
For the emotionally-invested community, realizing that their project’s developers have vanished with their money overnight is a deeply distressing experience, frequently followed by all five stages of grief. For the regulators, it is a bullet point in a report that explains how the lack of checks within the industry encourages baser instincts. For the general public, the news is just one more cautionary tale of how the bad guys within DeFi frequently get away with it.
Unsurprisingly, the prevalence of rug pulls within the industry remains one of the most pressing issues on the road to maturity. The enormous financial and reputational costs associated with high-profile scams and exploits are stymying mass adoption efforts and are driving investors away. Nevertheless, at the same time that the industry is trying to clean up its act, it is plagued by a relatively modern type of an exit scam that muddles the distinction between unethical actions and outright fraud. Previously known by various names, it is now called the “soft” rug.
“Soft” Rugs
Despite feelings of snug comfort some might associate with the term, “soft” rug is used to describe a type of unethical exit by the developer team. It differs from the traditional “hard” rug because it does not qualify for an outright definition of fraud and can be difficult to characterize as explicitly malicious.
“Hard” rugs are always defined by their fraudulent intent, usually evidenced by malicious backdoors left in smart contracts that allow developers to limit sell orders or to drain project liquidity pools at investors’ expense. “Hard” rugs are also often preceded by extensive price pumping and can be clearly labeled as rugs because their conclusion is always an abrupt dump.
“Soft” rugs, meanwhile, are a little less clear-cut. The term still refers to the process of project abandonment, and the malicious intent might still be there. Nevertheless, in a “soft” rug, the project’s smart contracts are not explicitly coded to defraud investors, and only the team’s shares are dumped. The duration of the exit may also be stretched out, with the team still making public appearances as the tokens are quietly “dripped” to the market.
The quintessential case of Polywhale Finance helps illustrate the point. After the team dumped their shares during a market crash, the immediate accusations of a “soft” rug were deflected by public messages from the founders on the souring market outlook. Polywhale Finance cited cut-throat competition and poor tokenomics as the reasons for the sudden exit. Only later would it become clear that millions were dripped to the market from the team treasury during the three weeks prior.
Acting in Bad Faith
Teams have been accused of cashing out and abandoning projects prematurely for years, but the number of “soft” rugs has multiplied as the DeFi movement gathered speed. Polywhale Finance illustrates the rather “gray area” that such exits now occupy. Because “soft” rugs are not malicious by code design, it is difficult to denounce them as outright scams or fraud. Over-promising and under-delivering are not necessarily illegal acts — projects do flop, teams sometimes underperform, and the market outlook does occasionally worsen. There are always personal or project-related issues one can point to as the reason for going back on promises.
Even though the act of secretly dumping the team’s allocation might be highly unethical, it is not necessarily illegal since no (direct) theft of investor funds is involved. The malicious intent might have been there from the beginning, but more often than not, a “soft” pull is just a last-minute effort to profit from a failing project.
Prevention and Protection
Because a “soft” rug is often a last-ditch effort, it is usually impossible to foresee ahead of time. Nevertheless, the best defense against a “soft” rug remains publicity. Fully “doxxed” teams are far less likely to risk the reputational damages associated with an unethical exit or potentially being held accountable for fraud. Publicized treasury addresses are also a good indicator of project legitimacy since token movements can be monitored by the community at all times.
It is also important to take notice of whether the project’s liquidity pools are locked and managed by trusted third parties and whether the project’s code has been verified and audited. Developers not using multi-signature wallets and “whale” wallets dominating the market are major red flags. A fresh website domain (check creation date at whois.domaintols.com) and a careless UI/UX can also betray the haste with which the project has been put together. While these signs are not conclusive on their own, their sum is a pretty good indicator that the sky-high valuations may come crashing down in due time.
This does not, however, mean that one should give in to fear. The DeFi movement has spawned a perplexing number of innovations that continue to create new opportunities for uprooting the old ways of doing business. Yes, rug pulls — both “soft” and “hard” — are enormously damaging to the DeFi industry’s reputation and attract the ire of regulators. Nevertheless, at the same time, they are also a sign of success — an indication of just how much capital is sloshing around the market to support the ideas of tomorrow.
About Lossless
Restoring trust in web3 security. Lossless incorporates a new layer of blockchain transaction security, protecting projects and their communities from malicious exploits and the associated financial loss.
Lossless protocol implements an additional layer of blockchain transaction security for ERC-20 standard tokens, mitigating the financial impact of smart contract exploits and private key theft. Lossless protocol utilizes community-driven threat identification tools and a unique stake-based reporting system to identify suspicious transactions, providing real-time protection.
Twitter | Platform | Telegram | Discord | Website | Documentation | Github
