What Are NFT Rug Pulls? How To Protect Yourself From NFT Fraud?

In the ever-evolving landscape of digital assets and blockchain technology, non-fungible tokens (NFTs) have garnered significant attention. However, as the popularity of NFTs continues to surge, so do the risks associated with them, such as in the form of NFT rug pulls – but what is a rug pull, how does it work, and how can you protect yourself? Read on to find out more.

What is a rug pull?

In crypto, a rug pull refers to a scam where a cryptocurrency or NFT developer promotes a project to attract investor funding, only to shut down or disappear, taking investor assets with them. There are variations on this theme, such as when developers deliberately hype up a project to increase the price, and then abruptly sell up, leaving the price to fall. The term derives from the saying ‘to pull the rug from under someone’, leaving them in the lurch. Rug pulls can also be known as exit scams.

How do NFT rug pulls work?

Rug pulls are schemes to artificially inflate the value of an investment through false and misleading claims, to sell cheaply purchased units at higher prices. Both schemes take advantage of a lack of regulation in the crypto space, misinformation, unethical sales techniques, and investor FOMO (fear of missing out). The difference is that pump and dump schemes usually operate within a shorter timeframe, focus on the price action of low value tokens, and don’t require the involvement of the token’s developers.

Another tactic is large developer pre-mines – that is, when tokens are minted before being launched to the public – which can be either concealed from investors or explained away as a project vault, developer fund, or eventual burn. The scam is only revealed when these funds are quickly sold off when the token’s price rises high enough.

Rug pulls can be executed through backdoors intentionally written into the project’s smart contracts that allow developers to drain and manipulate staked or otherwise locked tokens. Whatever the mechanic, the rug pull quickly drives the price to zero, leaving investors who didn’t get out early with worthless tokens. We explain more about the different types of rug pulls below.

Types of rug pulls

Broadly, rug pulls fall into three categories. These include:

Liquidity theft

Liquidity in cryptocurrency refers to the ease of conversion between two assets – such as, for example, a trade between a digital token and a fiat currency or another token. Liquidity pools enable users to trade cryptocurrencies without relying on a centralized exchange. Liquidity theft takes place when the creators of a token withdraw all the coins within the liquidity pool, removing all the value injected into the currency by investors.

Limiting or blocking sell orders or withdrawals

In this kind of scam, developers typically allow investors to buy their tokens but either limit or disable sell orders. They may limit sell orders from the start of the investment period or much later when they are looking to lock in their gains.

This type of rug pull is more common with trading platforms where scammers have access to the backend to enable and disable trades or withdrawals. This scam is typically carried out on decentralized exchanges to minimize the chances of being tracked.

Users of the exchange will be lured into using a new trading platform through an active marketing campaign. Once the exchange becomes active with trading activity, the scammers will partially or entirely disable functionality. For example, it may still be possible to buy tokens but not sell them, or perhaps traders are still able to sell capped amounts. There are several variations, but ultimately the scammer’s goal is to exit with the greatest number of tokens.

It is also possible for developers to launch a smart contract for a crypto project with malicious code that limits or prevents token transfers between wallets, therefore preventing owners of the token from selling it after acquiring it. This ensures that owners are unable to send the tokens to trading platforms for selling.

Token dumping

Token dumping involves developers hyping up a particular token to the public to raise its price. Investors will notice the sharp rise of the token’s price and may experience fear of missing out or FOMO, prompting them to invest. Once enough investors are on board, the promoters then dump their tokens into the market at the peak, leaving the latest buyers with overpriced tokens.

A variation takes place when a deceptive crypto project team allocates itself a disproportionately large amount of the available tokens as compensation for their role. These token holders – sometimes called whales – are then quick to dump these tokens in the marketplace, causing the asset price to decline.

Depending on how many tokens they hold and how many of these tokens they flood onto the market, the price of the asset can fall significantly, resulting in losses for other token holders.

A businessman using a computer to look at NFT art

Hard pulls vs. soft pulls

When talking about NFT rug pulls, you sometimes hear the terms ‘hard pulls’ and ‘soft pulls’. The distinction between these two terms is:

Hard pulls take place when the developers intentionally create malicious backdoors in the project’s smart contract. These backdoors allow the developers to exploit the project and steal funds from investors. Malicious backdoors can be difficult to detect, and once the developers have exploited the project, they disappear, leaving investors with worthless tokens.

Soft pulls occur when the developers dump their tokens, causing the value of the project to fall. This leaves investors with worthless tokens, but it is considered less malicious than a hard pull, as the developers do not intentionally create backdoors in the project’s smart contract.

Are rug pulls illegal?

While crypto rug pulls are always unethical, they are not always illegal. Hard rug pulls, where developers code malicious backdoors into their tokens, are illegal. Soft rug pulls, where developers dump their crypto assets quickly, are unethical but not always illegal. However, fraudulent activities in the crypto industry, including rug pulls, can be challenging to track and prosecute. One difficulty is that crypto fraud regulation is not – yet – consistent around the world. Regulation in different jurisdictions is patchy, which can lead to ambiguity and confusion.

NFT rug pull examples

Frosties – 2022

Frosties was an ice cream-themed collection of 8,888 NFTs that marketed itself as ‘cool, delectable, and unique’. The founders, Ethan Nguyen (known as ‘Frostie’) and Andre Llacuna (known as ‘heyandre’) had built a large following on Discord and promised collectors a fund to ensure project viability, as well as merchandise and raffles.

The NFTs were priced at 0.04 ETH per mint, which meant that, once the collection sold out within a few hours, the project team had accumulated 335 ETH — or just over a million dollars. At that point, the project’s website and Discord disappeared, with the funds from the sale transferred to various wallets. The founders could not be reached by people who had bought into the community, who were left with nothing but their digital art.

The US Department of Justice subsequently charged the pair with conspiracy to commit fraud and conspiracy to commit money laundering.

Big Daddy Ape Club - 2022

Big Daddy Ape Club was intended as a collection of 2,222 ape-themed NFTs to be minted on the Solana blockchain and then listed for sale on the Solanart marketplace. It turned out to be the biggest rug pull in the history of the Solana blockchain.

Unlike other rug pulls, where developers offer some NFT art and then disappear with the money, Big Daddy Ape’s developers raised money (about $1.3 million) to mint the project NFTs – but no NFTs existed. In the hours leading up to the mint, Big Daddy Ape Club locked then deleted the project’s Discord, with the website and Twitter account disappearing shortly thereafter. None of the investors received the NFTs they had paid for.

Baller Ape Club – 2022

Another ape-themed project was the Baller Ape Club, whose founder was Anh Tuan. Reportedly, Tuan made off with $2.6 million from investors, after launching a collection then deleting the project’s website and laundering the money. According to the US Department of Justice, Tuan then converted the funds into various cryptocurrencies and transferred them across a number of blockchains, a process known as chain-hopping. Tuan was subsequently charged with conspiracy to commit wire fraud and international money laundering.

Thodex - 2021

Faruk Fatih Ozer, the founder of Thodex, formerly one of Turkey’s largest crypto exchanges, fled to Albania in 2021 after allegedly defrauding his platform users of $2.7 billion in funds. Before fleeing Turkey, Ozer’s company offered new registrants millions of free dogecoins, which many users say they never received.

In 2022, Ozer hit the news again when he was arrested in Albania and extradited to Turkey. He was sent to prison for 11,196 years after going missing in 2021 after the sudden collapse of Thodex, one of Turkey’s largest crypto exchanges. This mean that more than 400,000 members were left without access to their money which totalled $2 billion in cryptocurrencies.

How to protect yourself from rug pulls

Follow these tips to protect yourself from NFT rug pulls and NFT fraud:

Research the team behind the NFT project

Ideally, you want to invest in an NFT project with a well-known and experienced team behind it. However, that isn’t always possible since new projects and new teams continually emerge to enter the market. Nonetheless, it’s important to carry out research – such as checking reputable NFT sources to see what information you can find to confirm the team’s legitimacy, and checking the team’s website to ensure it looks professional.

Research further information about the NFT project

Even if the team behind the project seems legitimate, it’s advisable to gather further information about it. For example, you can use sites like DappRadar to search for the collection. If there’s something suspicious about the project, DappRadar may have discovered it and displayed it in the collection’s “Info” badge. DappRadar’s NFT explorer allows you to see the trading history of an NFT. This can be an effective way to check if there are signs of foul play with a certain collection.

A collection’s community is another indicator of its quality and authenticity. Look on social media to see how people interact with the project. Are comments positive, or are there suspicions and uncertainty? Reddit is a useful platform for checking user sentiment. Also, it may be worth making sure the NFT project has an official Twitter page or Discord channel – without these, it’s almost certainly a scam.

Review the project’s roadmap

An NFT project roadmap will outline target milestones and goals, plus the overall strategy and vision for the project. This provides investors with clarity and transparency. A project roadmap should be detailed, realistic, and achievable. If a roadmap sounds too good to be true, exercise caution. If a project doesn’t have a roadmap, then avoid it. Even if it isn’t a scam, it’s not advisable to invest money into a project without clear goals and future plans.

Check the project’s trading volume

The trading volume of an NFT collection can be an indicator of its legitimacy. The more users who are trading NFTs from that collection, the greater the sign of liquidity and an active community.

Be skeptical and question everything

Be skeptical and don’t succumb to over-the-top promises. Bear in mind that all NFT projects involve risk, regardless of who is behind them and whether they are legitimate. This is because every NFT project can potentially fail – which is something investors need to be aware of at the outset. Diversification is as important in cryptocurrency as anywhere else in finance. Projects can fail due to technical glitches or business blunders, even without malicious intent.

Pick established products

Rug pulls are more prevalent with new projects that haven’t received the same level of scrutiny as more established cryptocurrencies like Bitcoin. Newer projects don’t have a long-term track record, so there may be vulnerabilities that make it possible for their organizers to siphon value away from investors and keep it for themselves. One way to enhance your protection is by sticking to centralized exchanges such as Binance or Coinbase. While the presence of a cryptocurrency on a large exchange is not a guarantee of its quality or investment potential, these businesses often will review assets before listing them for sale.

Beware of hype and the fear of missing out (FOMO)

NFT scammers often prey on the FOMO that’s generated by rare-but-true stories of epic returns. It is true that some people have made a lot of money – but criminals play on the hope that others have to replicate this success to manipulate their victims. Be mindful of FOMO and keep your wits about you.

Know the code

The fate of any investment in cryptocurrency or blockchain projects depends upon the integrity of the project's computer code. You may not be a computer programmer, but you should understand how a product works before investing in it. Check if it’s been audited by a professional organization that is respected in the industry. Projects that have received positive feedback from auditors will often promote the results themselves.

As always, a central aspect of staying safe online is practising cyber hygiene. This includes using a high-quality antivirus, ensuring you have strong passwords and using a password manager to store them, and using a Virtual Private Network to maximize online privacy.

Related products:

Further reading: