The Rise of Cryptocurrency Exit Scams and DeFi Rug Pulls

An investigative report explaining what cryptocurrency exit scams and DeFi rug pulls are, how they are carried out, and the tracing and investigations of such crypto frauds.

Decentralised Finance or DeFi refers to financial applications built on top of blockchain systems with no central immediaries. As calculated by Coingecko, the market coin of the DeFi space has grown above $100B in 2021. The flood in capital also makes it a prime area for hackers and scammers to operate.

CipherTrace reports that DeFi rug pulls and exit scams formed 99% of all crypto frauds in 2020. DeFi-related hacks now make up more than 60% of the total hack and theft volume in 2021, a large increase from only 25% in 2020. Many of the recent investigations which Cylynx conducted are also linked to the use of DeFi smart contracts to hide and launder funds. In this advisory report, we discuss how exit scams are conducted and how investigators can trace and monitor such activity on the blockchain.

What are exit scams and DeFi rug pulls?

Both exit scams and DeFi rug pulls are crypto frauds. Exit scams happen when cryptocurrency promoters disappear with investors' money during or after an initial coin offering (ICO). DeFi rug pulls are a new form of exit scam whereby crypto developers abandon a project and run away with investors' funds by taking away buy support or Decentralised Exchange (DEX) liquidity pool from the market.

How are exit scams and rug pulls carried out?

Rug pulls typically occur in the DeFi ecosystem, especially on decentralised exchanges (DEXs) such as Uniswap or Sushiswap, as fraudulent token creators are able to create and list tokens for free without audit.

TScammers can create a token on a DEX and pair it with a leading cryptocurrency such as Ethereum. Thereafter, once investors have swapped their ETH for the new token or coin, scammers would drain the DEX pool. This drives the coin's price to zero, leaving investors with nothing but virtually worthless coins.

Examples of Exit Scams and Rug Pull

In 2020, the USD value locked in DeFi has grown tremendously, increasing money laundering risks as hacked DeFi protocols form the bulk of crypto thefts. According to CoinGecko, by the end of 2020, DeFi had locked $19.8 billion—23% of Ethereum’s total market capitalisation, which is a more than 1000% increase from $1.7 billion at the beginning of 2020. The number has since grown to over $130 billion by May 2021, showing immense growth of the DeFi space. This flood in capital has attracted many hackers and scammers, as seen in the rise of exit scams and DeFi rug pulls.


Earlier this year, Thodex — a Turkish cryptocurrency exchange with about 400,000 users — was accused of pulling an exit scam. Thodex’s website stated that the platform is “temporarily closed” to address an “abnormal fluctuation in the company accounts.” The cryptocurrency exchange has about 400,000 users, and its CEO allegedly took $2 billion of customer funds with him while fleeing Turkey.

Compounder Finance

Also earlier this year, Compounder Finance was rug-pulled with some $10.8 million of investor funds stolen. Compounder Finance had its contracts drained of $750,000 worth of wrapped bitcoin (WBTC), $4.8 million ether, $5 million dai and a small assortment of other tokens. While they have been audited previously, the team swapped the safe and audited contracts and replaced them with malicious contracts that enabled them to steal investor funds.

Meerkat Finance

Another incident involves Meerkat Finance, a DeFi project which had been drained by $31 million worth of crypto assets. On its official Telegram channel, the team claimed that its smart contract vault was compromised.

These are real incidents with millions and billions of dollars lost and thousands of investors affected. Given the rise of exit scams and DeFi frauds, we need efficient and reliable ways to detect and investigate such frauds.

BSC Rug Check ETH Rug Check
Rug Update