Disclaimer: This article is meant to provide general guidance to help protect DeFi users and investors. It’s not an exhaustive list and should not be taken as financial advice. Binance Academy is not responsible for your investment decisions.
As more people get interested in the fascinating financial innovations made possible by DeFi, scammers are finding more ways to take advantage of them.
DeFi is an especially unforgiving space – usually, there aren’t any good ways to recover funds or hold malicious actors accountable. However, if you know what to look for, you may be able to decrease the chances of scammers taking advantage of you.
Decentralized Finance (DeFi) is abundant with innovation. It seems like new DeFi projects are launching by the minute, and it’s extremely difficult to keep up, let alone DYOR.
We often talk about how blockchains are permissionless – which is basically a fancy way of saying they are “public.” No one needs permission to use them, develop for them, or launch projects on them. While this value is inherent to cryptocurrencies such as Bitcoin, it has its negative aspects as well.
Anyone can launch scammy or misleading projects, and there’s nothing there to stop them. Well, technically, not nothing – we, as a community, can help each other identify some common patterns that separate the legitimate innovations from the misleading scrap.
So, what should you be on the lookout for?
What is the purpose of the project?
This may seem like an obvious question to ask, especially if you’re new to the DeFi space.
However, a good majority of crypto assets don’t bring anything new to the table. Sure, there’s extremely exciting innovation as well – that’s why we’re all here after all! But many new projects try to just piggyback on the attention on DeFi without even trying to innovate.
So, one thing you can ask is – does this project try to do something new and innovative? Are they trying to contribute to the new digital economy with their project? How is it different from its competitors? Is there a unique value proposition here?
These are very simple, common-sense questions. But, by asking them, you can already weed out a good portion of scams.
Another thing you can look at is developer activity. DeFi is closely intertwined with the ethos of open-source.
So, if you know a bit about coding, you can go ahead and take a look at the code yourself. The great thing about open-source, though, that if there’s enough interest around the project, others will surely do. This can likely uncover if the project has malicious intentions.
In addition, you can also look at the development activity. Are the developers continually shipping new code? While this metric can be gamed, it can still be a good barometer for finding out whether the developers are for real or if they just want to make a quick buck.
Smart contract audits
Something that gets thrown around a lot with smart contracts and DeFi is auditing. Audits are supposed to make sure that the code is secure. While they are an essential part of smart contract development, many developers deploy their code without any audits. This can greatly increase the risk of using these contracts.
One thing to note here is that audits are expensive. Legitimate projects will typically be able to pay for audits, but scam projects usually won’t bother.
So, does it mean that if a project had an audit, it’s completely safe to use? No. Audits are necessary, but no audit will ever mean total safety. Always be aware of the risks of depositing your funds into a smart contract.
Are the founders anonymous?
The world of crypto is deep-seated in the freedom of anonymity (and pseudonymity) that the Internet can provide. After all, we’ll likely never know the identity of Satoshi Nakamoto – the very person (or group) that created the first cryptocurrency.
However, teams with anonymous founders still pose an additional risk you need to consider. If they turn out to be scammers, there’s a good chance they can’t be held accountable. While on-chain analysis tools are getting more and more sophisticated, it’s still different if the founders have a reputation at stake that’s tied to their real-world identity.
Note that not all projects led by anonymous teams are scams. There are certainly many examples of legitimate projects with anonymous teams out there. Still, you should consider the implications of team anonymity when evaluating projects.
So, in summary, are projects with anonymous founders bad? No. Are projects with anonymous founders more difficult to be held accountable for malicious behavior? Yes.
How are the tokens distributed?
Token economics is a crucial aspect to consider when researching a DeFi project. One of the ways a scammer can make money is inflating the token price while having a huge holding and then dumping it on the market.
What happens if, say, 40-50-60% of the circulating supply gets sold on the open market? The token price drops, losing almost all its value. While a significant founder allocation isn’t in itself considered a red flag by some, it can lead to problems down the line.
In addition to allocations, you need to consider how the tokens are distributed. Is it done through an exclusive pre-sale, available only to insiders who get a great deal then hype the project on social media? Is it an Initial Coin Offering (ICO)? Are they doing an Initial Exchange Offering (IEO) where a crypto exchange is putting their reputation at stake? Are they distributing tokens through an airdrop that likely causes a lot of sell pressure?
Token distribution models have a lot of nuances to consider. In many cases, it’s difficult to even get ahold of this information, which in itself can be a red flag. However, if you’d like to get a full picture of the project, this is absolutely essential information.
How likely is an exit scam?
Yield farming (or liquidity mining) is a new way to launch DeFi tokens. Many new DeFi projects use this distribution method as it can create some favorable distribution metrics for the project. The idea is that users lock their funds into smart contracts and get a portion of the newly minted tokens in return.
You can probably see where this is going. Some projects will just outright take the funds in the liquidity pool. Some will use more sophisticated methods, or have a huge pre-mine.
In addition, new altcoins often get listed on automated market makers (AMM) such as Uniswap or Sushiswap first. If the project team is providing a good portion of the liquidity for the market pair on the AMM, they can just as well remove it and dump the tokens on the market. This typically results in the token price essentially going to zero. As there basically isn’t a market left to sell in, this is often called a rug pull.
Whether you want to take part in the wild west of yield farming or simply use decentralized protocols to exchange and trade, DeFi scams are abundant. Hopefully, these general guidelines can help you spot malicious projects and bad actors better.