Different Types of DeFi SCAMS

First we need to understand Liquidity Pools and how they work to understand how you can be scammed if you’re not careful:

Once a token is minted (Created), in order for them to be traded they need to be paired with a base currency such as BNB, ETH, USDT etc to trade with. You will need to trade your base currency for the new Token. Liquidity is usually provided by the token owner and the initial token supply to the Liquidity Pool (LP) paired with the balance of the base currency will set the initial price of the token i.e. if 1000 tokens are paired with 1000 USDT in the Liquidity pool then the price per token is 1 USDT.

The Market cap is then calculated by the Total Supply of tokens multiplied by the rate set in the liquidity pool. Using the same example if there were 5000 total supply of tokens then the Market cap would be 5000 USDT and 20% (1000) would be in liquidity and the remaining 80% (4000) in circulation.

NOTE: When Liquidity is provided into the LP a number of LP Tokens are generated and sent to the wallet that provided Liquidity to show ownership of that % of Liquidity provided to the LP.

A Smart contract is the tool that creates the functions to trade with the LP and do other things such as reward token holders, change taxes and burn tokens etc.

Now that you have a Basic understanding of Liquidity pools (LPs) , you need to now understand how they can be exploited or scammed by owners and hackers.

RUGPULLS

1. Rug pull type 1. Liquidity drain using LP Tokens
Occurs when the initial supplier of Liquidity receives LP tokens and doesn’t lock or burn them, giving them access to the tokens in the LP. They can trade their % of LP Tokens for the same % of tokens in the Liquidity pool. (For e.g. if the initial supplier of Liquidity usually the owner of the project provides 100% of the liquidity then their LP Tokens can Drain 100% of all tokens in the Liquidity Pool) It is essential that LP Tokens are Locked or Burned unless there is a valid reason for them to remain unlocked for projects such as Crypto Exchanges, Blockchain projects, Staking pools and Casinos etc. Examples are Pancake Swap, Uniswap etc.

2. Type 2. Native token sell into Liquidity Pool to drain Liquidity
Occurs when project Devs retain a very high % of tokens which exceed the supply of tokens in the Liquidity pool and then sell their tokens to the LP and drain the Base Currency.

3. Mint Function to Sell Native tokens and drain Liquidity.
Is the same as Type 2 however can be deceiving where the Dev has locked the LP tokens and not retained any native tokens of the project to create a sense of security and draw in buyers. A mint function allows them to mint an unlimited amount of new tokens and then sell them into the Liquidity Pool and drain the base currency. (There can be hidden MINT functions masked or disguised under different names)

4. Token transfer scam
These scams relate to a function that allows the contract owner to transfer tokens from anyone’s wallet to their own and then sell them into the LP and drain the base currency.

HONEYPOTS

A HoneyPot is a type of Scam which allows people to buy tokens but prevents them from selling the token. This essentially locks the Base tokens into the contract where only the Contract Owner can sell tokens and drain Liquidity (Rug Pull)

Honey Pots are created in 2 main ways and the Liquidity is drained in the same way as described in the Rug Pulls section.

      1. Coding manipulation and errors to prevent you from selling your tokens. (Coding may look normal but have sequence errors which make declarations void in the contract to stop selling activity.

      2. Tax increase to stop you from selling (Slippage manipulation by increasing taxes on rewards tokens) By increasing taxes to 50% or 100% it stops holders from selling their tokens because Pancake Swap does not currently allow you to set Slippage above 49% however Watchtower is creating a DEX which will allow you to set infinite slippage to sell tokens and atleast recover some of your scammed tokens.

Wallet Hacks

Never Never Never give out your wallet Passphrase or Private Key to anyone no matter who they say they are. Giving them your private key will allow them to control your wallet and transfer your tokens to their own addresses.

WEB3 DAPP hack

Is another form of a Wallet Hack where scammers get you to interact with their website, DAPP or smart contract which grants them permission to transfer or steal the tokens in your wallet. This usually occurs alongside Dusting attacks.

DUSTING ATTACKS

A scam where Devs send you their project tokens in small or large amounts with a perceived value and then trick you into believing you can sell these tokens by interacting with their website DAPP which actually gives them permission to steal the other tokens in your wallet.
Never interact with a DAPP or website for tokens that were Dusted to you from unverified projects.