If you have been following RugDoc’s Twitter or Telegram group, chances are big that you have noticed the amount of DeFi scams that are pulled off. In this DeFi Farm 103 guide we will explain which DeFi (farm) scams you should watch out for and how you can decrease the risks of getting scammed.
DeFi Scams #
A scam in DeFi is occurs when a malicious group or individual manages to steal your assets by using malicious smart contracts (such as hard rugs) or by dumping the price of their token by suddenly selling huge amounts of them (soft rugs). DeFi scams can be devided into 2 categories:
Farm scams
These types of scams typically happen in farming or liquidity pools designed by malicious developers in order to steal your assets. Farm scams are pulled off by letting unknowing investors interact with the malicious developers’ masterchef smart contracts. Usually such masterchef contracts contain function such as a migrator to an external wallet and no timelock. With inbuilt features like the aforementioned migrators, developers can drain their smart contract at any time, stealing all your funds. This scam is called a rug-pull. You can read more about how to check masterchef contracts for malicious features aquí.
Another common scam is the soft rug. These types of rugs are harder to find out, as developers tend to first earn a lot of trust from the community before executing this scam. Soft rugs are performed when a group (of developers) hold a big amount of a token and decide to sell everything at once, resulting in the price of the token crashing down. This action leaves other investors with worthless tokens, and thus big losses.
Person scams
Person scams are usually performed by requesting investors to fill in specific forms with sensitive information such as private keys and seed phrases. By doing so, scammers are able to fully take control of the wallet and proceed to send all the assets to their own wallet. Please note: Never share your private keys or seed phrase with anyone, not even trusted parties.
Another frequently used scam is that the investor is requested via their web3 wallet, in order to buy a token, to give unlimited permission to their smart contract. Once done, even if the investor has managed to retrieve his assets from the farm-/liquidity pool, the scammer is still able to drain the web3 wallet of the investor because of his unlimited permissions. If you want to learn more about revoking smart contract permissions, click here.
Investing in DeFi: What to look out for #
Prior to investing into a DeFi farm- or liquidity pool, it is wise to conduct some research to verify if the platform and/or its pools are legit.
Whenever you come across a pool of interested, make sure you perform the following steps:
- Is the defi-protocol legit? Check our website Rugdoc.io to find out if the website has been reviewed by our team. Based on our risk rating, you’ll have some idea whether the masterchef contract doesn’t contain any exploits, who the token owner is, whether there are one or multiple token holders, if there’s an anti-whale function in place, if the masterchef has a timelock and if the token-fees are safe.
- Is the team behind the protocol or token known? Make sure to check whether the team is anonymous, if they have social media and if they have a Telegram group you can join to ask them questions.
- Are the smart contracts of the protocol audited? Before continuing, make sure you check whether the smart contracts of the protocol have been audited (by a legit company). Malicious protocols tend to put fake audited badges on their websites in order to gain trust of new investors. Make sure you check with the auditing company whether a badge is legit or not. You can read more about smart contract audits and rugdoc reviews aquí.
Conclusión #
Due to DeFi being permissionless, the amount of scams have increased drastically. However, If you know what to look out for, you can reduce most of the risks. By sticking to more popular DeFi protocols such as Pancakeswap or Sushiswap and popular tokens such as ETH, BNB, BUSD, BTCB or Cake, you can get used to the DeFi space without high chances to get scammed.