A team of researchers says that 97.7% of tokens launched on decentralized crypto exchange Uniswap turned out to be rug pulls.
Not surprisingly, Crypto Twitter has some thoughts.
The researchers were looking to build on work done in a 2021 study that used a machine learning algorithm to analyze transaction data and find Uniswap tokens that turned out to be scams. But that algorithm could only identify suspect tokens after the scams had taken place.
In the new study, researchers claim to have added transaction data from 20,000 more tokens, manually analyzed the data, and developed machine learning methods that can “detect potential rug pulls before they occur” with 99% accuracy.
That means of the nearly 27,000 tokens that were analyzed, only 631 were found to be “non-malicious.”
A rug pull happens when a developer launches a token, makes it seem as though there’s a roadmap for further development, sells the token on those empty promises, and then disappears with the funds. Before bridge chain hacks became a $2 billion problem, rug pulls were a significant portion of the $2 billion total stolen in 2020, according to a 2021 CipherTrace report.
Keep in mind that “new” is a relative term in academics. The paper was published by the Multidisciplinary Digital Publishing Institute in March 2022. But that might not be obvious from the preprint draft that made the rounds on Twitter after Nick Almond, who heads up the FactoryDAO protocol, shared it on Monday.
Researcher Bruno Mazarra told Decrypt in an email that he’d seen the conversations about the team’s research on Twitter and provided a link to the published copy.
The draft being shared has a January 2022 date on it. It was also uploaded to the Cryptography ePrint Archive in March. The version published by MDPI is a few pages longer and expanded the dataset to include tokens that were on Uniswap V2 through September 3, 2021, but is otherwise the same.
In the replies to Almond’s tweet, Mark Zeller, vice president of the DeFi committee at L’Adan, a French digital asset industry group, pointed out that regulators there took a lot of flak for lowering the minimum amount of capital required to register a limited liability company to €1.
He likened it to how fast and cheap it can be for people to create and list new tokens on crypto exchanges, like Uniswap. People opposed to the French LLC registration change were concerned that it would make it too easy for “idiots and con-artists” to register seemingly legitimate business entities.
“That was true. What was also true is that some of these 1€ companies are now unicorns,” Zeller wrote on Twitter. “ I side with liberty, accepting the personal responsibility of risks.”
a lifetime ago my country passed a law to lower the capital needed to create a company to 1€.
back then ppl said “idiots and con-artists will launch companies bad idea!”
that was true,
what was also true is that some of these 1€ companies are now unicorns (internet boom & all)
— Marc Zeller 👻 💜 🦇🔊 (@lemiscate) October 31, 2022
Other people, like investor and Israeli Blockchain Industry forum board member Maya Zehavi, took aim at the research team’s methodology.
“Sorry, but that’s a hell of a flawed methodology for that claim,” she said on Twitter, complaining that the researchers hadn’t factored in token liquidity or volume when determining which of the approximately 27,000 tokens had experienced a rug pull.
“That’s like saying 97% of Twitter accounts are fake, but none were active during the last year,” Zehavi concluded.
The researchers used an Infura archive node and the Etherscan API to collect transaction data for all the tokens listed on Uniswap V2 between April 5, 2020 through September 3, 2021. The research paper goes into detail on the methods used (among them the Herfindahl-Hirschman Index—which federal agencies use to assess markets) and claims that other scam detectors like, Token Sniffer and Rug Pull Detector, produce misleading results.
For example, it’s common in decentralized finance for tokens to include liquidity lockers, like UniCrypt, as an assurance that developers will not be able to move funds out of a smart contract once they’ve been deposited by investors. But that’s hardly a guarantee against getting scammed, write the researchers, saying that “90% of tokens using locking contracts tend to become a rug pull or a malicious token eventually.”
There was some pushback from DeFi Pulse co-founder Scott Lewis, who argued that the researchers—or at least Almond in his 12-word summary of their 21-page draft—had used the term “rug pull” too liberally.
He said many of the tokens on Uniswap were “low effort/low revenue phishing style scams, where the token tried to look like an established token,” adding that the same scammer could create thousands with very little effort.
“‘Rug’ is an exit scam and was not 97.7% of tokens on Uniswap,” he wrote on Twitter.