Warning: This article is a general guide aimed at helping protect DeFi users and investors. It is not an exhaustive list and should not be considered financial advice. Hafizebot accepts no responsibility for your investment decisions.
Decentralized Finance (DeFi) is full of innovation. New DeFi projects are launched almost every minute and it's hard to keep up, let alone Do Your Own Research (DYOR).
We often talk about blockchains being permissionless – which is just another way of saying that these chains are “public”. No one needs permission to use blockchains, develop for them, or launch projects that will run on chains. Although this value is inherent in cryptocurrencies such as Bitcoin, it also brings some negative features.
Anyone can post fraudulent or deceptive projects, and that doesn't stop them. In fact, something can be done technically – we as a community can help each other identify some common features that distinguish legitimate innovations from illusory attempts.
What elements, then, should we pay particular attention to?
What is the aim of the project?
This question may seem obvious to ask, especially if you are new to the world of DeFi.
But the vast majority of crypto assets reveal nothing new. Of course, there are also incredibly exciting innovations – that's why we're all here! But many new projects just aim to capitalize on the interest in DeFi without even trying to innovate.
In this case, you might ask: Is this project trying to introduce something new and innovate? Are they trying to contribute to the new digital economy with their projects? How does this project differ from its competitors? Is there any unique added value being demonstrated here?
These are very simple and common sense questions. But by asking these questions, you can rule out most scams.
Another element you can consider is developer activity. DeFi is closely related to its approach to being open source.
So if you know a little about coding, you can take a look at the code yourself. But the great thing about being open source is that if there's enough interest in a project, someone will definitely review the code. Thus, if the project has malicious intentions, they can be exposed.
In addition to this, you can also check out the developer activity. Are the developers constantly releasing new code? While it can be tampered with, this metric can still be a good indicator to determine whether the developers are sincere or just trying to monetize.
Smart contract controls
One of the most discussed topics in smart contracts and DeFi is audits. Audits aim to show that the code is safe. In fact, although controls are a core element of smart contract development, most developers expose their code without any controls. This can greatly increase the risk of using such contracts.
At this point, it's also important to note that inspections are expensive. Legitimate projects can usually cover the costs of auditing, but fraudulent projects prefer not to deal with it.
So does this mean that if a project has passed audit it is perfectly safe to use it? No. Audits are necessary, but no audit means complete security. You should always be mindful of the risks of investing your funds in a smart contract.
Are the founders anonymous?
The crypto world is deeply associated with the freedom to keep one's identity private (or use pseudonyms) made possible by the internet. Ultimately, we will probably never learn the identity of Satoshi Nakamoto, the person (or group) who created the first cryptocurrency.
But teams with anonymous founders pose an additional risk that you should consider. If these people turn out to be scammers, it is likely that it will not be possible to impose sanctions. While on-chain analytics tools become more and more sophisticated, founders' reputations tied to their real-life identities still make a big difference.
It is also important to note that not all projects managed by anonymous teams are scams. There are many examples of legitimate projects with anonymous teams. However, when evaluating projects, you also need to consider the implications of team anonymity.
So in summary, are projects with anonymous founders bad? No. Is it more difficult to sanction projects with anonymous founders for their malicious behavior? Yeah.
How are the tokens distributed?
An important issue to consider when researching a DeFi project is the token economy. One of the ways scammers make money is by inflating the price of the token when they have a huge amount of savings and then suddenly selling their savings.
For example, what happens if 40-50-60% of the circulating supply is sold on the open market? The price of the token drops and the token loses almost all of its value. Although a large share of the founder is not seen as a danger signal by some people, it can still be a problem.
In addition to the allocated share, you also need to consider how the token is distributed. Did the distribution take place through a special pre-sale where only insiders praised the project on social media after purchasing at a great price? Has an Initial Coin Offering (ICO) been made? Has an Initial Exchange Offering (IEO) been conducted where a crypto exchange demonstrates its reputation? Or are the tokens distributed via an airdrop that is likely to create massive selling pressure?
Token distribution models have minor differences to consider. Often, even this information is hard to come by, which in itself can be a sign of danger. But if you want to have a complete idea of the project, this is absolutely essential information.
How likely is the project to be an exit scam?
Yield farming (or liquidity mining) is a new way to mine DeFi tokens. Many new DeFi projects use this distribution method as it can create some useful distribution metrics for the project. The main idea is that users lock their funds into smart contracts and in turn get a share of the newly issued tokens.
You've probably guessed where this is going. Some projects directly capture funds in the liquidity pool. Others use more sophisticated methods or do massive pre-mining.
In addition, new altcoins are often first listed on automated market makers (AMMs) such as Uniswap or Sushiswap. If the project team offers most of the liquidity for the market pair in AMM, they can likewise withdraw that liquidity and suddenly sell the tokens on the market. This usually results in the token price dropping to zero. There is no market left to sell, and this process is often called a rug pull.
DeFi scams are rampant, whether you intend to settle in the wild west of yield farming or simply use decentralized protocols to trade and trade. We hope that the general information we provide in our guide will help you identify malicious people and projects.