Introduction
In the Web3 world, new tokens emerge constantly. But have you ever wondered: How many new tokens are launched daily? Are these tokens safe?
These concerns are far from baseless. Over recent months, CertiK's security team has identified numerous Rug Pull cases. Notably, every scam token involved was freshly deployed on-chain.
After thorough investigation, CertiK uncovered organized fraud rings and documented their modus operandi. A key finding: Telegram groups serve as a primary promotion channel. Scammers exploit "New Token Tracer" features in Banana Gun and Unibot groups to lure users into buying fraudulent tokens before executing Rug Pulls.
Between November 2023 and August 2024, these Telegram groups promoted 93,930 new tokens. Shockingly, 46,526 (49.53%) were Rug Pulls. These scams generated 282,699.96 ETH (~$800M) in profits—a 188.7% ROI on their 149,813.72 ETH investment.
ERC-20 Tokens: The Building Blocks
Before diving deeper, let's clarify key concepts:
ERC-20 tokens are blockchain's most common token standard, enabling interoperability across smart contracts and dApps. The standard defines core functions like transfers, balance checks, and third-party approvals. While this facilitates legitimate projects (e.g., USDT, PEPE), scammers abuse it to deploy malicious tokens with backdoored code.
Anatomy of a Rug Pull Scam
Case Study: The TOMMI Token Fraud
- Funding: Attacker funded a Deployer address (0x4bAF) with 2.47 ETH from a CEX.
- Token Deployment: Created TOMMI token with 100M pre-minted tokens.
- Liquidity Pool: Pooled 1.5 ETH + 100M TOMMI, then burned LP tokens to feign legitimacy.
- Wash Trading: Used sock puppet accounts to fake trading volume.
- Exit Scam: Rug Puller address (0x43A9) drained 3.95 ETH via a malicious
approvebackdoor.
👉 Learn how to spot malicious token contracts
Hallmarks of Rug Pulls
- CEX-sourced startup funds
- LP creation + immediate LP token burns
- Aggressive ETH extraction via liquidity removal
- Funds funneled to consolidation addresses
The Organized Crime Behind Rug Pulls
Money Flow Analysis
- 7 consolidation addresses accumulated profits from 1,124 Rug Pull cases.
- Top address 0x1607 amassed 27.7% of total profits (~2,668 ETH).
- Shared infrastructure addresses (e.g., 0x1d39) suggest possible inter-gang coordination.
Funding Sources
- 95.11% of Deployer funds came from CEX hot wallets.
- Multiple exchange wallets were used to obscure trails.
Victim Patterns
- Average 26.82 victim addresses per scam.
- 30.4% purchased via sniper bots like Maestro/Banana Gun.
Rug Pull Promotion Channels
Telegram Groups: The Primary Vector
- Sampled groups promoted 93,930 tokens (89.99% of Ethereum’s new tokens).
- 49.53% were Rug Pulls, with 55.07% active <3 hours.
Twitter Ads
Secondary promotions via accounts like @Dexed_com amplified reach.
Ethereum’s Token Ecosystem: By the Numbers
| Metric | Value |
|---|---|
| New tokens (11/2023–8/2024) | 100,260 |
| Rug Pull tokens detected | 48,265 (48.14%) |
| Avg. daily new tokens | 370 |
Key Insight: Nearly half of Ethereum’s new tokens are scams.
Protective Measures
- Buy new tokens only via reputable CEXs.
- Verify contract addresses when using DEXs.
- Check project legitimacy (website, community).
- Avoid tokens <3 days old.
- Use security tools like CertiK’s TokenScan.
👉 Explore TokenScan for risk detection
FAQ
Q: How do Rug Pullers profit?
A: Typical ROI is 188.7%, with consolidation addresses recycling funds into new scams.
Q: Are other chains affected?
A: Yes—Rug Pull cases exceed Ethereum’s volume on some networks.
Q: Can exchanges stop this?
A: Tighter KYC/AML on withdrawal addresses could disrupt money flows.
Q: What’s the #1 red flag?
A: Tokens promoted in Telegram groups with hyperactive wash trading.
Call to Action
We urge exchanges, developers, and users to collaborate against this epidemic. Vigilance and tools like TokenScan are critical to safeguarding Web3’s future.
Data as of August 2024. ETH/USD rate: $2,513.56.