Most Rugpulled Projects Are Not Audited
Blockchain security firm Hacken conducted research and found that the majority of crypto projects that experienced rug pulls in the third quarter of 2023 did not have audit reports.
According to the Q3 2023 Security Insights report, out of the 78 rug pulls examined, only 12 of them had conducted and reported audits.
The Importance of Audits
An independent third-party audit provides a detailed review of a token, identifies vulnerabilities in the project, and alerts investors. Hacken noted that rug pulls are one of the simplest scams to prevent, as investors can understand their characteristics by paying attention to certain patterns. One such pattern is the presence or absence of an audit.
It is important to note that while an audit can validate a project’s authenticity, it does not guarantee protection from a sudden withdrawal of liquidity. A project can undergo an audit, publish a report, and still make malicious changes to its tokenomics and smart contract, deceiving users.
In the last quarter, some of the rug-pulled projects had undergone audits but received poor scores. Unfortunately, users disregarded the audit results and believed that the fact that the projects were audited was sufficient. For example, Magnate Finance, a lending protocol based on Coinbase’s Base network, had an audit report indicating that the project’s deployer could manipulate the token. However, users did not take this into consideration.
“Token owners continued to participate in the protocol for almost three months after the audit results. And by the end of August, the deployer had removed liquidity from LPs in multiple transactions. As a result, we witnessed the second-largest rug pull this quarter, with over $5 million stolen,” Hacken stated.
A Common Pattern
Users of the decentralized crypto staking platform DeFiLabs had a similar experience to those of Magnate Finance. In an audit conducted by blockchain security firm CertiK, it was revealed that the project had a centralization risk within its contracts. However, these warnings did not raise concerns among users. Eventually, the platform rug pulled and disappeared with $1.4 million worth of users’ assets.
Hacken discovered a common pattern among rug pulls. Developers of malicious projects usually follow these five steps: creating the tokens, aggressively marketing them, inflating the tokens’ supply when liquidity accumulates, vanishing with drained funds, and leaving investors with worthless assets.
### News source: cryptopotato.com