Web3 Token Ecosystem Status Survey: Nearly Half of New Tokens May Involve Rug Pull Scams

In the Web3 world, new tokens are emerging one after another. So how many new tokens are issued every day? Are these new tokens safe and reliable?

Recently, the CertiK security team has captured a large number of Rug Pull transaction cases, all of which involve newly launched tokens. After an in-depth investigation, CertiK discovered that these cases are backed by organized scam groups and summarized their patterned characteristics.

Analysis reveals that Rug Pull groups may promote scam tokens through the "New Token Tracer" feature in Telegram groups. CertiK has tracked 93,930 new tokens pushed by these groups from November 2023 to August 2024, of which 46,526 or 49.53% involved Rug Pulls. The total investment cost of the groups behind these Rug Pull tokens was 149,813.72 ETH, with profits of 282,699.96 ETH, equivalent to approximately 800 million USD.

To assess the proportion of Telegram group promoted tokens on the Ethereum mainnet, CertiK compiled data on new tokens issued on the Ethereum mainnet during the same period. The results showed that a total of 100,260 new tokens were issued, with tokens promoted by Telegram groups accounting for 89.99%. On average, about 370 new tokens are created daily, far exceeding reasonable expectations. Further investigation revealed that at least 48,265 tokens ( 48.14% ) are involved in Rug Pull scams.

In addition, CertiK has discovered more Rug Pull cases in other blockchain networks, indicating that the security status of the newly issued token ecosystem in the entire Web3 is more severe than expected.

Overview of ERC-20 Tokens

ERC-20 is one of the most common token standards on the blockchain today, defining the basic functions of tokens, such as transferring, querying balances, and authorizing third-party management. This standard simplifies the creation and use of tokens, allowing anyone to issue their own token and raise funds for various financial projects.

USDT, PEPE, DOGE and other well-known tokens are all ERC-20 tokens. However, some scam groups may also issue malicious ERC-20 tokens with backdoors, listing them on decentralized exchanges to lure users into purchasing.

Analysis of Rug Pull Token Scam Cases

Here is a typical case of a Rug Pull Token scam:

The attacker deployed the TOMMI Token using the Deployer address, created a liquidity pool, and faked trading volume to attract users and new bots. When enough users fell for the trap, the attacker executed a Rug Pull using the Rug Puller address, cashing out approximately 3.95 ETH from the liquidity pool. The entire process exploited a malicious authorization backdoor preset in the token contract.

This case showcases the typical methods used by Rug Pull gangs:

1. Prepare attack funds
2. Deploy Rug Pull Tokens with Backdoors
3. Create Initial Liquidity Pool
4. Destroy pre-mined Tokens to disguise security
5. Falsified trading volume attracts users
6. Execute Rug Pull cashing out
7. Transfer funds to the transit address
8. Finally, consolidate the funds to the retention address.

By analyzing a large number of cases, we found that Rug Pull behavior has obvious patterned characteristics, suggesting that it may involve the same scam gang.

Analysis of Rug Pull Criminal Groups

CertiK has locked 7 highly active fund retention addresses, which are associated with 1,124 Rug Pull cases. Statistics show that the total investment cost of these cases is 149,813.72 ETH, with profits of 282,699.96 ETH, resulting in a profit margin of 188.7%.

Further analysis reveals that there are fund transactions between these retained addresses, and they share certain underlying infrastructure contracts. This indicates that seemingly independent cases may belong to the same large fraud group.

Token Promotion Channel Analysis

Research shows that Rug Pull gangs mainly promote scam tokens through Twitter and Telegram groups. These groups are maintained by third-party organizations and specifically target newcomers to push newly launched tokens, becoming a natural advertising channel for Rug Pull gangs.

Ethereum Token Ecosystem Analysis

CertiK analyzed 93,930 tokens pushed in Telegram groups from October 2023 to August 2024 and found that 46,526 of them, ( 49.53% ), were Rug Pull tokens. Among them, 89.84% of the tokens were active for less than 72 hours, and 55.07% were active for even less than 3 hours, indicating that the Rug Pull gangs operate at an extremely fast pace.

During the same period, the Ethereum mainnet issued a total of 100,260 new Tokens, with 89.99% of the Tokens being pushed through Telegram groups. Upon detection, 48,265 of the (48.14%) Tokens were found to be involved in Rug Pulls, which is highly consistent with the data from Telegram groups.

This indicates that on the current Ethereum mainnet, on average, one out of every two new tokens is used for scams. The situation may be even more severe on other blockchain networks.

Security Recommendations

1. Try to purchase new Tokens through well-known centralized exchanges.
2. Verify the official contract address when purchasing on a decentralized exchange.
3. Verify whether the project has an official website and an active community before purchasing.
4. Avoid buying tokens that have been created for less than 3 days.
5. Use third-party security agencies.