The 2021 study employed a machine learning system to examine transaction data and identify Uniswap tokens that turned out to be fake, and the researchers wanted to build on that work. However, that system was only able to spot questionable tokens after the frauds had already occurred.
According to the current study, researchers added transaction data from 20,000 more tokens, personally examined the data, and created machine learning techniques that, with 99% accuracy, can identify possible rug pulls before they occur.
Thus, just 631 of the almost 27,000 tokens examined were determined to be “non-malicious.”
A rug pull occurs when a developer introduces a token, gives the impression that there is a roadmap for further development, sells the token based on these false assurances, and then vanishes with the money. Rug pulls made up a sizable amount of the $2 billion total taken in 2020, according to a 2021 CipherTrace report, before bridge chain attacks became a $2 billion concern.
Remember that in academics, the phrase “new” is a relative one. The Multidisciplinary Digital Publishing Institute released the document in March 2022. However, that may not be clear from the preprint draught that went viral on Twitter on Monday after being published by Nick Almond, who is in charge of the FactoryDAO protocol.
The team’s discovery was discussed on Twitter, according to researcher Bruno Mazarra, who also provided a link to the article in an email to Decrypt.
The shared draught has a January 2022 expiration date. Additionally, it was published in March on the Cryptography ePrint Archive. The dataset was enhanced to include tokens that were on Uniswap V2 through September 3, 2021, but otherwise the two versions are identical. MDPI’s version is a few pages larger.
Mark Zeller, vice president of the DeFi committee at L’Adan, a French digital asset sector body, noted that regulators there faced criticism for cutting the minimum capital needed to form a limited liability company to €1 in the replies to Almond’s tweet.
He compared it to how simple and quick it is to develop and list new tokens on cryptocurrency exchanges like Uniswap. The reform to French LLC registration was opposed by those who feared that it would be too simple for “idiots and con-artists” to register what appeared to be real business units.
That was accurate. The fact that some of these one euro enterprises are now unicorns was also true, remarked Zeller on Twitter. He support freedom and take personal responsibility for dangers.
Others criticised the research team’s methods, including investor and board member of the Israeli Blockchain Industry group Maya Zehavi.
She complained on Twitter that the researchers’ methodology was seriously faulty because they didn’t take token liquidity or volume into account when deciding which of the roughly 27,000 tokens had seen a rug pull.
Zehavi added, That’s like claiming 97% of Twitter accounts are fraudulent, but none of them were active in the last year.
The researchers gathered transaction information for all the tokens listed on Uniswap V2 between April 5, 2020 and September 3, 2021 using an Infura archive node and the Etherscan API. The research article elaborates on the techniques employed (including the Herfindahl-Hirschman Index, a tool used by federal agencies to evaluate markets), and it asserts that other scam detectors, such as Token Sniffer and Rug Pull Detector, yield false results.
For instance, liquidity lockers like UniCrypt are frequently used in decentralised financial tokens as a guarantee that developers won’t be able to withdraw investor cash from a smart contract once they have been invested. The researchers note that “90% of tokens employing locking contracts likely to become a rug pull or a malicious token ultimately, so it’s hardly a guarantee against being conned.
Scott Lewis, a co-founder of DeFi Pulse, voiced some criticism, claiming that the researchers—or at least Almond in his 12-word explanation of their 21-page draft—had overused the term “rug pull.”
Many of the tokens on Uniswap, according to him, are low effort/low revenue phishing style frauds, where the token attempts to seem like an established token, and the same con artist may easily produce thousands of them.
He claimed on Twitter that “Rug” wasn’t 97.7% of the tokens on Uniswap and was instead an exit fraud.