Insights

The Year of the Rug Pall

The $Year of the Rug Pull (Real Clear Markets)

Writing for Real Clear Markets, partner James Burnham and Coinbase Associate General Counsel Sumeet Chugani discuss a new type of fintech scam.

Fraudsters have been at it since Ancient Greece. In 300 B.C., a Greek merchant named Hegestratos committed the first documented insurance fraud. He took out a large insurance policy on a grain-filled boat that would supposedly transport grain from Syracuse to Athens. But Hegestratos actually planned to set sail with no grain, sink his boat, and recover a hefty payout for both the (sunk) boat and the (nonexistent) grain. Unfortunately for Hegestratos, the boat's crew uncovered the scam and confronted him. Hegestratos ended up jumping overboard and drowned to his death.

Technology has changed dramatically since 300 B.C., but humanity has not. And as technology evolves, new opportunities for fraud arise. The invention of the telephone gave rise to telemarketer scams, while the adoption of email enabled phishing scams and instant notification of "foreign lottery winnings" across the globe. So it is with the explosion of innovation in cryptocurrency and decentralized finance, which has given rise to the increasingly common "Rug Pull." The techniques are new, but the fraud is timeless—a promoter lies about a product, gets investor buy-in on the product's potential, dupes people into investing, and then abandons the project and rides into the sunset with investor funds.

A majority of rug pulls begin with anonymous developers creating new cryptocurrency projects—tokens or non-fungible tokens ("NFTs")—and hyping that new creation to investors. For token offerings, fraudsters typically pair their new token with a leading cryptocurrency like Ethereum, and ask investors to swap that leading cryptocurrency for the token. The project's creators may even inject substantial amounts of the leading cryptocurrency into their project pool to bolster investor confidence and initially boost their newly created token's value. The fraudsters then promote the fraudulent offering through Discord, Reddit, and other social media. They may even create a website that sets forth certain indicia of a legitimate offering—such as a roadmap or white paper that purports to describe the token offering and where the project is headed.

To capitalize on investor enthusiasm and the modern phenomenon of meme investing, fraudsters will often link their projects to pop culture—a recent Squid Game rug pull being a prime example—and generate buzz that their token is the next Dogecoin. Investors then rush to get a piece before the price skyrockets. And in a market where fortunes are sometimes made in minutes, FOMO can eclipse rationality. That is a recipe for fraud.

There are several types of rug pulls. One version is basically theft—promoters induce investors to put leading cryptocurrencies into liquidity pools, and then yank all the liquidity at once, generally using backdoors coded into the exchange. Another is basically fraud—developers hype a new token with false promises about its functionality or other features, then drive up the token's price and dump all of their tokens, making off with the profits. A third version is another species of fraud—developers hype a token and induce people to buy believing they can resell the token later, only to discover that the developer has made it impossible to sell—rendering it, for example, a one-way transaction. These scams are also sometimes accompanied by additional sorts of theft—such as when a developer connects to a recipient's wallet, obtains unlimited access, and drains all the funds along with any valuable NFTs.

One rug pull rang in the new year. Purporting to model itself after the SOS airdrop for high-volume users of OpenSea, $Year tokens were airdropped to individuals on New Year's Eve based on how many Ethereum transactions they had completed over 2021 as a year-in-review "reward." Using Etherscan to review the Ethereum smart contracts, each user verified the $Year smart contract—hoping to not only receive rewards, but to increase the value of the reward token they had just received.

On the surface, everything looked legitimate. $Year provided transparency into the code being executed at user interaction and there were no obvious red flags associated with the contract—no apparent, malicious code. But it turned out that a function titled "_burnMechanism" was actually a hidden weapon that allowed the creator to revoke ownership of the contract, make the new owner UniSwap V2, and prevent further sale of the token—allowing only token purchases. This limitation of transactions to purchases created an artificial price spike on decentralized exchange charts, causing even more people to buy. But then, immediately after the spike, the owner drained the pool of over 30 Ethereum and zeroed out the token.

*          *          *

Rug pulls are a new type of scam, but their fundamentals are not unique. For victims, current law thus provides potential options.

Depending on the specific facts and circumstances, victims could try to sue as a group using the class action rules that apply in federal court—typically the best forum for pursuing far-flung (and possibly overseas) fraudsters. The sorts of claims that victims might be able to bring are straightforward:

Common Law Fraud. Common law fraud is a claim that enables recovery when one is defrauded. It generally requires showing nine things, all of which are likely present in many rug pulls: (1) a representation of fact; (2) its falsity; (3) its materiality; (4) the representer's knowledge of its falsity or ignorance of its truth; (5) the representer's intent that it should be acted upon by the person in the manner reasonably contemplated; (6) the injured party's ignorance of its falsity; (7) the injured party's reliance on its truth; (8) the injured party's right to rely thereon; and (9) the injured party's consequent and proximate injury.

Conversion. Conversion is a civil claim for theft. It generally requires showing that someone took property without a right to do so or the owner's permission to do so.

Fraud in the Inducement. Fraud in the inducement is basically a civil claim for taking property through lies. It generally occurs when a person tricks another person into signing an agreement to that person's disadvantage by using fraudulent statements and representations.

Fraudulent and negligent misrepresentation. Fraudulent and negligent misrepresentation are claims that are basically about lying in connection with contracts—which could sometimes be present in a rug pull. Establishing a fraudulent misrepresentation generally requires proving that someone has knowingly said something false to induce a contract. Establishing a negligent misrepresentation generally requires proving (1) that someone said something false and (2) that the person making the representation had a relationship with the other person that required special care to ensure the representation was accurate.

Fraudulent concealment. Fraudulent concealment is another claim that exists in cases with a contract, where a party can show that the other party to the contract (1) concealed a material fact about the bargain, (2) while knowing about the material fact, and (3) that this fact is not something the victim could have readily discovered.

Unjust Enrichment. Unjust enrichment is a claim by someone who has conferred a benefit on someone else without receiving the restitution required by law. This claim usually arises when the claimant fulfills his or her obligations under a contract and the counter-party refuses to fulfill theirs. Depending on the facts and circumstances of a rug pull, this claim might be available, too.
 

*          *          *

Anywhere there is value, there is fraud and theft. Blockchain technology provides unique safeguards for digital assets—users can track the flow of value across the blockchain, they can scrutinize the code underlying their investments, and they have some ability to protect themselves. But sometimes bad things happen. The good news is that there are civil tools to deal with it. Victims need only deploy them.

 

Sumeet Chugani is an Associate General Counsel at Coinbase and James Burnham is a partner at Jones Day in Washington, D.C. The views expressed herein are the personal views of the authors alone.

Reproduced with permission. Published February 18, 2022. Copyright 2022 by Real Clear Markets.

Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our “Contact Us” form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.