According to a recent study by blockchain risk monitoring firm Solidus Labs, more than 12% of all tokens issued on BNB Chain are linked to fraudulent activities. The research highlights a troubling trend: major blockchain networks face persistent threats from malicious smart contracts, with an estimated 15 or more new scam contracts deployed every hour.
The Prevalence of Smart Contract Scams
Solidus Labs recently introduced a real-time threat detection tool named Solidus Threat Intelligence. This platform supports anti-money laundering (AML) teams and other entities in identifying deceptive smart contracts, which represent one of the most significant challenges in the decentralized finance (DeFi) and Web3 ecosystems.
The tool currently monitors 12 major blockchains, including Ethereum, BNB Chain, and Polygon. As of October, it had identified close to 190,000 smart contract scams. Among these, BNB Chain reported the highest proportion of fraudulent tokens—over 12% of all BEP-20 tokens displayed characteristics of scam activity. Ethereum followed closely, with 8% of ERC-20 tokens showing signs of fraud.
These scams often involve smart contracts that are hardcoded to defraud investors. Common types include rug pulls, phishing schemes, and token impersonation. One alarming finding is that scam-related Ethereum tokens, worth approximately $910 million, had already passed through regulated centralized exchanges.
How Rug Pulls Operate
Rug pulls represent a particularly damaging type of crypto scam. In these schemes, developers attract investors by promoting a token before abruptly withdrawing all liquidity, leaving investors with worthless assets.
These scams are often built into the token’s smart contract. Malicious code can prevent secondary sales, impose a 100% selling fee, or allow developers to mint unlimited new tokens. These tactics enable fraudsters to steal millions from unsuspecting investors without raising immediate red flags.
After deploying a token, scammers typically create a liquidity pool on a decentralized exchange (DEX). Since DEXs often don’t require identity verification, they provide an ideal environment for fraudulent activity. The scammer then promotes the token through social media hype, fake websites, and inflated trading volumes. Once enough investors buy in, the scammer sells their holdings and empties the liquidity pool.
👉 Explore real-time threat detection tools
New Tools for Threat Detection
To combat this growing issue, companies like Solidus Labs are developing advanced monitoring systems. Their Web3 AML tool combines on-chain and off-chain data with machine learning algorithms to detect rug pulls in real time.
Unlike traditional methods that rely on retrospective analysis, this system proactively monitors DeFi and Web3 activity across 10 blockchains. It forms part of Solidus’s broader HALO suite, which includes trade surveillance and onboarding verification. The HALO platform currently monitors over 150 trillion events daily across more than 1 million markets.
BNB Chain has also introduced its own protective measures. In July, it launched DappBay, a platform that helps users evaluate new Web3 projects. A key feature, Red Alarm, scans smart contracts for logical flaws or fraudulent code, providing real-time risk alerts.
The Bigger Picture: Security in DeFi
The issue of smart contract scams is part of a broader challenge in blockchain security. Recent months have seen several high-profile exploits, including a $570 million hack on the BNB Chain cross-chain bridge in October.
According to analytics firm Chainalysis, 2022 witnessed an unprecedented level of theft in DeFi, with 11 protocols losing over $718 million in October alone. Another report from Certik noted that BNB Chain was the most targeted blockchain in the third quarter of 2022.
While the scale of these threats is significant, the industry is responding with improved security protocols, better monitoring tools, and increased user education. As blockchain technology continues to evolve, so too do the strategies to protect its users.
Frequently Asked Questions
What is a rug pull scam?
A rug pull occurs when developers abandon a project and withdraw all invested funds, leaving investors with worthless tokens. These scams are often facilitated through malicious smart contract code that allows creators to exploit investors.
How can I identify a potential scam token?
Look for warning signs such as anonymous development teams, unrealistic returns promises, lack of auditing, and low liquidity. Tools like Solidus Web3 AML or BNB Chain’s Red Alarm can help assess smart contract risks.
Are all decentralized exchanges unsafe?
Not all DEXs are unsafe, but they often have fewer regulatory safeguards than centralized platforms. It’s essential to research each platform and project thoroughly before investing.
What should I do if I encounter a scam?
Immediately cease all interactions with the suspicious contract, report it to the platform hosting it, and alert relevant regulatory bodies. Unfortunately, recovering lost funds is often difficult.
Can regulated exchanges prevent scam tokens from circulating?
While regulated exchanges implement strict listing standards, some scam tokens still slip through. Advanced monitoring and real-time analysis are improving detection rates.
How is the industry improving security?
New tools are emerging for smart contract auditing, real-time transaction monitoring, and user education. Blockchain networks are also incorporating stronger security protocols and rapid response mechanisms.