Inevitably, this surge in interest and fear of missing out (FOMO) has also attracted malicious actors seeking to take advantage of the enthusiasm surrounding the DeFi space to manipulate and execute scams against honest participants.
Uniswap’s decentralized exchange has become one of the most popular platforms as part of this movement, delivering swaps between Ethereum (ETH) and different ERC-20 tokens, as well as liquidity pools, to earn returns by depositing tokens — all without having to trust a centralized intermediary with funds. However, as one of the most popular venues in the DeFi ecosystem, Uniswap has become a prime target for scammers.
While decentralized exchanges like Uniswap, PlasmaSwap and SushiSwap provide greater freedom in terms of self-custody, no KYC, low trading fees and access to new tokens, they also require greater responsibility, making it vital for users to understand the types of scams out there and how to identify warning signs before using particular tokens or pools on the platform.
The rise in DeFi has created a corresponding uptick in attempted scams, with some of the most common types identified below.
The decentralized nature of platforms like Uniswap has many benefits, including open and free token listings, providing a much more seamless and cost-effective means to launch new projects compared to their centralized counterparts. As this process is open to everyone, unfortunately, scammers will often find a new legitimate token about to be listed and create a very similar listing before the official one.
Leveraging pre-existing branding and communities anticipating the real launch, scammers can fool participants into buying the fake tokens, steal the proceeds and leave these victims holding worthless tokens with no recourse.
Project Exit Scams
Promoters of seemingly legitimate tokens can lure investors by insinuating their project will be successful or delivering deceptively impressive metrics and returns, only to exit with investors' funds after launch or sometimes after longer periods once confidence and credibility have been built.
Otherwise known as “rug pulls,” liquidity pulls are common on decentralized exchanges like Uniswap where the Ethereum (ETH) taken from newly listed, often exuberantly advertised, token purchases is suddenly pulled, removing the ability for victims to sell the new tokens and recoup their investment.
As users have become more diligent in the tokens and pools they interact with, scammers have come up with increasingly devious ways to manipulate participants into giving up their funds. One of the latest trends utilizes advanced swap features on DEXs like Uniswap or PlasmaSwap to make it appear like known community influencers are investing in a certain token.
This feature, which lets you specify a recipient, is useful for genuine purposes (say, if you would prefer to receive the token in an address other than the one transacting) but it also allows scammers to choose a different recipient for a swap.
If influencer addresses can be identified, scammers can generate a swap from their wallet to the influencer’s address, providing the impression they are investing in the token, which is amplified by automated blockchain notifications on social media. Alongside other techniques to create deceptively appealing price charts, this drives community interest, pushing up valuations further before the scammers steal their funds.
How to Identify and Avoid Scams
It’s always important to carry out the necessary due diligence and analysis for warning signs before depositing your funds anywhere.
Research the Project
While not all anonymous or pseudonymous development teams should be seen as suspicious — Bitcoin being the obvious case in point — unless such teams can be backed up by more trusted sources, they should be treated with caution, as scammers are almost always anonymous or pseudonymous and there is no means to distinguish between good and bad actors.
If the team is transparent, you should carry out relevant checks on their backgrounds to ensure their skill set, connections and experience are valid and legitimate. You should also check the team does not hold the highest value of tokens in circulation. If they are not transparent about this or only vague information is given, that’s another red flag.
Check for Smart Contract and Code Audits
Genuine projects should have their smart contracts and code audited by professionals to ensure there are no bugs that could cause users harm. Audits are expensive to carry out, so a lack of auditing does not mean the projects aren’t genuine, just that, again, they should be treated with caution as you can't distinguish between genuine projects that can’t afford the auditing and scammers who won’t pay for it.
Verify Using Trusted Sources
Rather than searching for tokens or pairs on Uniswap, you can verify you are selecting genuine ones by going via a trusted source, such as the CoinMarketCap or CoinGecko crypto tracking websites. On CoinMarketCap, for example, you can search for the token, select it, then navigate to the trading pairs towards the bottom of the page. If you then click on the relevant pair next to Uniswap, it will take you to the genuine Uniswap page and help you to avoid fake tokens. It also has an option at the top for MetaMask.
As Uniswap’s protocol is permissionless and both good and bad actors can list tokens through it, you will often see a warning for users to take the initiative in avoiding scammers. A similar warning is issued on PlasmaFinance’s swap page. These are useful reminders in any case, but as this warning is not shown for more established pairs of a known source, it can also serve as another red flag. Again, not that it isn’t genuine necessarily, just that good and bad actors can’t always be distinguished and so care should be taken.
Alternatively, you can verify it is genuine on explorers like Etherscan and Ethplorer. As explorers will show all addresses, good and bad, it is important to go through a trusted source again. On CoinMarketCap, you simply need to search for the token name, then select an Explorer from the pull down menu near the top, and click on it:
You can then also check this against the contract address shown in Uniswap.
Analyze the Contract Address
Explorers like Etherscan can also be used to check the vital analytics needed to make a more informed decision.
Take a look at the total liquidity, volume (24 hour), transactions (24 hour), when the last transaction was and when the liquidity was added or removed. If any of these are low or minimal, that can be another red flag.
You should also analyze the contract address on a DEX with such capabilities like Uniswap or PlasmaSwap. Again, take a look at the total liquidity, volume and recent transactions to see if anything looks off.
In our Tendies example, we see the pool has low liquidity and transactions but a 24 hour volume comparable to some of the top pairs on the Uniswap platform. As TEND is not a major token (currently in position 1480 by market cap on CMC), this could suggest volume is being inflated through wash trading to promote the pool in volume rankings and attract speculators to a relatively illiquid market. This shouldn’t be surprising, since it did start out as a memecoin (self-styled as the “Dogecoin of the DeFi age”) that appears to have a strong 4chan following.
Regardless of how you feel about DeFi’s strong affinity to memes and speculative flurry surrounding some tokens, you should always be wary of strong evidence of inflated volumes. This activity could be further evidenced by relatively few large scale transactions involving the same account, with the rest being much smaller value transactions:
Investigate Social Media Accounts and Search Results
Genuine projects with clear roadmaps are likely to be active across social media, demonstrating sufficient presence, interaction with the community and good reviews. Token platforms lacking in this area would present yet another red flag.
It’s therefore well worth investigating, since you’ll likely come across warning signs if there are any. Try to focus on the opinions of the grassroots community rather than influencers who may be paid to promote certain tokens, however. Taking our Tendies example again, unfortunately there are concerns on social media about its activity.
In the end, platforms like Uniswap and present tremendous opportunities to explore and gain additional income in the world of decentralized finance. As with any investment, however, you must carry out sufficient research beforehand to avoid being caught out by scams. With a little practice and time served in the crypto trenches, you’ll develop a sixth sense for sniffing out dubious projects, allowing you to zero in on those that have genuine value and significant upside.