加密貨幣顛覆咗金融世界,承諾去中心化、公平機會,以及無國界交易。而呢種開放性同時衍生咗依靠技術本身特性行騙嘅騙局,當中最猖獗之一正正就係“rug pull”。
喺加密圈內,「rug pull」 已經成為最具破壞力嘅詐騙方式之一,短時間內令投資者損失以十億美元計。
雖然加密技術不斷推陳出新,造就由程式化資金到可信自動化金融服務等創新,但喺這場科技新浪潮之下,同時誕生出一個陰影經濟體系——匿名性、監管有限同FOMO心理造就咗騙局滋生溫床。
單計2024年,Comparitech區塊鏈取證團隊記錄咗92宗成功rug pull案件,涉款達1.26億美金,DeFi協議同meme幣成為勒索重災區。
隨住區塊鏈技術領先監管,投資者自己要培養先進防禦意識。本指南深入剖析rug pull運作、警號及進化手法,助新手與老手都可以提升警覺,喺風險與回報並存嘅市場中自保。
什麼是Rug Pull?加密騙局解剖
Rug pull即是一種特定的跑路騙局,開發團隊創建看似正規的加密貨幣或NFT項目,經過大量宣傳吸引投資者,等集資到一定程度之後,突然抽走流動性或者兌現投資者資金後棄置項目。
英文「pulling the rug out from under someone」形象地描述咗,當基礎突然消失,受害人就剩低一堆幾乎一文不值的數字資產。
不同於系統漏洞或協議攻擊,rug pull係由團隊預謀設計,明面上負責項目,但實際上騙局早有預謀。呢種信任背叛對社群打擊極大,受害人可能本來還推動項目成長。
執行過程一般分四步:
項目發佈及建立基礎
開發者會創建一隻新幣,通常選擇大型鏈例如Ethereum、BNB Chain(前稱BSC),又或者交易費較低嘅Solana、Avalanche等,並同穩定幣(USDC、USDT)或主鏈幣(ETH、BNB)配對,加入Uniswap、PancakeSwap等DEX流動性池,創建初步市場與交易活動。
團隊往往會建立專業網站、發布白皮書,並經營社媒,重點宣傳「革命性」技術、聯名(多數造假),以及天馬行空發展藍圖,務求博取投資者幻想。
製造熱潮與建立社區
確立基礎後,騙徒展開多渠道市場攻勢:Discord、Telegram搞社區互動,Twitter/X放消息製造FOMO,並投放付費新聞稿及同KOL「合作」推高關注度。2023年Fintoch騙局 就以每日回報1%誘人假象,同冒稱高盛背書,成功集資3160萬美金後捲款潛逃。
現代rug pull更善用AI製假團隊照片、捏造學歷,營造專業假象。2024年MetaFi Protocol騙局 場內由全AI生成「團隊」,聲稱來自Google、JP Morgan,最終集資420萬美元後人間蒸發。
集資與價格操控
隨著資金不斷湧入,幣價自然或人為推高。開發者可透過內部錢包對倒(wash trading)製造假成交量、假升幅。流動性池少、控制度高時,市場價格極易被放大,小量買入都能推升價格,引發更多投資者追高。
呢階段開發者多數設置限賣條款,例如時間鎖、超高賣出手續費等,令資金只能流入不能流出,這些措施通常包裝成「反大戶」或創新增值模式。
策略離場及其後果
最後,騙局會有計劃地提走所有項目資產。有些高技術團隊透過智能合約隱藏功能繞過鎖定、鑄造無限新幣或直接抽乾流動池;有些則選在高價期分批清貨,導致幣價暴跌。
通常社交帳號被刪、網站消失、社區關閉就代表「收檔」。更囂張如2021年Defi100跑路,開發團隊臨走前仲留言「We scammed you guys」,帶走3,200萬美金。
技術與心理的雙重詐騙
市場警覺度提升後,rug pull招數亦隨之進化,主要有以下幾種:
硬性Rug Pull:技術型作案
硬性rug pull靠預先在智能合約藏後門或操控碼,令團隊得以繞過系統保安、直接掏空項目。常見手法包括:
- 無上限鑄幣:隱藏可以隨意發幣的後門,無限攤薄投資者價值
- 流動性後門:設計繞過DEX流動池鎖定時限,隨時解鎖提取資產
- 交易控制:可單方面凍結或限制其他人交易,但團隊可自由賣出
- 閃電貸攻擊:用閃電貸操控價格預言機後,再抽走資產
2024年Magnate Finance案中,開發者複雜操作預言機暫時造高抵押價值,割走640萬美元。同樣,Kokomo Finance亦設定可以隨時解鎖流動性的後門,結果5.5百萬美元資金消失。
這類技術詐騙為掩人耳目,常常用代碼混淆、偽裝通過審計。例如2023年底GRS Protocol詐騙,初期用「正常」程式通過三次審計,之後以代理合約靜悄悄換掉主功能。
軟性Rug Pull:心理操控為主
軟性rug pull唔靠技術漏洞,反而玩市場心理同幕後配售分配。項目技術面係運作中,但價值被稀釋/消耗:
- 集體拋售:開發者及早期大戶持有過多代幣,到價高時一齊賣出
- 發展棄置:項目協議還能用,但已經無再開發、推新功能
- 虛假營銷:只搞宣傳唔重產品,吸完金之後逐步消失
2022年Squid Game幣即屬此類,團隊利用Netflix劇熱潮,集資340萬美金,集團同步沽貨,數小時內幣價蒸發99%。技術上合約正常,但價值歸零。
慢性Rug Pull:長線局
新興手法更側重低調行動,用長時間潛移默化套現,例如:
- 交易稅過高:每次交易收5-15%手續費,流向開發者錢包
- 虛高質押利息:以新入金支撐不實APY,無真正收益來源
- 不斷集資:輪流搞IDO、NFT發售、推新幣,持續吸金
[2023年Stable Magnet項目],團隊設10%轉賬稅名義上做營銷,實際上過水到私人帳戶,數月套現2,700萬,投資者到遲發現。
七大關鍵警號:預防Rug Pull
面對騙局層出不窮,投資者必須強化盡職審查。當以下警號同時出現,該項目極大可能有詐:
1. 團隊身份匿名或無法驗證
合法項目通常 feature transparent leadership with verifiable professional backgrounds. When teams hide behind pseudonyms, cartoon avatars, or provide credentials that cannot be independently verified, caution is warranted. The $760 million OneCoin scam, orchestrated by the now-infamous "Dr. Ruja," collapsed after investigators discovered fabricated credentials and false corporate registrations.
擁有可核實專業背景的透明領導層是十分重要的。如果團隊成員只用化名、卡通頭像,或者提供無法獨立驗證的資歷,大家就要提高警惕。臭名遠播的「Dr. Ruja」操控的 $7.6億美元OneCoin騙局 就是在調查人員發現假資歷及虛假公司註冊後崩潰。
Practical verification tips:
實用驗證建議:
- Cross-reference team LinkedIn profiles with employment records
核對團隊成員的LinkedIn資料同工作紀錄 - Check GitHub contribution history to verify developer experience
查核GitHub貢獻紀錄確認開發者經驗 - Use tools like Etherscan's "Contract Creator" tab to identify wallet addresses associated with previous projects
利用Etherscan「Contract Creator」等工具,搵出過往項目相關錢包地址 - Verify conference appearances or speaking engagements claimed by team members
驗證成員自稱出席過既會議或演講
2. Unaudited or Compromised Smart Contracts
未經審計或有安全漏洞的智能合約
Reputable projects undergo rigorous code audits by established security firms like CertiK, OpenZeppelin, or Hacken. Beyond simply claiming "audited" status, investors should verify:
有信譽的項目會俾專業安全公司(如CertiK、OpenZeppelin、Hacken)嚴格審計代碼。大家唔好只聽「已審計」口號,應該進一步查證:
- The recency of the audit (code can change afterward)
審計日期係咪最近(因為合約之後可以改動) - The comprehensiveness of the audit scope
審計範圍夠唔夠全面 - Whether critical issues were remediated
嚴重漏洞有無修復 - If liquidity pool tokens are genuinely locked via time-locked contracts
流動性池代幣係咪真係用合約鎖倉
The $5.8 million Merlin DEX collapse demonstrated this risk when developers bypassed a 12-month liquidity lock by deploying an entirely new contract with administrator privileges, nullifying the security measure.
$580萬美元Merlin DEX倒閉就係一個例子。開發者部署咗新合約(擁有管理員權限)繞過12個月鎖倉限制,令本來設計嘅安全措施失效。
Contract security verification:
智能合約安全驗證:
- Confirm audits directly on security firms' websites, not just project claims
直接係安全公司官網查證,而唔好只信項目自稱 - Check if contract code is publicly verified on block explorers
睇合約碼有無公開驗證 - Review contract interactions using tools like Tenderly or Etherscan
用Tenderly或Etherscan檢視合約交互紀錄 - Verify token ownership and privileged functions using tools like TokenSniffer
用TokenSniffer等工具驗證代幣擁有權以及特殊權限
3. Abnormal Token Distribution and Ownership Patterns
異常嘅代幣分佈與持有結構
Centralized token ownership represents one of the clearest rug pull indicators. When a small number of wallets control a disproportionate percentage of the supply, coordinated price manipulation becomes trivial. The 2021 AnubisDAO debacle, where 90% of tokens remained under insider control, allowed perpetrators to extract $60 million through synchronized selling.
代幣高度集中係地氈式詐騙最明顯徵兆之一。如果少數錢包掌控咗大部分代幣,聯手操控價格就易如反掌。2021年 AnubisDAO 事件,90%代幣被幕後人員掌控,協同拋售套現6,000萬美元。
Distribution analysis techniques:
分佈分析技巧:
- Use blockchain explorers like BscScan or Etherscan to identify top holders
用BscScan、Etherscan等工具查頂級持有人 - Be wary when more than 20% of supply is controlled by non-contract addresses
如果非合約地址控有超過兩成供應,要特別小心 - Check for suspicious token transfer patterns among top wallets
留意大戶地址間有冇可疑轉帳模式 - Verify token unlocking schedules and vesting periods
查驗解鎖及歸屬期安排
4. Aggressive, Unsustainable Marketing Tactics
過度激進、不具可持續性的推廣手法
Legitimate projects balance marketing with development. Rug pulls often demonstrate inverted priorities, with extensive promotion but limited technical progress. Beware of:
正規項目會兼顧推廣與技術開發。地氈式詐騙常見「重推廣輕產品」,要提防:
- Guaranteed return promises ("100x guaranteed")
承諾保證回報(如「100倍回報保證」) - Artificial urgency tactics ("last chance to buy before 1000x")
人為營造緊迫感(如「冇買會冇百倍機會」) - Excessive influencer promotion, especially by figures with histories of promoting failed projects
過度KOL推廣,特別係經常推失敗項目既人 - Marketing focused on price appreciation rather than utility or technology
推廣內容只聚焦價格升值,冇提技術或實用性
The 2023 SaveTheKids token exemplifies this danger, leveraging YouTube influencers to promote unrealistic gains before collapsing days after launch, resulting in substantial losses and subsequent legal action against the promoters.
2023年SaveTheKids代幣就係個血淋淋例子:開盤前大肆透過YouTuber吹奏暴利,日內就崩盤,導致 大量損失,涉事KOL更被追究法律責任。
5. Lack of Technical Substance or Verifiable Utility
缺乏技術底蘊或可驗證嘅實用性
Credible cryptocurrency projects address specific market needs with transparent technical approaches. Rug pulls typically feature abstract promises without concrete implementation details. The 2022 Frosties NFT project, which extracted $1.3 million while promising a metaverse game and merchandise that never materialized, demonstrates this pattern.
有信譽的加密貨幣項目會針對市場需求提出明確技術方案。地氈式騙局則往往空談宏大願景,冇實際內容。例如2022年Frosties NFT,聲稱要做元宇宙遊戲和周邊,但結果只是 席捲130萬美元後,乜都冇兌現。
Technical substance verification:
技術真實性驗證:
- Review GitHub repositories for development activity
查GitHub倉庫有冇開發活動 - Assess whitepaper technical details beyond marketing language
留意白皮書內嘅技術細節,而唔係只睇宣傳用語 - Verify technology claims with independent experts
請獨立專家驗證技術說法 - Look for working prototypes or testnet implementations
搵下有冇實際原型或測試網版本
6. Suspicious Liquidity and Trading Patterns
可疑流動性同交易模式
Manipulated liquidity and artificial trading activity often precede rug pulls. Professional investors analyze:
人為操縱流動性或者交易數據,通常係詐騙先兆。專業投資者會檢視:
- Unnaturally perfect price charts (suggesting wash trading)
過份平滑、完美嘅K線圖(疑似對敲造假) - Sudden large liquidity additions with no organic growth
突然大額流動性注入但冇自然增長 - Restricted selling mechanisms in token contracts
合約設有限制賣出機制 - Unusual slippage requirements for transactions
交易時要極高滑點
The 2024 "SafeMars" token exemplified these warning signs with perfectly smooth price appreciation over three weeks, followed by a complete liquidity removal when the market cap reached $12 million.
2024年「SafeMars」代幣幾星期內價升得太過順滑,等市值去到1,200萬美元就一夜抽乾流動性,完美展示晒呢啲危險訊號。
7. Unrealistic Promises and Economic Models
唔現實嘅承諾同經濟模型
Sustainable blockchain projects operate within mathematical and economic constraints. Be skeptical of:
可持續區塊鏈項目會跟數學同經濟規律運作。以下情況要特別懷疑:
- Extraordinarily high APY rewards (1,000%+ yields)
超高年收益率(例如超過1,000%) - Perfect price stability promises without clear mechanisms
無清晰機制下承諾價格永遠唔跌 - "Risk-free" investment claims
自稱「零風險」投資 - Multilevel referral structures resembling pyramid schemes
多層介紹獎勵,似金字塔傳銷
The 2023 "Eternal Yield" protocol, which promised 2% daily returns "forever" through a supposedly revolutionary arbitrage algorithm, collapsed after two months when its unsustainable economic model inevitably failed, costing investors $8.4 million.
2023年「Eternal Yield」協議號稱靠革命性套利技術「永久」賺2%日息,兩個月內因經濟模型不切實際崩潰,投資者損失達840萬美元。
The Regulatory Response
監管層回應
The regulatory landscape surrounding cryptocurrency fraud is rapidly evolving as governments recognize the scale of financial harm caused by rug pulls and similar schemes:
各國監管機構逐步意識到地氈式詐騙等對投資者造成既大額經濟損失,相關政策快速演進:
United States: Expanding Enforcement Actions
美國:擴大執法行動
The SEC has significantly expanded its cryptocurrency enforcement division, bringing charges against multiple rug pull perpetrators under securities fraud statutes. The 2023 charges against Impact Theory for selling unregistered NFTs signaled a broader interpretation of digital assets as securities. The Department of Justice has also increased prosecutions, with the creators of the "Frosties" NFT rug pull receiving the first-ever criminal sentences for NFT fraud in 2023.
美國證監會(SEC)大幅擴充加密貨幣執法團隊,多次利用證券詐騙法例檢控地氈式騙局主謀。2023年針對Impact Theory販售未註冊NFT的指控,象徵官方將更多數字資產視為證券。美國司法部同時亦加強起訴力度,Frosties NFT事件的策劃人2023年成為首宗NFT刑事詐騙定罪案例。
European Union: Comprehensive Regulatory Framework
歐盟:全面監管架構
The EU's Markets in Crypto-Assets (MiCA) framework, fully implemented in 2024, establishes strict requirements for crypto asset service providers, including mandatory audits, liquidity reserves for stablecoins, and disclosure requirements for token issuers. The framework explicitly addresses exit scams with liability provisions for project founders.
歐盟2024年全面實施「加密資產市場」(MiCA)監管,對服務商設立強制審計、穩定幣流動性儲備、發幣人必須披露等嚴格規定,首度針對退出式詐騙訂明項目創辦人刑事責任。
Asia-Pacific: Targeted Enforcement
亞太地區:精準執法
South Korea's Financial Intelligence Unit has implemented the Travel Rule, requiring exchanges to report sender/receiver information for transactions exceeding $1,000, creating an audit trail for fund flows. Singapore's Payment Services Act now includes specific provisions against deceptive token offerings, with enhanced penalties for fraudulent projects.
南韓金融情報院推行「Travel Rule」,要求交易所申報單筆超過1,000美元既發送/收款人資訊,加強資金流向追查。新加坡支付服務法加入針對虛假發幣的新條款,對騙案加重罰則。
Despite these advances, jurisdictional challenges persist. Many rug pulls operate through offshore entities or completely anonymous structures, leveraging privacy-focused blockchains and mixing services like Tornado Cash to obscure stolen funds. In 2024, Interpol's Operation HAECHI-IV coordinated arrests of 3,500 suspects linked to various crypto scams, yet recovery rates for stolen funds remain below 5%, highlighting the challenge of restitution.
不過,跨境追查仍然困難。大量地氈式騙局利用離岸公司或匿名架構,通過加密隱私鏈和Tornado Cash等混幣工具洗錢。2024年國際刑警「HAECHI-IV行動」協調 拘捕 3,500名涉案者,惟追回資金比例不足5%,反映追討仍然艱鉅。
Building a Comprehensive Protection Strategy
構建全面風險防護策略
As regulatory frameworks evolve, investors must implement their own rigorous protection strategies:
監管持續升級,投資者自己都要有嚴謹自保措施:
Technical Due Diligence
技術審查
- Contract Verification: Use specialized tools like Etherscan's "Contract Diffchecker" to identify deviations from standard token templates
合約驗證:用Etherscan「Contract Diffchecker」等工具,比對有冇偏離標準代幣模版 - Permission Analysis: Verify which addresses have privileged functions using tools like Moonscan's "Contract Permissions" feature
權限分析:用Moonscan「Contract Permissions」搵出擁有高權限既地址 - Blockchain Analysis: Track developer wallet histories using Nansen or similar on-chain analytics platforms
區塊分析:用Nansen等鏈上分析平台查開發者錢包過往紀錄 - Simulation Testing: Use Tenderly or similar platforms to simulate contract interactions before investing
模擬測試:投資前用Tenderly等模擬合約操作
Community & Project Assessment
社群及項目審查
- Social Sentiment Tracking: Monitor community sentiment using tools like LunarCrush or Santiment
社群輿情追蹤:用LunarCrush、Santiment監察社區情緒 - Developer Communication: Evaluate the quality and transparency of developer updates and technical discussions
開發者交流:重視更新透明度及技術討論質素 - Team Verification: Use background check services specializing in cryptocurrency team verification
團隊驗證:用專業團隊背調服務核對身份 - Funding Transparency: Review token allocation and use of proceeds from fundraising events
資金透明度:審查募資分配及善用情況
Structural Protections
結構性保障
- Diversification: Allocate only a small percentage of your portfolio to high-risk assets
分散投資:高風險資產只佔少部分 - Staged Entry: Invest gradually rather than committing large sums at once
分段入市:逐步投入,避免一次過全倉 - Exit Planning: Establish clear profit-taking and stop-loss parameters before investing
事先設立離場計劃(止賺/止蝕) - Use Trusted Launchpads: Platforms like CoinList, DaoMaker, and verified exchange launchpads conduct substantive due diligence
選用可信發行平台(如CoinList、DaoMaker、官方審核的交易所IEO),確保盡職審查
Insurance and Recovery Options
保險與追討方案
- DeFi Insurance: Protocols like Nexus Mutual and InsurAce now offer specific coverage against rug pulls
DeFi保險:Nexus Mutual、InsurAce等提供針對地氈式騙局保險 - Legal Recourse: Document all investments carefully to support potential legal actions
法律追討:妥善存證,以備日後追討 - On-chain Alerts: Set up wallet monitoring services to detect suspicious liquidity movements
鏈上警示:設置錢包追蹤服務,捕捉可疑流動性異動
Navigating the Rug Pull Minefield
穿越地氈式詐騙地雷陣
(The translation stops here at the end of your provided content.)Here is your content translated to zh-Hant-HK, following your specified format (markdown links NOT translated):
unprecedented innovation comes with proportional risks. Rug pulls exploit the decentralized nature of blockchain - its greatest strength - to execute sophisticated financial fraud at scale. While regulators and analytics firms develop increasingly sophisticated countermeasures, the responsibility ultimately falls on investors to conduct thorough due diligence.
前所未見的創新同時亦帶嚟相應嘅風險。Rug pull(拉地氈式詐騙)利用咗區塊鏈去中心化呢個最大優勢,喺大規模實施複雜嘅金融詐騙。雖然監管機構同數據分析公司不斷開發更先進嘅對策,但最終責任仍然落喺投資者,必須做好全面嘅盡職調查。
By prioritizing projects with transparent teams, audited contracts, sustainable economics, and genuine utility, investors can significantly reduce exposure to rug pulls. The most effective defense combines technical analysis, healthy skepticism, and disciplined investment practices.
投資者如果優先選擇團隊透明、合約經審計、經濟模式可持續、具備真正用途嘅項目,就可以大大減低中招 rug pull 嘅風險。最有效嘅防禦方法係將技術分析、健康懷疑態度,同紀律投資習慣結合。
As the industry matures, stronger self-regulatory frameworks and improved technical safeguards will likely reduce the prevalence of these scams. Until then, the old adage applies with particular force in crypto: if something sounds too good to be true, it almost certainly is. The future of decentralized finance depends on replacing opportunistic exploitation with accountability - one verified contract, transparent team, and sustainable economic model at a time.
隨住行業日漸成熟,更強嘅自律框架同更完善技術保障,應該可以減少呢啲詐騙手法嘅發生率。喺嗰之前,加密貨幣世界特別適用一句老話:「如果聽落好到唔似真,十居其九都係假。」去中心化金融嘅未來,取決於用問責制去取代投機剝削——每一個經過驗證嘅合約、透明嘅團隊,同行之有可持續經濟模式。