Decentralized finance, or DeFi, is an emerging sector of blockchain technology that aims to transform traditional financial services by making them more accessible, transparent and autonomous. Built on autonomous smart contracts running on blockchains, DeFi eliminates the need for intermediaries such as banks, providing a more direct and open financial experience.
However, this financial revolution is not without its challenges, including the rise of scams targeting DeFi users.
These scams often take various forms and can be amplified through communication channels such as Telegram or WhatsApp groups, where scammers seek to attract potential victims using the names of popular trading platforms such as Binance, trustwallet, coinbase, crypto.com...
So it is through messaging platforms and social media that DeFi scams are spread. By creating chat groups on Telegram or WhatsApp, claiming to offer lucrative investment opportunities, exclusive tokens, or even pre-sales of promising DeFi projects. These groups may appear legitimate, but they are often traps designed to lure unsuspecting investors.
Among the most common DeFi scams are “rug pulls.” These scams occur when a promising DeFi project attracts investors, accumulates significant liquidity, and then sees its developers abruptly exit with the funds, leaving investors with significant losses. Therefore, “smart contracts”, or intelligent contracts, play a central role in these scams by allowing the automatic execution of the withdrawal mechanism, without the possibility of external intervention.
Furthermore, faced with the opportunities and risks posed by DeFi, the UAE has shown growing interest in developing regulatory frameworks tailored to blockchain technologies and smart contracts. Authorities, including the Central Bank of the United Arab Emirates and the Abu Dhabi Financial Services Authority, are working to develop rules and guidelines to regulate these new technologies. This process aims to establish legal certainty while promoting innovation in the field of DeFi.
To understand these different attacks, it is appropriate to study the different modalities of scams in DeFi (I) as well as the ways to avoid them (II)
I – The modalities of Scams in DeFi: Between Technical Attacks and Project/Token Deceptions"
A – technical scams
In the context of decentralized finance (DeFi) technical scam refers to fraudulent schemes that exploit specific flaws or vulnerabilities in DeFi mechanisms and protocols. These malicious practices are often designed to deceive participants and cause financial losses by taking advantage of loopholes in smart contracts, lending mechanisms, or other specific elements of the DeFi ecosystem.
These scams take many forms, most notably “rug pulls” which occur when a promising DeFi project attracts investors, accumulates significant liquidity, and then sees its developers abruptly exit with the funds, leaving investors with losses. important. Thus, the mechanism is characterized by the exploitation by developers of vulnerabilities in the project's smart contract in order to carry out a massive withdrawal of liquidity without notifying investors.
Second, one of the scams consists of flash loan attacks. These scams aim to exploit the ability to borrow funds without collateral to manipulate the market or exploit vulnerabilities in DeFi protocols. Additionally, scammers borrow funds through flash loans, use them to manipulate the market or exploit flaws in specific protocols, and then repay the loans in a single transaction.
Thirdly, we distinguish front-running attacks. The latter arise when malicious people anticipate future transactions and execute them before the initial transaction is confirmed, thus taking advantage of the prior information. Thus, attackers monitor the network for pending transactions, then execute prioritized transactions to take advantage of anticipated market movements.
Finally one of the technical scams involves the impermanent loss technique which occurs when the value of a liquidity provider's assets in a liquidity pool changes, resulting in a loss compared to simply holding the assets. In addition, as soon as the value relative to assets in a liquidity pool changes, this impacts the liquidity provider who may suffer a loss compared to simply holding the assets, due to the pool clearing mechanism.
These technical scams often exploit specific aspects of DeFi protocols, highlighting the need for a thorough understanding of the underlying mechanisms before participating in such platforms.
B – scams linked to projects and Tokens (tokens)
Project and token deceptions in the decentralized finance (DeFi) space represent a complex and sometimes risky facet of this constantly evolving ecosystem. These fraudulent practices often involve deliberate schemes by developers or malicious actors to mislead investors, often resulting in substantial financial losses.
Several schemes can be highlighted, including farming scams which are characterized by incentives (often through Whatsapp telegram groups) to provide liquidity to DeFi pools by promising high returns. However, once users deposit their assets, project developers can close the project, withdraw the funds, or manipulate the yield mechanisms, leaving investors with significant losses.
The same goes for fake tokens and fake Defi projects consisting of the creation of fake tokens or the presentation of fictitious projects in order to attract investors, despite the resemblance to legitimate projects, the very design of the project is to fraudulent design. Therefore, scammers can create websites, promotional materials and advertisements that appear authentic to generate investor confidence. Once funds are collected, the fraudsters may disappear or cease further development.
Another scam involves using so-called malicious oracles. First of all, an oracle is a service or mechanism that provides real-world data to smart contracts on a blockchain. Smart contracts, which are standalone programs running on a blockchain, cannot directly access information outside of the blockchain. Oracles are therefore used to introduce external data into the secure world of smart contracts. Thus, scammers manipulate oracles, which provide real-world data to smart contracts, to mislead DeFi protocols. This can distort asset price information and lead to losses for users.
Finally, it is worth mentioning mining attacks, which consist of illegitimately creating additional tokens in a DeFi protocol. This can dilute the value of existing tokens and cause losses to investors. Additionally, fraudsters exploit flaws in smart contracts to artificially create massive quantities of tokens, thereby generating unauthorized inflation.
II – The different ways to avoid these Defi scams: indications of fraudulent activity and legal remedies
A – Revealing clues of fraudulent activity in DeFi
Spotting scammers in the context of Telegram groups, WhatsApp, Instagram, Snapchat or even Zoom meetings where they offer lucrative returns on investments requires increased vigilance. However, several warning signs can be identified, including obviously very significant, even unrealistic, promises of return on investments in often very short periods of time and sometimes paid monthly.
Then one of the most important markers is characterized by a lack of transparency or even the anonymity of certain people linked to the project. Therefore, it is appropriate to ask when it comes to significant investment that people agree to reveal their identity.
Furthermore, in order to encourage investment, scammers do not hesitate to create a feeling of urgency in order to encourage their victim to invest quickly. Therefore the victim feels urgent not to miss an investment opportunity. In addition, scammers do not hesitate to share with their accomplices false screenshots showing large amounts in their virtual wallet allegedly winning thanks to the project in question. Behavior likely to be accompanied by emotional speech that does not hesitate to play on the situation or facts known to their victim.
Concerning real projects, the latter often have official communication channels, verified social networks, blogs that can attest to what has been done previously, however if it is necessary to remain cautious, the absence of these channels can be an indicator of a fraudulent transaction.
Therefore, you should know that legitimate DeFi projects often have their smart contracts audited by third-party security companies. If a project cannot provide a security audit, this may be a sign of risk.
Finally, before joining or making an investment in a project, it is appropriate to carry out in-depth research on the website of the decentralized exchange platform, it should also be noted that there are solutions for certain DeFi protocols. decentralized insurance to protect against potential losses.
B – Means of legal protection in the United Arab Emirates
The UAE is showing growing interest in developing regulatory frameworks suited to blockchain technologies and DeFi.
Thus, the legal options available to victims of DeFi scams in the UAE depend on the specific nature of the scam. However, before considering the options, it should be noted that in the UAE it is extremely important to have a copy of the offender's resident card or passport in order to facilitate legal proceedings. through a criminal complaint.
Indeed, it is important for us to be able to obtain a “travel ban” or to prevent the author from traveling until the dispute is resolved, therefore it is important to be able to clearly identify the author(s) of the offense(s).
Therefore, after contacting us, it is possible to take legal action and at the same time report this type of violation to the central bank and the financial services authorities of Abu Dhabi after filing the complaint. , so that these organizations can attempt to trace the funds and take appropriate action.
Finally, in certain cases if the perpetrator may have left the Emirates, requiring cooperation. Local authorities can cooperate with other countries to investigate cross-border activities.
Akram Cheik, Lawyer
Comments