加密貨幣以去中心化、民主化和全球無界的特性,徹底改變了金融世界。然而,這種開放亦滋生出精密詐騙,利用技術的本質進行新型犯罪。
其中,「Rug Pull」詐騙成為加密世界中最具破壞力的手法之一,短時間內導致億萬損失。
加密革命催生了前所未有的創新,例如可編程貨幣及無信任金融服務。但其背後亦湧現陰暗經濟,結合匿名性、監管真空及FOMO(錯失恐懼症)等人性弱點,形成騙局溫床。
單在2024年,Comparitech區塊鏈鑑證團隊記錄的92宗Rug Pull事件,盜取資金高達1.26億美元,以DeFi協議及Meme幣受創最深。
面對區塊鏈技術遠超監管框架,投資者必須建立自身防線。本文將深入分析Rug Pull的運作原理、警號及其不斷演化的特點,為新手至老手提供可落實的防騙指南,在高風險、高回報的加密世界明智自保。
了解Rug Pull:加密詐騙的結構
Rug Pull指的是開發團隊精心部署的退出式詐騙,先以一個看似正規的加密貨幣或NFT項目吸引投資,再於吸納資金後撤離,抽走流動性或套現資金。
詞語取自「拉地毯」這個成語,形容受害者在依然握有資產時,投資的基礎瞬間消失,只剩幾乎毫無價值的電子資產。
與攻擊漏洞或技術破口不同,Rug Pull由開發團隊預謀設計,在項目運作時集體背信棄義。這種背叛對投入社群、熱愛項目的支持者尤其打擊大。
詐騙過程通常分四大階段:
項目啓動及基礎建設
開發者會在如Ethereum、BNB Chain(原Binance Smart Chain)、Solana或Avalanche等支持智能合約的鏈上發幣,並與穩定幣(USDC、USDT)或原生幣(ETH、BNB)組成流動池於Uniswap或PancakeSwap等去中心化交易所上市,建立初步市場及交易基礎。
團隊會製作專業網站、白皮書及社交媒體強化可信度。內容通常吹捧顛覆性技術、虛構合作夥伴及誇張發展路線,吸引投資者注意。
製造熱潮及社群營造
當建立了基礎後,騙徒會展開跨多渠道行銷攻勢。利用Discord、Telegram活躍社群,Twitter/X推廣發布利好資訊。付費於加密媒體宣傳,甚至打造與KOL合作假象。就如2023年Fintoch詐騙,保證每日1%超高收益,並假借高盛背書,於消失前吸金3,160萬美元。
現代Rug Pull更會利用AI生成團隊照及假履歷增加可信感。例如2024年「MetaFi Protocol」騙局,全用AI生成團隊,假稱由Google及JP Morgan專才加入,項目倒閉前已集資420萬美元。
資本集結及價格操控
隨投資資金湧入,幣價水漲船高,當中既有自然炒作,亦有自導自演。開發者以自家錢包互相交易製造成交假象和價格升幅。流動性池資金有限,小額買盤就能推高幣價,刺激更多投機者入場博快錢。
此階段常見設限規避拋售,例如限時解鎖、賣出設高額手續費,確保資金只入不出,並標榜為「反巨鯨」設計或創新Token經濟學。
策略性退出及收場善後
最後一步是協調撤資。高技術項目會於智能合約隱藏特殊函數突破流動鎖定、鑄造無限新幣,或直接抽走資金池。部份直接於幣價高峰時沽清套現,導致崩盤。
項目落幕後,社媒帳號刪除、網站關閉,全部通訊管道消失。一如2021年Defi100誆騙案,開發者臨走還留下一句:「We scammed you guys」,並攜3,200萬美元跑路。
技術及心理層層詐騙手法
隨投資者警覺升級,Rug Pull演化出多種手法:
硬性Rug Pull:技術操控
此法涉直接編輯智能合約代碼或暗藏後門,讓開發者繞過安全機制,直接攫取資金。常見手法包括:
- 無限制鑄幣函數:暗藏可任意創幣的代碼,稀釋持有人價值。
- 流動性後門:繞過流動池的時鎖保護,讓資金被套走。
- 交易控制:只准開發者交易,凍結其他人賬戶。
- 閃電貸操控:運用閃電貸作弊預言機後攫取資金池。
2024年Magnate Finance詐騙便運用預言機造價,臨時拉高抵押品價值後吸走640萬美元。同類如Kokomo Finance團隊插入後門覆寫流動性鎖,投資人誤信安全,最終損失550萬美元。
部分技術方案以代碼混淆,於審計時低調部署無害內容,審核通過後才藉Proxy合約換成惡意功能,如GRS Protocol 2023年底事件,連過三次審計也無察覺。
軟性Rug Pull或心理操控
此類較少技術作案,主要賴市場炒作與分配手法。雖然平台未「死」,但對投資者來說已實際無價值:
- 協同砸盤:開發團隊和早期投資人持有大量Token,當價高時集體清倉。
- 停止開發:項目功能未斷但所有更新和承諾作廢,形同棄置。
- 過度宣傳:只玩傳宣攻勢,不認真開發,最終慢慢消失。
例如2022年Squid Game幣,開發團隊用Netflix人氣炒高幣價,吸納340萬美元,然後初期持幣者聯手砸盤,幣價數小時內下跌九成九,合約本身仍在,但資產實質歸零。
慢性Rug Pull:長線詐騙
近年流行的「慢性」Rug Pull以長時間小額多次抽資達致目的,並利用:
- 過高交易稅:每次交易收取5-15%手續費,用以轉入開發者錢包。
- 虛假質押高息:用新資金假裝產生高年化回報(APY),實無可持續性。
- 不停融資圈錢:輪流辦IDO、NFT或新幣發行,舊社群不斷「再投資」。
以2023年Stable Magnet項目為例,開發者設10%轉賬稅名義「行銷」實則自肥,數月間吸金2,700萬美元,投資人才發現已中招。
七大Rug Pull警號——預早識穿陷阱
隨著Rug Pull手法日益複雜,投資者須建立一套嚴密的驗證流程。當下列多個警號同時出現時,被詐騙的機率倍增:
1. 團隊資料匿名或無法查證
正規項目一般 feature transparent leadership with verifiable professional backgrounds. When teams hide behind pseudonyms, cartoon avatars, or provide credentials that cannot be independently verified, caution is warranted. The $760 million OneCoin scam, orchestrated by the now-infamous "Dr. Ruja," collapsed after investigators discovered fabricated credentials and false corporate registrations.
擁有透明領導層和可核實的專業背景係可靠項目嘅標準。如果團隊成員用假名、卡通頭像,或者提供嘅資歷無法被獨立核實,就要特別小心。號稱「博士Ruja」策劃嘅 $7.6億OneCoin騙局,最終因為調查人員揭發咗造假履歷同虛假公司註冊而崩潰。
Practical verification tips:
實用核實建議:
- Cross-reference team LinkedIn profiles with employment records
核對團隊LinkedIn資料同實際工作記錄 - Check GitHub contribution history to verify developer experience
查閱GitHub貢獻歷史,驗證開發者經驗 - Use tools like Etherscan's "Contract Creator" tab to identify wallet addresses associated with previous projects
用類似Etherscan「Contract Creator」功能找出過去相關項目嘅錢包地址 - Verify conference appearances or speaking engagements claimed by team members
驗證團隊成員聲稱參加過嘅會議或演講活動
2. Unaudited or Compromised Smart Contracts
2. 未經審計或存在風險嘅智能合約
Reputable projects undergo rigorous code audits by established security firms like CertiK, OpenZeppelin, or Hacken. Beyond simply claiming "audited" status, investors should verify:
有聲譽嘅項目會比CertiK、OpenZeppelin、Hacken等資深安全公司仔細審計。投資者唔好只信「已審計」呢個講法,仲要進一步確認:
- The recency of the audit (code can change afterward)
審計報告的時效性(審計後代碼可能有變動) - The comprehensiveness of the audit scope
審計範圍有幾全面 - Whether critical issues were remediated
關鍵問題有冇被修復 - If liquidity pool tokens are genuinely locked via time-locked contracts
流動資金池Token係咪真係用時間鎖合約鎖定
The $5.8 million Merlin DEX collapse demonstrated this risk when developers bypassed a 12-month liquidity lock by deploying an entirely new contract with administrator privileges, nullifying the security measure.
$580萬Merlin DEX爆煲事件正好顯示風險——開發者透過部署新合約(有管理員權限)繞過原先12個月流動性鎖定,令安全措施失效。
Contract security verification:
合約安全核實指南:
- Confirm audits directly on security firms' websites, not just project claims
直接喺安全公司官網確認審計,唔好淨信項目官方聲稱 - Check if contract code is publicly verified on block explorers
確定合約代碼有冇喺區塊鏈瀏覽器公開驗證 - Review contract interactions using tools like Tenderly or Etherscan
用Tenderly、Etherscan等工具審查合約互動 - Verify token ownership and privileged functions using tools like TokenSniffer
用TokenSniffer等平台檢查Token擁有權及特殊權限
3. Abnormal Token Distribution and Ownership Patterns
3. 代幣分佈同持有模式異常
Centralized token ownership represents one of the clearest rug pull indicators. When a small number of wallets control a disproportionate percentage of the supply, coordinated price manipulation becomes trivial. The 2021 AnubisDAO debacle, where 90% of tokens remained under insider control, allowed perpetrators to extract $60 million through synchronized selling.
高度集中的Token持有係一個明顯嘅跑路警號。少數錢包控制絕大部分供應時,協同操縱價格變得簡單。2021年AnubisDAO事件,就係內部人掌握九成Token,用同步拋售方式套現$6000萬美金。
Distribution analysis techniques:
分佈分析技巧:
- Use blockchain explorers like BscScan or Etherscan to identify top holders
用BscScan、Etherscan等區塊鏈瀏覽器查找大戶 - Be wary when more than 20% of supply is controlled by non-contract addresses
非合約地址控制多於20%供應要小心 - Check for suspicious token transfer patterns among top wallets
留意大戶之間有無可疑轉帳 - Verify token unlocking schedules and vesting periods
查明Token解鎖計劃同歸屬期
4. Aggressive, Unsustainable Marketing Tactics
4. 激進及不可持續嘅推廣手法
Legitimate projects balance marketing with development. Rug pulls often demonstrate inverted priorities, with extensive promotion but limited technical progress. Beware of:
正規項目通常會搞技術開發同時做推廣。跑路騙局則係推廣為先,技術無乜進度。要留意以下情況:
- Guaranteed return promises ("100x guaranteed")
承諾包賺、保證多少倍升值(例如「100倍有保證」) - Artificial urgency tactics ("last chance to buy before 1000x")
誘導式緊急(例如「錯過就冇1000倍機會」) - Excessive influencer promotion, especially by figures with histories of promoting failed projects
粗暴洗版式KOL宣傳,尤其過去推廣過失敗項目嘅KOL - Marketing focused on price appreciation rather than utility or technology
全部宣傳焦點都喺價格升值,無乜講項目用途或技術
The 2023 SaveTheKids token exemplifies this danger, leveraging YouTube influencers to promote unrealistic gains before collapsing days after launch, resulting in substantial losses and subsequent legal action against the promoters.
2023年SaveTheKids代幣就係典型例子,利用YouTube網紅大肆炒作誇張回報,推出兩三日就崩潰,造成重大損失,之後有推廣人員被追究法律責任。
5. Lack of Technical Substance or Verifiable Utility
5. 欠缺技術內容或真正用途
Credible cryptocurrency projects address specific market needs with transparent technical approaches. Rug pulls typically feature abstract promises without concrete implementation details. The 2022 Frosties NFT project, which extracted $1.3 million while promising a metaverse game and merchandise that never materialized, demonstrates this pattern.
有公信力加密貨幣項目會有明確市場需求同透明技術方案。跑路騙局多數空口講承諾,無實質落地細節。例如2022年Frosties NFT項目,稱會開發元宇宙遊戲同周邊,但最終只係套現$130萬美金,以上承諾全部跳票。
Technical substance verification:
技術內容核實要點:
- Review GitHub repositories for development activity
睇GitHub有冇持續開發活動 - Assess whitepaper technical details beyond marketing language
睇白皮書有無技術細節、唔只係市場推廣用語 - Verify technology claims with independent experts
向第三方專家查證技術真偽 - Look for working prototypes or testnet implementations
睇吓有冇真正可以運行嘅測試網或Demo
6. Suspicious Liquidity and Trading Patterns
6. 流動性及交易異常
Manipulated liquidity and artificial trading activity often precede rug pulls. Professional investors analyze:
受控流動性或造假交易量,常常係跑路前奏。專業投資者會分析:
- Unnaturally perfect price charts (suggesting wash trading)
價格走勢過於平滑(可能有人造假交易) - Sudden large liquidity additions with no organic growth
無自然增長下突然大量注入流動性 - Restricted selling mechanisms in token contracts
Token合約設有賣出限制 - Unusual slippage requirements for transactions
交易滑點設得極不尋常
The 2024 "SafeMars" token exemplified these warning signs with perfectly smooth price appreciation over three weeks, followed by a complete liquidity removal when the market cap reached $12 million.
2024年「SafeMars」代幣完全展現以上警號:價格三星期超級平滑上升,市值去到$1,200萬時,團隊最後一刻抽乾流動性跑路。
7. Unrealistic Promises and Economic Models
7. 不切實際承諾及經濟模式
Sustainable blockchain projects operate within mathematical and economic constraints. Be skeptical of:
真正可持續嘅區塊鏈項目會計數做經濟模型。如果出現以下情況就要小心:
- Extraordinarily high APY rewards (1,000%+ yields)
年化收益(APY)極高(如千分比以上) - Perfect price stability promises without clear mechanisms
無清晰機制卻承諾價格一定穩定 - "Risk-free" investment claims
標榜「零風險」 - Multilevel referral structures resembling pyramid schemes
多層次推薦,近似金字塔騙局
The 2023 "Eternal Yield" protocol, which promised 2% daily returns "forever" through a supposedly revolutionary arbitrage algorithm, collapsed after two months when its unsustainable economic model inevitably failed, costing investors $8.4 million.
2023年Eternal Yield協議聲稱靠革命性套利算法每日派2%回報「永久派發」,最終經濟模型崩潰,兩個月後爆煲,投資者損失$840萬美金。
The Regulatory Response
監管回應
The regulatory landscape surrounding cryptocurrency fraud is rapidly evolving as governments recognize the scale of financial harm caused by rug pulls and similar schemes:
針對加密貨幣詐騙嘅監管體系正在急速發展,各國政府逐步重視因跑路騙局等造成嘅重大損失:
United States: Expanding Enforcement Actions
美國:執法行動擴大
The SEC has significantly expanded its cryptocurrency enforcement division, bringing charges against multiple rug pull perpetrators under securities fraud statutes. The 2023 charges against Impact Theory for selling unregistered NFTs signaled a broader interpretation of digital assets as securities. The Department of Justice has also increased prosecutions, with the creators of the "Frosties" NFT rug pull receiving the first-ever criminal sentences for NFT fraud in 2023.
美國SEC大幅增強咗加密貨幣執法部門,用證券詐騙條例起訴多個跑路項目。2023年,SEC以售賣未註冊NFT為由控告 Impact Theory,對數碼資產嘅規管界線拉得更廣。司法部亦加強刑事打擊,例如Frosties NFT騙局成為首批因NFT詐騙被判刑嘅案例。
European Union: Comprehensive Regulatory Framework
歐盟:完善監管框架
The EU's Markets in Crypto-Assets (MiCA) framework, fully implemented in 2024, establishes strict requirements for crypto asset service providers, including mandatory audits, liquidity reserves for stablecoins, and disclosure requirements for token issuers. The framework explicitly addresses exit scams with liability provisions for project founders.
歐盟Markets in Crypto-Assets(MiCA)框架已於2024年全面實施,對加密資產服務供應商訂立嚴格規定,包括必須審計、穩定幣流動性儲備、發幣方信息披露等。條例明確針對「跑路」設有創辦人追責條款。
Asia-Pacific: Targeted Enforcement
亞太地區:針對性執法
South Korea's Financial Intelligence Unit has implemented the Travel Rule, requiring exchanges to report sender/receiver information for transactions exceeding $1,000, creating an audit trail for fund flows. Singapore's Payment Services Act now includes specific provisions against deceptive token offerings, with enhanced penalties for fraudulent projects.
南韓金融情報單位落實Travel Rule,交易所需對單筆超$1,000美金交易報告發送/收款人,為資金流設審計紀錄。新加坡《支付服務法》新增針對虛假發幣嘅條款,對騙案加重刑罰。
Despite these advances, jurisdictional challenges persist. Many rug pulls operate through offshore entities or completely anonymous structures, leveraging privacy-focused blockchains and mixing services like Tornado Cash to obscure stolen funds. In 2024, Interpol's Operation HAECHI-IV coordinated arrests of 3,500 suspects linked to various crypto scams, yet recovery rates for stolen funds remain below 5%, highlighting the challenge of restitution.
縱然監管措施不斷加強,司法管轄困難依然存在。好多跑路項目通過離岸公司或完全匿名架構運作,利用強隱私區塊鏈,同Tornado Cash一類混幣服務洗走資金。2024年,國際刑警HAECHI-IV行動拘捕咗3,500名涉嫌加密詐騙疑犯,但失款追回率仍低於5%,突顯返還損失難度極高。
Building a Comprehensive Protection Strategy
建立全面保護策略
As regulatory frameworks evolve, investors must implement their own rigorous protection strategies:
隨監管框架發展,投資者必須自己制定嚴謹防騙方案:
Technical Due Diligence
技術盡職調查
- Contract Verification: Use specialized tools like Etherscan's "Contract Diffchecker" to identify deviations from standard token templates
合約核實:用Etherscan「Contract Diffchecker」等工具檢查合約有無脫離標準模板 - Permission Analysis: Verify which addresses have privileged functions using tools like Moonscan's "Contract Permissions" feature
權限分析:以Moonscan「Contract Permissions」等工具查驗有特權地址 - Blockchain Analysis: Track developer wallet histories using Nansen or similar on-chain analytics platforms
區塊鏈分析:用Nansen等鏈上分析平台追踪開發者錢包歷史 - Simulation Testing: Use Tenderly or similar platforms to simulate contract interactions before investing
模擬測試:投資前以Tenderly等模擬合約互動
Community & Project Assessment
社群與項目評估
- Social Sentiment Tracking: Monitor community sentiment using tools like LunarCrush or Santiment
社群情緒追蹤:用LunarCrush、Santiment等觀察社群輿論 - Developer Communication: Evaluate the quality and transparency of developer updates and technical discussions
開發者溝通評分:睇團隊公佈同技術討論透明度同質素 - Team Verification: Use background check services specializing in cryptocurrency team verification
團隊核查:用加密專業背調服務認證團隊查證 - Funding Transparency: Review token allocation and use of proceeds from fundraising events
資金透明度:檢查Token分配同募資款項用途
Structural Protections
結構化風險防控
- Diversification: Allocate only a small percentage of your portfolio to high-risk assets
分散投資:高風險資產只佔少量資金 - Staged Entry: Invest gradually rather than committing large sums at once
分段入場:逐步投入,唔好一次過All-in - Exit Planning: Establish clear profit-taking and stop-loss parameters before investing
退出規劃:投資前設立清晰獲利/止蝕目標 - Use Trusted Launchpads: Platforms like CoinList, DaoMaker, and verified exchange launchpads conduct substantive due diligence
用可靠Launchpad:如CoinList、DaoMaker或有驗證交易所Launchpad嚴格做盡職調查
Insurance and Recovery Options
保險及追討方式
- DeFi Insurance: Protocols like Nexus Mutual and InsurAce now offer specific coverage against rug pulls
DeFi保險:如Nexus Mutual、InsurAce可買斷專為防跑路設計嘅保單 - Legal Recourse: Document all investments carefully to support potential legal actions
法律追討:所有投資必須妥善紀錄,方便日後維權 - On-chain Alerts: Set up wallet monitoring services to detect suspicious liquidity movements
鏈上提示:設立錢包監控,及早發現可疑資金調動
Navigating the Rug Pull Minefield
穿越跑路陷阱雷區
The cryptocurrency ecosystem's
(內容到此未完,如需續譯請補充剩餘段落!)unprecedented innovation comes with proportional risks. Rug pulls exploit the decentralized nature of blockchain - its greatest strength - to execute sophisticated financial fraud at scale. While regulators and analytics firms develop increasingly sophisticated countermeasures, the responsibility ultimately falls on investors to conduct thorough due diligence.
前所未有的創新同時帶來相應的風險。Rug pull(地毯式詐騙)利用區塊鏈去中心化這個最大優勢,大規模地進行複雜的金融詐騙。雖然監管機構同數據分析公司都開發出越來越先進的對策,但最終責任仍然落在投資者身上,需要進行全面的盡職調查。
By prioritizing projects with transparent teams, audited contracts, sustainable economics, and genuine utility, investors can significantly reduce exposure to rug pulls. The most effective defense combines technical analysis, healthy skepticism, and disciplined investment practices.
投資者如果優先考慮團隊透明、合約經過審計、經濟模型可持續以及具備真正實用性的項目,就可以大大降低遭遇 rug pull 的風險。最有效的防線,是結合技術分析、保持理性懷疑和有紀律的投資習慣。
As the industry matures, stronger self-regulatory frameworks and improved technical safeguards will likely reduce the prevalence of these scams. Until then, the old adage applies with particular force in crypto: if something sounds too good to be true, it almost certainly is. The future of decentralized finance depends on replacing opportunistic exploitation with accountability - one verified contract, transparent team, and sustainable economic model at a time.
隨住行業逐漸成熟,更強嘅自律框架同技術保障有望減少呢類騙案嘅普遍性。但係喺這之前,加密界有一句說話特別適合:「如果有啲嘢好到難以置信,咁多數都係假嘅」。去中心化金融嘅未來,係要一步一步以驗證過嘅合約、透明嘅團隊、同可持續嘅經濟模型,取代只顧機會主義嘅剝削,建立起問責文化。