Decentralised Finance (or DeFi) offers an exciting opportunity to experiment with decentralised banking systems, money markets, prediction markets, and more. It also makes it possible to earn passive income without having to actively participate in high-risk trading on crypto exchanges.

However, not all of these opportunities yield promising results. There are many DeFi scams out there designed to lure you into a false sense of security. So, how can you identify the real DeFi services from the scams?

Key takeaways for identifying DeFi scams:

Evaluate the way it’s being promoted.
Assess if the smart contracts are audited.
Review the purpose of the whitepaper.
Check if the web app has similarities with ongoing DeFi projects.
Always do your due diligence and conduct your own research.

In this article, we’ll be going over 4 different ways you can use to help identify potential DeFi scams and help you stay vigilant in the future.

What is DeFi? Read our guide on decentralised finance to learn more.

Is it excessively promoted?

If DeFi scammers have enough funds to engineer a fund-draining smart contract, they certainly have enough funds to set up online ads all over the Internet.

Some scammers go through the lengths of setting up an elaborate Ponzi scheme, such as the 2016 Bitconnect scam, that involved setting up public events and collaborations with so-called influencers.

If the DeFi company is trying hard to convince you with their own sheer effort, they are probably hiding something. A real and trusted brand of DeFi services are often silent, and most often rely on word-of-mouth and a slow build-up of reputation.

Are the smart contracts audited?

The decentralised nature of these financial applications means that it’s difficult for government regulators to step in. This doesn’t mean there is no way to gain assurance that a DeFi platform is safe.

Independent reviewers and smart contract auditors have risen due to the demand for trust signals in a trustless world. Sites like CertiK and Consensys are goldmines for detailed and thorough audits for a few dozens of the most common DeFi platforms.

CertiK dashboard that ranks DeFi projects and scam alerts. Source: CertiK.

In addition to auditing, CertiK also provides a community alert whenever a new DeFi project turns out to be a scam. For example, at the time of writing, there was an interest around a new DeFi token called Safemoon.

DeFi scammers may have potentially jumped into the trend and created a new token called Moonhere, using a similar name.

Once the number of buyers have reached the threshold, Moonhere did an ‘exit scam’, where its online presence simply no longer exists — and the scammer gets away with the earnings from sales of the useless token.

Consensys takes a deep dive into the code by pointing out possible bugs in a recently audited DeFi smart contract.

Does the whitepaper and smart contract make sense? (advanced)

If you don’t trust the credibility of any third-party auditor, and would like to take things into your own hands, you can start from reading the white paper.

Does the DeFi identify a problem, and does the solution make sense? A hastily written white paper is already a dead giveaway. A white paper that appears to be plagiarised from another white paper of an already well-known DeFi project is also a red flag.

Next, actually making sense of the smart contract is also imperative if you really want to take responsibility for your own research.

Fortunately those who have a limited understanding of blockchain programming, but still understand the technical jargon, can rely on sites like Hackernoon to provide a thorough analysis of smart contracts.

For example, this incredibly thorough article studies the case of Vikingswap’s rug pull scam with sufficient technical authority, but it’s still understandable for many readers with some knowledge of how wallets work.

Does the web application appear to be a clone of another well-known DeFi project?

Phishing attacks are so common on the Internet that it also applies in the blockchain world. Investors who have not done enough research would fall for a clone of a DeFi project.

This includes, but not limited to, similar-sounding names, similar user experience, and plagiarised white paper (see previous point). For example, the Curve.fi is a legitimate DeFi project, but Curve.si is not.

You can check out this thread for a list of past projects that turned out to be a scam.

Now, let’s play a game of Pick the Scammer

These are the screenshots of the homepage to Bulls.finance and Gamblus.live decentralised applications. Can you guess which one is the clone of the other one?

screenshots of the homepage of Gamblus.live decentralised applications — Is Gamblus.live the clone of Bulls.finance?

screenshots of the homepage of Bulls.finance decentralised applications — Or is Bulls.finance the clone of Gamblus.live?

The answer is that none of these are even legit. The scammers behind Bulls and Gamblus have had a design-ready template that can be launched one after another, or simultaneously.

In the DeFi world, everything is open-source. There are so many clones of Sushiswap, for example. When Sushiswap was launched, many of its clones followed after, and it was challenging for newcomers of the DeFi space to discern between what is legitimate and what is fake.

Eventually, these clones were discovered, audited, and marked as scam.

More on DeFi: Read our beginner’s guide on decentralised finance (DeFi).

Always do your research on DeFi scams

So, like all things in the crypto world, the best course of action is always to wait and see. Wait for the auditors to look at the smart contracts. Don’t get distracted by the fear of missing out. Sure, some people may benefit from the early bird’s reward.

It’s so common for DeFi projects to reward the first liquidity providers with unbelievably large returns. Whether this is part of marketing or not, you just have to remember that even in the DeFi space, there is such a thing as too good to be true.

Always do your research, seriously. You may be tired of hearing this, but it can save your money. Once you know that something is a scam, the kindest thing you can do is to let other people know.

Decentralised applications cannot be taken down nor can they be censored. It is possible that someone you know may be on the verge of opening a scammy web dapp to deposit some valuable crypto asset.

So, always remember these five steps whenever you discover a new DeFi service:

Discover
Wait and see
Research
Remember
Warn

Make sure to keep these in mind next time you hear about a new DeFi project, as it is always better to exercise caution to avoid unnecessary risks and potential losses.

To learn more about decentralised finance and other crypto related topics, head over to our Learn Site to explore more articles.

Further reading: Click here to explore our learning Hub at Easy Crypto.