In brief

  • Blockchain analytics company CipherTrace released new data about cryptocurrency and crime in 2020.
  • Crypto criminals made $1.9 billion.
  • DeFi was particularly vulnerable.

DeFi “rug pulls” and exit scams made up 99% of all crypto fraud schemes in the second half of 2020, according to new data from blockchain analytics company CipherTrace. 

It’s part of CipherTrace’s year-end report examining cryptocurrency’s role in criminal activity over the course of 2020, similar to what Chainalysis released earlier this month.

According to CipherTrace’s data, criminals “netted” $1.9 billion in 2020. That’s down from $4.5 billion in 2019, and up from $1.7 billion in 2018.


The majority of that crypto-linked criminal activity falls under the general rubric of “fraud and misappropriation.” The second-most-popular category, per CipherTrace, was “hacks and thefts.”

A massive fraud scheme surrounding a coin called WoToken was responsible for $1.1 billion of last year’s figure. It was the single most expensive crypto crime of 2020, according to the report. Criminal activity surrounding the KuCoin hack and Fcoin came in second and third place.

DeFi was also particularly vulnerable to thefts last year, according to CipherTrace. And “rug pulls”—a kind of exit scam where attackers drain liquidity from a protocol, leaving investors unable to trade—reigned supreme.

“Half of all 2020 crypto hacks were of DeFi protocols—a pattern that was virtually negligible in all prior years—and nearly 99% of major fraud volume in the second half of 2020 stemmed from DeFi protocols performing ‘rug pulls’ and other exit scams in a pattern eerily reminiscent of the 2017 ICO craze,” says CipherTrace.

As the amount of money locked up in DeFi has grown—according to data from DeFi Pulse, it’s nearly $25 billion, up from around $10 billion at the beginning of November—so too have the risks.


“FOMO is fueling growth and an urgency associated with participating in DeFi, but the DeFi space overall lacks adequate due diligence, exposing individual investors to significant risks,” CipherTrace CEO Dave Jevans told Decrypt. “When protocols launch quickly to take advantage of the hype cycle, they put users at risk who could fall victim to loopholes or bugs in the code that would have been discovered in an in-depth security audit.”

CipherTrace’s list of targeted DeFi protocols and trading mechanisms included Pickle Finance, Uniswap, Harvest Finance, Bisq, and more.

“With the influx of billions of dollars into DeFi,” said Jevans, “expect more DeFi related hacks, frauds and a variety of exit scams in 2021.”

Stay on top of crypto news, get daily updates in your inbox.