Hello RugDoc fam,

It’s been a little while and we need to sit down and talk about the elephant in the room… The Know Your Customer (KYC) program.

Recently there’s been an increased demand and criticism for this particular service and we wanted to take the time to explain the process and why it’s important for projects to KYC.

We’ve also come armed with examples to substantiate our rationale in our approach, so we’d like to take a few minutes of your time to explain a couple of things.

First off…

What is RugDoc’s KYC Program?

The KYC program is a beta that we added to our suite of services due to popular demand from the community. 

RugDoc KYC gives project developers the option to partake in our extensive vetting process in order to prove ownership and hold a semblance of accountability should any malicious actions occur.

Our aim is to de-anonymize developers. The KYC program act as a deterrent and helps prevent any malicious action from the developers.

However, this is not a guarantee for safety, nor does this make RugDoc liable for any financial losses that investors may incur.

The RugDoc KYC Process

While KYC is available with other providers, we do offer a unique proposition specifically relating to DeFi to provide an extra layer of security.

The process contains the following:

  • Manual verification via a Zoom call of KYC document and applicant. This is essential to make sure that the applicant and document they submit are both legitimate and matching. We are aware synthetic media is possible (e.g. DeepFake), however we will do our best to remain vigilant and part of the reason that this is still done manually.
  • Prove access to project’s deployer or team wallet to show that they indeed have top level access in the project and are 100% responsible for anything done with that address.
  • Confirm that they are the ONLY person with access to this address, or every other person with access must also KYC.
  • Make a small transaction to a specific address on video to prove proof of ownership (refundable).

Our KYC process has elements of solidity programming which is necessary to take extra steps of precaution.

As far as we are aware, no other KYC provider offers this level of depth as we do.

We’re in quite a niche position in DeFi where we have willing members of staff to manually verify identities and also verify contract ownership.

On a typical project, hiring solidity developers will cost you at minimum of $10,000 and onwards to help you verify some of the KYC steps we ask for. We are aware not your everyday DeFi investor can afford this, which is a primary reason why we’re offering this service for project owners at RugDoc.

Want more information? Check it out more KYC details here.

Why should Projects KYC?

We get a fair amount of criticism around the costs for KYC, However as a DeFi project hoping to get 6-7 figure TVL, this should be a miniscule amount to cover and should be part of the essential operating costs to spread some sense of security in the project.

Any malicious actions from the KYC’ed applicant can be prosecuted with legal action, so developers undergoing the KYC process show the first steps towards transparency.

Doxxed teams via public media pieces (e.g. Youtube videos), published LinkedIn profiles, and similar formats where developer names and faces are shared can and often times be faked, which is why we’re keen to follow the process outlined… especially as it contains a step which caters specifically for Contract ownership.

Below are some examples of where we can see the impact of identities being shared both positively and negatively.

Identity and Action – StableMagnet

A DeFi project called StableMagnet exit scammed for $22 million in June 2021.

While this project was not KYC’ed, we did have vigilant community members that investigated the StableMagnet team using small breadcrumbs left behind by the Scammers.

This allowed “Ogle”, founder of BSC Gemz as well as “Dingbats” a well respected Solidity freelancer to track down the movements of the StableMagnet team as well as their identities.

The StableMagnet team, after executing the scam, moved from Hong Kong to Manchester, UK where they were arrested by the authorities. This is a prime example of which revealed identities is paramount to tracking culprits as well as making recovery a possibility.

We have made a video to outline the story here:

Identity and Witch Hunting – Little Doge NFT

One of the things we are steadfast in is that we will never release KYC’ed data to the public, as this enables witch hunting. In essence, modern-day witch hunting is when online users threaten or even take negative action that can harm a KYC’ed person’s life.

This might happen if something in a project goes wrong – such as if a project were to be exploited. As you can imagine, witch hunting is something we are very much opposed to.

We firmly believe that cyber crime units are best versed to tackle these situations rather than the public who will be armed with pitchforks and filled with emotions.

Little Doge NFT is a project that rugged for $1m. With a hyper-vigilant and aggressive community, they found multiple members of the group and expressed some hateful and quite frankly disgusting comments towards them and their family. Comments relating to arson, death threats, and rape towards their loved ones were mentioned.

We do not encourage this behavior and firmly believe that addressing KYC issues by involving authorities is a much better approach than letting the outraged community run rampant as evident in the above. 

In progress – CryptoYieldFarm (CYF)

Out of the 30 KYC’ed projects so far we have at RugDoc, there has only been one instance of overt malicious behavior, and that’s with CryptoYieldFarm. We have the culprit’s full name, date of birth, address and other details, which we will use to file a report with the local authorities.

If you were affected by this scam, please reach out to @TheRugDoctor as we are compiling transactions to be provided as evidence. In the meantime, please remain vigilant when investing and manage your risk appropriately.

You can also head over to the CYF Support Telegram if you were affected by this project.

I also wanted to quickly add that there are other providers for KYC and LP locking that project owners are free to use. We are encouraging projects to KYC and lock their LP – not necessarily with RugDoc, but with any reputable provider.

As vigilant investors, we encourage you to put pressure on the project to lock their LP and undergo a KYC process for the reasons outlined above

RugDoc is about DeFi safety. We are not vigilantes that hunt down scammers, and we will continue to do what we do best, which is to continue and educate the community through building our Wiki DeFi database.

We are also continuing our free review of DeFi yield farms and establish new partnerships with reputable projects such as Avalanche Network and Paladin.

While we are saddened that the RugDoc KYC did not deter CYF from scamming, we are hopeful and enthusiastic to support local authorities in their prosecution.

Stay safe out there,

Limitless

Leave a Reply

Search

🟢 For owners who have made impactful changes and would like an update to their farm review:

1️⃣ Use #update at @RugDocChat with your description and proof of changes and it will be forwarded to our scanners.

2️⃣ This does not guarantee a change in your review.

3️⃣ Owners who have difficulty solving the issues can consider our Consultation Package – please contact @BaymaxCrypto on Telegram to discuss.

Our mission here at RugDoc is to screen for hard rug code that results in 100% theft of ALL underlying funds for ALL participants.

This is the ONE part of the due diligence process that most people cannot simply do on their own as it costs thousands of dollars to hire a senior solidity developer to look over a farm for safety.

A project coin with terrible code can go up in price, and a project with good code and a good team can also go down in price.

Do NOT use our ratings to refer to your likelihood in making money if you invest in the project. They are ONLY in reference to code safety.

Everything else beyond code safety is YOUR responsibility to go do research on. We just make sure the casino you’re betting in won’t rob you before you even get to place a bet.

Our reviews for projects are organized into a few colors.

🟢 Least Risk
These projects are the least likely to hard or soft rug. Usually reserved for cornerstone projects of an ecosystem where it makes no financial sense for them to rug in any manner as they make more money just being legit.

🔵 Low Risk
These projects are usually established projects in an ecosystem that have a track record of success or have KYC’d to us or other authoritative sources in the real world. As a result, it is extremely unlikely for them to soft rug or hard rug their projects. The projects can still fail and the token price can go down, but usually more as a result of natural market forces.

⚪️ Some Risk
This is the default rating for projects with unknown teams but have code that is unlikely to have hard rug risk. Since the team is unknown and doesn’t have a track record of success, it’s entirely possible that they may try to soft rug by dumping tokens, abandoning the project, etc. Even a last minute contract swap to a malicious contract is possible. The only thing that is unlikely is a complete hard rug as long as you are 100% sure you deposit into the contract we review.

🟠 Medium Risk
Similar to Some Risk, but the underlying code itself is custom enough or complex enough that it warrants an elevated risk rating that needs deeper research. Make sure you read every point presented to make sure you’re comfortable with that before entering. Still unlikely to hard rug, but more chances of custom code behaving incorrectly and causing other issues.

🔴 High Risk
Project contains code or practices that are HIGHLY LIKELY to lead to catastrophic losses as they are right now. Make sure you read the description carefully as we will always warn what these issues are. If you see the words Hard Rug anywhere in the review, STAY FAR AWAY!

⚫️ Not Eligible
We reserve the right to not review exceedingly complex projects that would require tens of thousands of dollars of senior security analyst man hours. Typically these are projects that deal with leverage, lending, options, derivatives, and anything that is overly complex and which requires tons of peer reviews and audits from top audit companies.