The vault scammer's playbook: every con, and the red flag that gives it away

A vault makes a simple promise: a skilled trader handles the work, you ride along. That promise attracts honest operators — and it attracts con artists, because pooled money always does. I've spent weeks reviewing vaults and weeks more building one from scratch, and the good news is this: almost every vault con leaves a fingerprint in public data, if you know what you're looking at. Here's the playbook, sorted by what the scammer is actually trying to do.

One distinction frames everything below, so hold it from the start — and notice that it's shifting under your feet. A native Hyperliquid vault is the original, "legacy" kind. The protocol keeps it on a tight leash: the operator can trade your pooled money but cannot withdraw it to themselves, the performance fee is fixed at 10%, and you can exit on your own after the lock-up. Those guardrails are real — but they come at a price. The legacy vault is limited (perpetuals only, no spot, none of the newer permissionless markets, not programmable), and Hyperliquid is actively winding it down: it raised the creation fee to $10,000 precisely to deprecate the old design and push builders toward the new one.

That new one — the custom smart-contract vault on HyperEVM — is the future: tokenized, composable, able to trade spot and the permissionless markets, programmable in ways the legacy vault never will be. But it trades the protocol's guardrails for code's freedom, and code can include doors that drain it. So the safety model itself is changing: the era where the protocol protected you by limiting the operator is ending, and the era where you (and an audit) must verify the code is beginning. The cons differ completely between the two, and most people never even ask which one they're depositing into.

Goal 1: make a bad vault look good

These cons don't steal your money — they trick you into handing it over. They work on legacy and smart-contract vaults alike.

The paper-profit mirage. A vault marks open positions to market, so an operator sitting on a big unrealized gain looks brilliant — until the position reverses and the "profit" evaporates. I broke this down in paper profits: one top vault's standing was 60% unrealized, riding on a single coin. The tell: read the open positions, not the curve.

The annualized month. A great few weeks, annualized, becomes a triple-digit APR headline. It's the same trick that poisoned CEX copy trading, and it survived the move on-chain. The tell: a dazzling APR sitting on a few weeks of history.

Pumping an illiquid mark. If a vault holds a big position in a thin market, the operator can nudge that price up — even trading against their own outside account — to inflate the vault's displayed value. It's value that exists only on the screen; you could never exit at that mark. The tell: an outsized position in a low-liquidity token or market, and a value line that moves without real volume behind it.

The multi-vault lottery. Launch ten vaults, promote the one that got lucky, let the losers quietly join the graveyard. A coin-flip winner is sold as a genius. The tell: the same operator (or brand) behind several vaults, only one of which you're shown.

Grooming. Seed a vault with your own money, build a pretty curve through a friendly market, then open to deposits right at the top. The tell: a short, up-only history and deposits that opened just as the chart peaked.

Calm that hides leverage. A vault can look smooth while secretly running heavy leverage, one bad day from a crater — exactly how drkmttr erased 44% in a single step. The tell: returns too steady for the strategy, and leverage you didn't verify.

Goal 2: take the money outright

This is where the legacy-vs-EVM divide decides everything — and where the changing safety model bites.

On a legacy native vault, outright theft is mostly off the table. The protocol won't let the operator move your funds out; the worst they can manage is trading badly, or the subtler self-dealing above (wash trades that bleed value to an outside account). Bad, but not a clean rug. Just remember what buys you that safety: the old, limited, soon-to-be-retired rail.

On a HyperEVM smart-contract vault — the future — the rug is a line of code. The contract holds your deposit and does whatever it was written to do. More power for the honest builder, more rope for the dishonest one. The classic traps:

• A backdoor withdraw — a hidden admin function that sends all deposits to the deployer.
• An upgradeable proxy — the contract you trusted can be swapped for a malicious one after you deposit. "Upgradeable" means the rug can be installed later.
• A changeable fee — the operator sets the fee to 100% and your profits (or principal) vanish into "fees."
• A honeypot exit — deposits work, withdrawals are quietly rigged or permanently locked.
• Unlimited minting — the admin mints shares to themselves and dilutes you toward zero.
• The first-depositor (inflation) attack — a known ERC-4626 trick that manipulates the share price to swallow an early depositor's funds.

How to check, before you deposit a cent: Is the contract audited, and by whom? Is it upgradeable (assume the worst if yes)? Who holds the admin keys — a single private key is a single point of rug; a multisig or timelock is far better? Can the fee change? Is the code verified and open to read? On the legacy rail the protocol answered most of these for you; on the EVM rail, nobody does — you do.

I'll be honest, because I'm building one of these EVM vaults myself: every item on that list is something an honest vault must prove it cannot do. That proof is exactly what an independent audit is for — and it's why "smart code wrote it" is not a substitute. If anything, AI-written contracts deserve more scrutiny, not less. The wallet-level traps — fake sites, malicious approvals — are covered in what can go wrong; they drain you before you ever reach the vault.

Goal 3: dress risk up as safety

The leveraged twin. "Same strategy, 2x the returns!" In reality, 2x leverage barely lifted the return while quadrupling the drawdown and turning a winning strategy into a lifetime loss. Leverage is sold as more reward; it's mostly more ruin.

Custody confusion. Some pitches borrow copy-trading's old comfort line — "your funds stay in your account." With a vault, they don't: your money leaves your wallet and sits in the vault. That's the real trade-off, and a pitch that hides it is already lying to you.

The red-flag checklist

• A headline APR built on weeks, not regimes.
• Performance that's mostly unrealized, riding on one position.
• A big position in a thin market that can't be exited at its mark.
• A short, up-only history with deposits opened at the peak.
• One operator, many vaults, only the winner shown.
• For HyperEVM smart-contract vaults: no audit, upgradeable code, single-key admin, or a changeable fee.
• Any claim that your funds "stay in your account."

The bottom line

For most of Hyperliquid's life, the comfort of a vault came from the protocol holding the operator on a leash. That era is ending. The legacy native vault — safe because it was limited — is being retired, and the future is the HyperEVM contract: more powerful, tokenized, composable, and exactly as trustworthy as its code and its audit, no more. The guardrails are moving from the protocol to you. So: legacy vaults make theft hard but deception easy — read the data until the dress-up cons stop working. Smart-contract vaults can do anything their code allows — check the contract, the keys, and the audit before you trust a line of it. Match your skepticism to the structure, and know the structure is shifting toward the one that demands the most of it.

Nothing here is financial advice — it's one trader showing his work, including the parts he had to design his own vault to avoid.