Swaprum, a decentralized exchange (DEX) operating on the Arbitrum network, stands accused of orchestrating an alleged rug-pull scheme. This fraudulent maneuver saw an estimated $3 million worth of user deposits suddenly vanish from the platform.
Swaprum Disappears And Steal Users’ Funds
The rug pull tactic involves a purportedly reputable project amassing substantial investment or user deposits before abruptly pulling the rug from under its investors, as it were. The deceitful parties then disappear, often leaving no trace – provided they’ve efficiently obscured their tracks.
On May 19, PeckShield, a blockchain security company, alerted via a tweet that a malicious party had made off with approximately 1,628 Ether worth $2.95 million. The miscreants reportedly purloined the funds from Swaprum’s liquidity pools, transferred them to Ethereum, and effectively “laundered” most of the stolen sum using Tornado Cash.
In the aftermath of this alleged cybercrime, all of Swaprum’s social media accounts, including its Twitter, Telegram, and GitHub, have been mysteriously erased. However, the Swaprum website remains live. That may be an attempt to steal more user funds.
The Mechanism of the Heist
Offering additional insight into the breach, Beosin revealed that the “deployer of Swaprum leveraged the add() backdoor function to pilfer LP [liquidity provider] tokens pledged by users, subsequently draining liquidity from the pool for personal gain.”
The Swaprum development team reportedly facilitated this unscrupulous operation, allegedly “upgrading the standard liquidity collateral reward contract to a contract incorporating backdoor capabilities.”
Raising Questions for Auditing Practices
A flurry of tweets condemning smart contract auditing firm CertiK has ensued following the incident, as the company had given Swaprum a clean bill of health as recently as May 5. Criticism hinges on the claim that CertiK effectively endorsed the platform by conducting an audit, with the “audited by CertiK” logo prominently displayed on the Swaprum website even now.
However, CertiK defends its position by asserting its role is to “carry out security evaluations on the submitted source code exclusively.” Therefore, the firm cannot assure the integration of its recommendations. It’s worth noting that CertiK did highlight a “significant” concern related to the centralization of Swaprum during their audit.
It appears that the suspect upgrades to Swaprum’s smart contracts, those involving the backdoor, were implemented post-audit.
CertiK’s website has tagged Swaprum as an “exit scam,” reflecting the gravity of the allegations and ensuing controversy.
None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.