The cryptocurrency space has experienced another unfortunate event, as Arbitrum-based decentralized exchange (DEX) Swaprum allegedly conducted a rug-pull on its users, reportedly swiping roughly $3 million worth of customer deposits. Rug-pulls or exit scams typically occur when a seemingly legitimate project accumulates a significant amount of investments or user deposits before shutting everything down, taking the capital, and disappearing, assuming they cover their tracks properly.
Peck Shield, a blockchain security firm, reported that the malicious actors behind Swaprum took 1,628 Ether (ETH) worth approximately $2.95 million from the platform’s liquidity pools. They then bridged the stolen funds to Ethereum and laundered almost all of it through a crypto mixer called Tornado Cash.
Following this incident, Swaprum’s Twitter, Telegram, and Github accounts were deleted, although their website remains operational. To provide further context, another blockchain security firm, Beosin, claimed that Swaprum implemented a backdoor function which allowed the culprits to steal liquidity provider (LP) tokens staked by users and removed the liquidity from the pool for profit. This was made possible because the Swaprum developer team allegedly upgraded the liquidity collateral reward contract, including backdoor functions.
Many people on Twitter have expressed their anger towards smart contract auditors CertiK, who conducted an audit of Swaprum as recently as May 5. These individuals argue that CertiK effectively endorsed the platform by performing the audit. However, it is important to note that CertiK’s disclaimers state that the firm only conducts security assessments on the provided source code and cannot guarantee that its recommendations are implemented.
CertiK flagged a “major” issue with Swaprum’s centralization in its assessment. It appears that the backdoor-related upgrades to the project’s smart contracts were conducted after the audit was completed. CertiK’s website has since flagged Swaprum as an “exit scam.”
The Swaprum incident highlights the challenges that the crypto industry faces in terms of security and trust. Although there have been numerous advancements in blockchain technology and cybersecurity measures, there are still bad actors looking to exploit vulnerabilities and take advantage of unsuspecting users. As always, users must remain cautious and conduct thorough research before investing in any project to minimize the risks associated with such scams.
In conclusion, the Swaprum rug-pull brings to light the ongoing struggle for security and trustworthiness within the crypto industry. While it is imperative for developers and organizations to prioritize the safety of investors and users, individuals also carry the responsibility of being vigilant and conducting their own comprehensive research to minimize potential risks. This incident should serve as a reminder of the continuing need for improvement and advancement in the realm of crypto and blockchain security.
Source: Cointelegraph