A recent incident has sent shockwaves through the security-conscious DeFi community. Decentralized exchange (DEX) Swaprum has vanished, along with client funds amounting to a staggering $3 million. With a touch of irony, this rug pull occurred just weeks after the platform was audited by prominent security firm CertiK.
The total capital, in the form of Ethereum, was allegedly laundered by the scammers through the widely used coin mixing app Tornado Cash. As Swaprum’s digital footprint has been scrubbed with the deletion of all social media profiles, investigators are left with limited traces of these criminals.
As Decentralized Finance (DeFi) projects look to assume the roles of banks and brokerages in the financial world, they face a wide range of security threats, such as hacks and rug pulls. Inherently risky, these innovative ventures often push the boundaries with experimental measures to stay ahead, highlighting the need for thorough security audits.
CertiK, a reputable security audit firm, had recently rated Swaprum with no critical risks but noted three major risks, one of which was the heavy centralization of the protocol. The sad turn of events has led to accusations that CertiK is patently approving rug pulls, drawing the company further into controversy. As Mikko Ohtamaa, co-founder of TradingStrategy.ai, bluntly remarked, “CertiK made a deliberate business decision to approve another rug pull.”
Though a CertiK spokesperson has not yet commented on the situation, this isn’t the firm’s first run-in with security lapses. Last month, another DEX platform, Merlin, which had also undergone a CertiK audit, was drained of an estimated $1.82 million. CertiK, in response, labeled the attack as the work of “rogue developers” and claimed that initial investigations pointed to Europe as the base for these malicious actors. Additionally, the firm claimed to be actively working with law enforcement to apprehend the criminals and even offered a 20% white hat bounty to urge them to come forward.
While these incidents may seem to circle back to the eternal question of whether DeFi protocols can ever truly be secure, it provides a sobering reality for the young and rapidly-evolving sphere. Ensuring the utmost security has never been more crucial as crypto enthusiasts are forced to grapple with the all-too-possible reality of several more rug pulls being just around the corner. The community can only hope that projects like Swaprum serve as a reminder of the financial and reputational consequences that follow a lack of due diligence in the rapidly-advancing world of DeFi.
Source: Decrypt