$3M worth of customer funds swiped via alleged Swaprum DEX rug pull

Arbitrum-based decentralized exchange (DEX) Swaprum has allegedly conducted a rug-pull on its users, with $3 million worth of customer deposits being swiped from the platform.

A rug-pull or exit scam occurs when a seemingly legitimate project ropes in a certain amount of investment or user deposits before promptly shutting everything down, pulling the capital and vanishing off into the distance – if they don’t adequately cover their tracks, of course.

According to May 19 tweet from the alerts-focused account of blockchain security firm Peck Shield, the bad actors swiped 1,628 Ether (ETH) – worth roughly $2.95 million at current prices – from Swaprum’s liquidity pools, bridged it to Ethereum, and then “laundered” almost all of those funds through crypto mixer Tornado Cash.

Following the incident, Swaprum’s Twitter, Telegram and Github accounts have all been deleted, however Swaprum’s website is still operational at the time of writing.

Deleted socials. Source: Twitter

Adding extra context to the incident, fellow blockchain security firm Beosin claimed that the “deployer of Swaprum used the add() backdoor function to steal LP [liquidity provider] tokens staked by users, then removed liquidity from the pool for profit.”

This was apparently made possible due to the Swaprum developer team allegedly “upgrading the normal liquidity collateral reward contract to a contract containing backdoor functions.”

A keyword search for “Swaprum” on Twitter yields several tweets from people calling out smart contract auditors CertiK over the whole ordeal, as the firm had conducted an audit of the platform as recently as May 5.

Related: Can you recover stolen Bitcoin from crypto scams?

Their complaints essentially assert that CertiK signed off on the platform by auditing the platform, with the “audited by CertiK” logo still currently up on the Swaprum website.

However, it is worth noting that as per CertiK’s disclaimers, it “conducts security assessments on the provided source code exclusively,” and can’t guarantee that its recommendations are integrated. In the audit, CertiK flagged a “major” issue with how centralized Swaprum was.

While it also appears that the backdoor-related upgrades to the project’s smart contracts were conducted after the audit was completed.

As it stands, CertiK’s website has now flagged Swaprum as an “exit scam.”

Swaprum audit. Source: CertiK

Magazine: $3.4B of Bitcoin in a popcorn tin – The Silk Road hacker’s story

All Dutch and English crypto news!

Elon Musk offers free premium features on X, crypto scammers included

Elon Musk rolled out the paid verification model on X, earlier known as “Twitter Blue,” to fight the scammers and spammers thriving on the platform...

Bitcoin zorgt voor ‘snelst groeiende ETF aller tijden’

Larry Fink noemt Bitcoin ETF IBIT de snelst groeiende ETF aller tijden. Dat zijn mooie woorden, van de directeur van Blackrock, het fonds dat IBIT...

Ethereum reaches 1M validators, community thinks it’s ‘too much’

While more validators could mean more security, community members think too many could be problematic. News Own this piece of crypto history Collect this article as NFT Join us...

Waarom donderdag 4 april een van de belangrijkste dagen ooit wordt voor Bitcoin Cash (BCH)

Over precies een week is het donderdag 4 april en als de sterren dan goed staan, vindt de halving plaats van Bitcoin Cash. Nee, niet...

Beste exchanges

Koop je crypto bij Bitvavo