Swaprum DEX: An Alleged Rug Pull Worth $3M
Arbitrum-based decentralized exchange (DEX) Swaprum has allegedly orchestrated a rug-pull on its users, with $3M worth of customer deposits disappearing from the platform. A rug-pull, or exit scam, is a fraudulent practice where developers of a crypto project attract a significant amount of investments before abruptly vanishing, often leaving no trace.
Details of the Alleged Scam
According to a tweet by blockchain security firm Peck Shield on May 19, perpetrators made away with 1,628 Ether, worth approximately $2.95 million, from Swaprum’s liquidity pools. The funds were then bridged to Ethereum and nearly all of it “laundered” through crypto mixer Tornado Cash. Following the incident, Swaprum’s social media accounts and its Github repository were deleted, yet their website remains live at the time of this report.
The Backdoor Exploit
Blockchain security firm Beosin added that the Swaprum deployer used a “backdoor function” to steal liquidity provider (LP) tokens staked by users, subsequently removing liquidity from the pool for personal profit. This exploit was allegedly made possible because the Swaprum team had upgraded the standard liquidity collateral reward contract to a contract containing backdoor functions.
CertiK Audit Controversy
Several Swaprum users have called out smart contract auditors CertiK for its role in the incident. CertiK had audited the platform as recently as May 5 and its logo remains on the Swaprum website. However, it’s important to remember that as per CertiK’s disclaimers, its security assessments are limited to the provided source code. The firm can’t guarantee that its recommendations have been integrated. During the audit, CertiK did flag a “major” issue regarding the platform’s centralization.
It’s also worth noting that the upgrades relating to the backdoor functions in the project’s smart contracts seem to have been made post-audit.
Current Status of the Case
CertiK’s website has now marked Swaprum as an “exit scam.” As the blockchain community reels from this incident, users are reminded to exercise caution when investing in such platforms. Investigations are ongoing, and updates will be provided as new information becomes available.