It is leading to the disappearance of approximately $3 million in customer deposits. In a rug-pull or exit scam, a project attracts investments or user deposits before abruptly shutting down and absconding with the funds. According to a tweet from blockchain security firm Peck Shield, the malicious actors behind the rug-pull stole around 1,628 Ether (worth approximately $2.95 million) from Swaprum's liquidity pools. They then transferred the funds to Ethereum and attempted to "launder" the majority of the stolen assets through a crypto mixer called Tornado Cash.
Following the incident, Swaprum's Twitter, Telegram, and Github accounts were all deleted, leaving behind an operational website. Beosin, another blockchain security firm, shed light on the situation, claiming that the Swaprum deployer used a backdoor function called "add()" to steal liquidity provider (LP) tokens staked by users. The deployer then removed liquidity from the pool for personal gain. This exploit reportedly occurred because the Swaprum developer team upgraded the liquidity collateral reward contract to include backdoor functions.
Users on Twitter have criticized smart contract auditors CertiK for allegedly approving the platform despite the fraudulent activities. CertiK conducted an audit of Swaprum on May 5, and the "audited by CertiK" logo was still present on the Swaprum website. However, it should be noted that CertiK's role is to assess the provided source code exclusively and cannot guarantee the implementation of their recommendations. In their audit, CertiK had raised concerns about the centralized nature of Swaprum.
It appears that the backdoor-related upgrades to Swaprum's smart contracts occurred after the completion of the audit. CertiK's website has now labeled Swaprum as an "exit scam," reflecting the severity of the situation.
This incident highlights the risks associated with decentralized exchanges and the importance of conducting thorough due diligence before participating in such platforms. Users should be cautious when providing funds to new projects and consider the credibility of audits and security measures in place. The rug-pull executed by Swaprum serves as a reminder of the ongoing challenges and vulnerabilities in the cryptocurrency ecosystem, emphasizing the need for continuous vigilance and improved security practices.