Decentralised exchange (DEX) Swaprum, built on Arbitrum, has supposedly been accused of doing exit scams or rug-pull on its customers and stealing worth $3 million of client deposits from the exchange.
Exit Scam or rug-pull is a kind of malicious operation, in which a genuine appearing project takes a certain amount of investment from the customers and investors and later terminates operations on the protocol, withdrawing the funds and runs away. This is the most common type of scam going on in the crypto market.
As indicated by May 19 tweet from the company Peck Safeguard, an alert-centered account of blockchain security, agitators swiped 1,628 Ether valued $2.95 million at present costs from Swaprum’s liquidity pools, connected it to Ethereum, and afterward “washed” complete assets through digital currency mixer Tornado Cash.
Swaprum’s Telegram, Github and Twitter accounts have all been removed as a result of the event, however as of writing this article, the website is still working properly and can be accessed.
Another digital currency security company, Beosin, provided additional details fof the event by claiming that the “deployer of Swaprum used the add () backdoor function to steal LP [liquidity provider] tokens staked by users, then removed liquidity from the pool for profit.”
This was purportedly made feasible as a result of the Swaprum development team “redesigning the ordinary liquidity security reward contract to a contract incorporating backdoor functions.”
A Twitter search for “Swaprum” turns up a number of posts criticising smart contract examiner Certik for the entire situation, despite the fact that the company last audited the platform on May 5.
They basically claim that Certik approved the platform by auditing it, and the “audited by Certik” emblem is still shown on the Swaprum website.
It is important to keep in mind that Certik “conducts security assessments on the given source code entirely” and cannot ensure that its suggestions are implemented, as stated in the company’s disclaimers. In the inspection, Certik identified a “major” problem with how centralised Swaprum was.
However, improvements to the project’s smart contracts connected to the backdoors seem to have been made after the inspection was finished. Certik’s website now lists Swaprum as a “exit scam.”