Swaprum’s Twitter, Telegram, and GitHub accounts were all deactivated shortly after the money vanished, but the website is still active.
According to reports, Swaprum, an Arbitrum-based decentralized exchange (DEX), pulled a rug from under its users, losing almost $3 million in consumer deposits. Rug-pull or departure scams include projects that solicit investments or user contributions before abruptly ceasing operations and making off with the money. In this instance, the criminals are accused of stealing 1,628 Ether, or around $2.95 million, from Swaprum’s liquidity pools.
The stolen money was subsequently transferred to Ethereum and mostly “laundered” using the Tornado Cash cryptocurrency mixer. The offenders wanted to hide the monies’ trail and make them harder to find, so they used this mixing service. The event shows how open decentralized exchanges are to such nefarious actions.
Merits of Due Diligence in DeFi Platforms
Concerns over the rug-pull and the disappearance of customer deposits have surfaced in the bitcoin community, highlighting how crucial it is to do your research and use caution when interacting with decentralized platforms.
Before depositing their money, users are recommended to do extensive research on any platform and evaluate its security protocols, standing, and track record.
Adding extra context to the incident, fellow blockchain security firm Beosin claimed that the “deployer of Swaprum used the add() backdoor function to steal LP [liquidity provider] tokens staked by users, then removed liquidity from the pool for profit.”
As it stands, CertiK’s website has now identified Swaprum as a “exit scam.” It also appears that the updates to the project’s smart contracts relating to the backdoor were carried out after the audit.