Developers of a decentralized exchange based on Arbitrum called Swaprum have drained $3 million worth of ETH from the protocol in what looks to be an apparent rug pull or exit scam.
Swaprum Team Pulls Off $3M Heist
Cryptocurrencies are built on the principles of trust and transparency. However, the specter of hacks and rug pulls has often cast a long and dark shadow on the industry. Recent events have provided a grim reminder of the constant threat from hacks and scams, as users of Swaprum have unfortunately discovered. Swaprum is a decentralized exchange (DEX) on the Arbitrum Network. It has now emerged that the developers at Swaprum have pulled off a rug pull on its users, draining $3 million worth of ETH from the protocol.
The decentralized exchange offered users low swapping fees, exceptionally high farming rewards, and the potential to earn up to 100% annual percentage yield (APY).
Details Of The Rug Pull
The rug pull was discovered by blockchain security firm PeckShield, which flagged it on Friday. PeckShield revealed that approximately 1628 ETH, worth around $3 million, was drained from Swaprum’s liquidity pools. According to on-chain data, the exit was orchestrated late on Thursday. First, the Swaprum team removed liquidity for the SAPR token on the decentralized exchange, selling the assets in exchange for more ETH. The SAPR token is the native token of the Swaprum decentralized exchange.
Subsequently, the team moved the funds from Arbitrum to Ethereum before moving them to the cryptocurrency mixer Tornado Cash. A more detailed analysis carried out by Beosin revealed that the developer of Swaprum’s smart contract had added a backdoor functionality to the contract. This is what enabled the theft of the liquidity pool tokens that users had staked. It was revealed that the developer had used the add() function and drained the protocol. Beosin explained that the team at Swaprum had upgraded the normal liquidity collateral reward contract to another, which contained backdoor functions. It stated,
“The backdoor function add() will transfer LP tokens from the contract to the _devadd address. By querying the _devadd address, it will return the ‘Swaprum: Deployer’ address. The Swaprum: Deployer uses the stolen LP tokens in the previous step to remove liquidity.”
Additionally, the Swaprum team also completely wiped out their online footprint, deleting all their social media profiles across platforms such as Twitter, GitHub, and Telegram. However, the project’s official website is still operational. The now-defunct decentralized exchange also highlighted a positive security check from CertiK. However, it remains to be seen whether the certification is genuine.
SAPR Token Essentially Worthless
As expected, the decentralized exchange’s native SAPR token lost all its value following the rug pull. Currently, the token is trading at $0.000022, with a trading volume of only $83. This represents a 99% decline from its price of $0.147 before the rug pull. The Swaprum rug pull is easily one of the biggest rug pulls on the Arbitrum Network. It eclipsed the loss suffered during the hack of DeFi protocol Hope Finance, which was the victim of a $2 million exploit that took place in February.
Rug Pulls On The Rise
The crypto space has seen an unmistakable rise in rug pulls or exit scams. Just the month of May itself has seen two other rug pulls apart from Swaprum. On the 5th of May, CertiK froze $160,000 that was stolen during the Merlin DEX rug pull. Merlin fell victim to an insider rug pull which resulted in a loss of $1.8 million. XIRTAM, an educational project backed by CultDAO, also pulled off a rug pull, with the team behind the project stealing 2000 ETH out of the funds raised for the platform.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2023/05/swaprum-team-executes-rugpull-drains-3m-in-eth-from-protocol