Another “Rug Pull” worth $3 million with CertiK audited project

CertiK finds itself in yet another rug pull as DeFi project Swaprum vanishes with $3 million. The DeFi exchange has disappeared with client funds totaling $3 million weeks after being audited by  CertiK.  

Users on Twitter have blamed auditing firm CertiK believing that the company has successfully conducted another “rug pull”.

How did the “rug pull” happen?

PeckSheild, the security firm, took to Twitter to explain how the rug pull was conducted. The firm explained the money was laundered in the form of Ethereum by the scammers and an app called Tornado Cash was used. Tornado Cash is a coin-mixing app that was used to launder money by scammers. 

The project Swaprum, a decentralized exchange that was the face of the rug pull, has cleared its social media existence. Although, its website which allowed users to swap digital coins remains active. The project was running on the Ethereum scaling solution Arbitrum. 

Rug pull is yet another way in the decentralized world to steal clients’ money by showing the project as legitimate. Rug pulls usually take place within the decentralized apps and protocols that want to automate financial institutions’ work. Usually, scammers target hacks and rug pulls in this area mostly because of its current hype and a lack of user awareness. 

Allegations on CertiK and its Response 

CertiK was the auditing firm responsible for DEX’s audit earlier this month. The security firm declared that the project had no significant risks except the main concern that its protocol was highly centralized. 

Since CertiK being the firm behind the audit it has been highly criticized on Twitter. Mikko Ohtamaa, co-founder of TradingStategy.ai  expressed on Twitter that CertiK is an audit company and it is free to choose who they do their business with. He further added that it was a deliberate decision by CertiK to approve another rug pull. 

CertiK has pushed back the allegations by mentioning that the firm doesn’t guarantee that all the recommendations will be implemented by the team. 

The CertiK spokesperson told a media house that the firm cannot force their recommendations. The firm can only call out the vulnerabilities publicly and that’s what they did with Swaprum and the audit is available on their website.   

The company defended itself by explaining that certain portions of code were replaced with malicious code once the smart contract of Swaprum was audited by CertiK. 

CertiK explained that to carry the scammers did not manipulate the audited Masterchef contract but rather deployed a malicious one. The company said that the issue was not with the smart contract they audited but the vulnerability lay with the proxy upgrade that happened after the audit. 

CertiK was recently involved in the audit of another Rug pull worth $1.82 million that happened with zkSync-Merlin. CertiK blamed their trusted developers for the rug pull.  

Nancy J. Allen
Latest posts by Nancy J. Allen (see all)

Source: https://www.thecoinrepublic.com/2023/05/20/another-rug-pull-worth-3-million-with-certik-audited-project/