- The creators of the decentralized exchange Swaprum have purportedly rug-pulled $3 million in Ether tokens from the protocol.
- With the deletion of their social media profiles on Twitter, Telegram, and GitHub, Swaprum’s digital presence essentially disappeared overnight.
The decentralized exchange Swaprum, which is based on Arbitrum, is accused of pulling the rug out from under its users by stealing $3 million in consumer deposits.
The Ethereum scaling solution, Arbitrum-powered decentralized exchange (DEX) Swaprum, suddenly seems to have erased all of its social media accounts. Its website is still operational and lets users swap digital money and tokens without creating an account.
The bad actors stole 1,628 Ether, worth approximately $2.95 million at the current exchange rate, from Swaprum’s liquidity pools, bridged it to Ethereum, and “laundered” nearly all of those funds through cryptocurrency mixer Tornado Cash, according to a tweet from the alerts-focused account of blockchain security company Peck Shield on May 19.
A rug-pull or exit scam happens when a project appears to be legitimate and attracts a certain amount of investment or user deposits before abruptly terminating everything, withdrawing the funds, and dissipating into thin air, provided they don’t sufficiently cover their tracks.
With the deletion of their social media profiles on Twitter, Telegram, and GitHub, Swaprum’s digital presence essentially disappeared overnight. The project’s official website, which functioned as the front end for the protocol, is still operational.
According to a more thorough examination by blockchain security company Beosin, the developer of the Swaprum smart contract inserted a backdoor feature to make it possible to steal user-staked liquidity pool tokens. The deployer drained the pool for their own gain using the add() function. The offenders were able to seize assets at will because of their malicious behavior.
The Ethereum Layer 2 ecosystem has recently seen the reemergence of another exit scam. In a related incident, developers of Merlin, a decentralized exchange on the zkSync network, vanished with about $2 million last month. The hacker(s) stole several cryptocurrency assets, including Ethereum, USD Coin, and other illiquid tokens.
In April, Ordinals banking, an Ethereum-based decentralized banking protocol that lets users lend and borrow inscriptions, engaged in an exit fraud, also referred to as a “rug pull.” According to a report from blockchain security firm CertiK, the protocol’s creator used a “safuToken” function to remove 256 million OFI tokens from its smart contracts.