Swaprum, a decentralized exchange running on the Ethereum Layer 2 network Arbitrum, has allegedly carried out an “exit scam,” also known as a “rug pull,” causing the loss of approximately $3 million in user deposits.
Blockchain security firm PeckShield conducted an on-chain analysis and discovered that around 1,628 ETH, equivalent to $3 million, was drained from Swaprum’s liquidity pools.
#PeckShieldAler #rugpull @Swaprum on #Arbitrum rugged ~$3M, $SAPR has dropped -100%. @Swaprum already deleted its social accounts/groups.
The scammers have bridged ~1,628 $ETH to #Ethereum and laundered 1,620 $ETH to Tornado Cashhttps://t.co/tUNgbwGQCd pic.twitter.com/UH8V9RyFHy— PeckShieldAlert (@PeckShieldAlert) May 19, 2023
The suspicious activity occurred when the Swaprum team withdrew the liquidity that users had provided against the platform’s native token on its exchange. Subsequently, they sold the tokens for ETH, causing a drastic drop in the price of Swaprum (SAPR) tokens. This sharp decline rendered the remaining tokens held by unsuspecting investors nearly worthless.
PeckShield’s investigation revealed that the scammers bridged approximately 1,628 ETH from Arbitrum to Ethereum and then laundered 1,620 ETH through the popular Ethereum mixer service called Tornado Cash. The purpose of using Tornado Cash was likely to obscure the transaction trail and make it difficult for authorities to trace the funds.
In a swift move, Swaprum deleted its social media accounts on platforms like Twitter, Telegram, and GitHub, erasing its digital presence almost overnight. However, the official website, which served as the project’s protocol front-end, is still active. Despite attempts to contact the project for comment, The Block was unable to reach Swaprum.
Security analysts from Beosin discovered a hidden backdoor functionality in Swaprum’s smart contract. According to Beosin, the deployer of Swaprum exploited this “add()” backdoor function to steal LP tokens staked by users and then removed liquidity from the pool for their own profit. This malicious action provided the scammers with control over assets at their discretion.
Unfortunately, this incident is the latest in a series of exit scams that have surfaced within the Ethereum Layer 2 ecosystem. Just last month, developers of the decentralized exchange Merlin on the zkSync network disappeared, taking nearly $2 million in a similar manner.
Exit scams and rug pulls continue to pose risks within the decentralized finance (DeFi) space, reminding investors of the importance of conducting thorough due diligence before investing in any project. As the DeFi ecosystem evolves, it becomes crucial for users to exercise caution and rely on reputable platforms with transparent operations to safeguard their funds.
Read more:
- Vietnam Court Opens Trial On Bitcoin Robbery Worth Over $1.6 Million
- Inside The Pi Mining Farm Worth Over $250,000 In Vietnam
- Vietnamese Crypto Trader Loses Over $6000 And Steals ATM Machine From Bank