• Tue. Aug 22nd, 2023

Swaprum’s DeFi-Protocol Developers Defraud Users of $3 Million

Aug 2, 2023
Swaprum's DeFi devs defraud users of $3M
Marcel Bich

PeckShield, a blockchain security specialist, reported on Twitter that the project team of Swaprum regularly utilized the Tornado Cash cryptocurrency mixer for money laundering purposes.

Immediately after the incident, Swaprum deleted all its social media accounts. However, the project’s website, which enables users to exchange digital coins and tokens without registration, remains active.

CertiK Faces Criticism from Crypto Enthusiasts

In early May, CertiK published its audit of Swaprum, stating that the protocol carried no critical risks. However, this action sparked discontent among crypto-enthusiasts, leading community members to criticize the auditor and accuse them of a “conscious decision to approve another rug pull.”

A “rug pull” refers to a type of cryptocurrency fraud in which promoters of a new coin artificially inflate its price, only to disappear along with users’ funds. Investors are then left with a worthless token that lacks substance and a future.

CertiK swiftly responded to user complaints, explaining that an audit does not guarantee that the team implemented all recommended changes. According to the experts, malicious code replaced some of Swaprum’s code after the smart contract audit was conducted.

CertiK stated:

“Instead of tampering with the audited MasterChef contract, the developers replaced it with an untested malicious contract to execute a rug pull. The vulnerability is related to the ability to update the proxy, not the smart contract issue we tested.”

In a previous incident, approximately $1.82 million was drained from another CertiK-inspected DeFi protocol, Merlin, powered by ZkSync. The auditor attributed the attack to “unscrupulous developers.”