Immediately after the incident, Swaprum deleted all its social media accounts. However, the project’s website, which enables users to exchange digital coins and tokens without registration, remains active.
CertiK Faces Criticism from Crypto Enthusiasts
In early May, CertiK published its audit of Swaprum, stating that the protocol carried no critical risks. However, this action sparked discontent among crypto-enthusiasts, leading community members to criticize the auditor and accuse them of a “conscious decision to approve another rug pull.”
A “rug pull” refers to a type of cryptocurrency fraud in which promoters of a new coin artificially inflate its price, only to disappear along with users’ funds. Investors are then left with a worthless token that lacks substance and a future.
CertiK swiftly responded to user complaints, explaining that an audit does not guarantee that the team implemented all recommended changes. According to the experts, malicious code replaced some of Swaprum’s code after the smart contract audit was conducted.
“Instead of tampering with the audited MasterChef contract, the developers replaced it with an untested malicious contract to execute a rug pull. The vulnerability is related to the ability to update the proxy, not the smart contract issue we tested.”