Marcel ‘s passion for the world of cryptocurrencies and his comprehensive knowledge of blockchain technology make him an invaluable asset to our team. He stays updated on the latest trends, regulations, and emerging technologies in the crypto space, ensuring that our audience receives accurate and up-to-date information.
Latest posts by Marcel Bich (see all)
- 2023: Crypto Industry Faces $500M Hack Loss - August 22, 2023
- Uncovering Ukraine’s Crypto Exchange Network - August 21, 2023
- Crypto’s $303M July Loss – CertiK Report - August 21, 2023
PeckShield, a blockchain security specialist, reported on Twitter that the project team of Swaprum regularly utilized the Tornado Cash cryptocurrency mixer for money laundering purposes.
Immediately after the incident, Swaprum deleted all its social media accounts. However, the project’s website, which enables users to exchange digital coins and tokens without registration, remains active.
CertiK Faces Criticism from Crypto Enthusiasts
In early May, CertiK published its audit of Swaprum, stating that the protocol carried no critical risks. However, this action sparked discontent among crypto-enthusiasts, leading community members to criticize the auditor and accuse them of a “conscious decision to approve another rug pull.”
A “rug pull” refers to a type of cryptocurrency fraud in which promoters of a new coin artificially inflate its price, only to disappear along with users’ funds. Investors are then left with a worthless token that lacks substance and a future.
CertiK swiftly responded to user complaints, explaining that an audit does not guarantee that the team implemented all recommended changes. According to the experts, malicious code replaced some of Swaprum’s code after the smart contract audit was conducted.
CertiK stated:
“Instead of tampering with the audited MasterChef contract, the developers replaced it with an untested malicious contract to execute a rug pull. The vulnerability is related to the ability to update the proxy, not the smart contract issue we tested.”
In a previous incident, approximately $1.82 million was drained from another CertiK-inspected DeFi protocol, Merlin, powered by ZkSync. The auditor attributed the attack to “unscrupulous developers.”