DeFi project Swaprum has disappeared with client funds totaling $3 million in what appears to be a rug pull, just weeks after it was audited by CertiK. Now people are pointing fingers at CertiK, saying it approved “another rug pull.”
Security firm PeckShield said on Twitter that the money was in the form of Ethereum and the “scammers” used popular coin mixing app Tornado Cash to launder the funds.
Swaprum, a decentralized exchange (DEX) which runs on Ethereum scaling solution Arbitrum, appears to now have deleted all its social media accounts. Its website, which allows users to swap digital coins and tokens without signing up, remains active.
Decentralized finance protocols—apps that want to automate what banks and brokerages do—get hit hard by hacks and rug pulls. This is because the sphere is new and experimental.
CertiK published its audit of the DEX earlier this month, saying that it had no critical risks but three major risks—including that the protocol was heavily centralized.
CertiK has since been criticized on Twitter as a result. “As a [sic] audit company, CertiK is free to choose who they do business with,” TradingStrategy.ai co-founder Mikko Ohtamaa wrote.
“CertiK made a deliberate business decision to approve another rug pull.”
A rug pull happens when a developer launches a project that seems legitimate but then disappears with investor funds.
CertiK did not immediately respond to Decrypt’s questions. But just last month, another DEX audited by CertiK, zkSync-based Merlin, was drained of around $1.82 million. CertiK blamed the Merlin attack on “rogue developers.”
In a post on Twitter, CertiK said that, “Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down,” and urged them to accept a 20% white hat bounty. Merlin itself accused “several members of the Back-End team” of draining its contracts in a Twitter post.
Stay on top of crypto news, get daily updates in your inbox.
Post Disclaimer
The information provided in our posts or blogs are for educational and informative purposes only. We do not guarantee the accuracy, completeness or suitability of the information. We do not provide financial or investment advice. Readers should always seek professional advice before making any financial or investment decisions based on the information provided in our content. We will not be held responsible for any losses, damages or consequences that may arise from relying on the information provided in our content.
This website uses cookies and asks your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).
