Arbitrum’s Swaprum DEX Steals $3M, SAPR Token Crashes 100%

Crypto News: In the world of cryptocurrencies, built upon the foundations of trust and transparency provided by blockchain technology, the prevalence of crypto hacks and scams has cast a dark shadow over the industry. Recently, another alarming incident has shaken the faith of many users as Swaprum, a decentralized exchange operating on the Ethereum Layer 2 network Arbitrum, has seemingly orchestrated a treacherous exit scam.
Swaprum Disappears With $3M
PeckShield, an on-chain analysis company, made the discovery of the theft on the Arbitrum network on Friday. On its exchange, the Swaprum team elected to remove the liquidity that had been given against the platform’s native coin. Following that, the team sold the tokens against ETH, which resulted in a substantial drop in the price of Swaprum (SAPR) tokens. As a result, the remaining tokens that were held by investors who were unaware of the scam ended up being completely worthless.
This devious maneuver has left in its wake a staggering loss of approximately 1,628 ETH — equivalent to $3 million in user deposits — adding to the growing dismay surrounding the safety and reliability of crypto platforms. What the crypto space calls to be a “rug pull”, the Swaprum team later transferred the funds to Ethereum where they laundered it through Tornado Cash, a notorious ETH mixer service that masks the transaction trail in order to puzzle authorities from tracking the flow of funds.
Read More: Do Kwon’s $437K Bail In Question As Prosecutors Fight Back
Team Deletes Social Presence
The online footprint left by Swaprum was wiped off overnight as the team deleted their social media profiles across Twitter, Telegram, and GitHub. However, the project’s official website, which acted as the user interface for the underlying protocol, is still operational. In later investigations, security analysts working for Beosin discovered that the smart contract used by Swaprum contained a covert backdoor mechanism.
Swaprum on Arbitrum rugged for ~$3M.
The deployer of Swaprum used the add() backdoor function to steal LP tokens staked by users, then removed liquidity from the pool for profit.
One tx:https://t.co/qRXLhrAIqp pic.twitter.com/xf7vrciajN
— Beosin Alert (@BeosinAlert) May 19, 2023
The programmer behind Swaprum purposefully included the “add()” backdoor function in the code in order to steal LP (liquidity pool) tokens that were staked by users and subsequently remove liquidity from the pool in order to make a profit. And, although the now-defunct DEX advertises a positive vulnerability check from the auditing firm Certik, it remains unknown whether the certification is genuine or the blockchain firm overlooked the system’s inherent fatal flaw. As things stand, this malicious attempt marks one of the biggest exit scams to have recently been discovered on Ethereum’s Layer 2 network.
Also Read: Whales And Miners Offload Huge BTC Ahead Of Fed Chair Powell Speech
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.