Swaprum exchange team disappears with $3 million in client funds

According to PeckShield, the project’s team laundered 1620 ETH through Tornado Cash

19.05.2023 - 12:25

348

3 min

What’s new? The developers of Swaprum, a decentralized exchange (DEX) based on the Arbitrum Layer 2 (L2) blockchain, have performed an exit scam, absconding with about $3 million in user deposits. According to cybersecurity company PeckShield, the project’s team withdrew ~1628 ETH, of which it laundered 1620 through the Tornado Cash crypto mixer, which is under US sanctions. Swaprum’s Twitter, Telegram, and GitHub accounts have been deleted. In this, the official website, which acts as the interface of the project’s protocol, remains active.

#PeckShieldAler #rugpull @Swaprum on #Arbitrum rugged ~$3M, $SAPR has dropped -100%. @Swaprum already deleted its social accounts/groups. The scammers have bridged ~1,628 $ETH to #Ethereum and laundered 1,620 $ETH to Tornado Cashhttps://t.co/tUNgbwGQCd pic.twitter.com/UH8V9RyFHy — PeckShieldAlert (@PeckShieldAlert) May 19, 2023

More details about the situation. The Swaprum team withdrew the liquidity provided for the exchange’s native token, SAPR. It then sold the assets for ETH, causing the rest of the tokens that investors owned to nearly depreciate. The funds were then transferred from the Arbitrum network to Ethereum and laundered through Tornado Cash.

Experts at analytics service Beosin Alert discovered that the Swaprum smart contract contains a hidden backdoor feature that allows developers to gain unauthorized access to the platform’s data. This is how the project’s team managed to withdraw user assets from the liquidity pool.

Swaprum on Arbitrum rugged for ~$3M.The deployer of Swaprum used the add() backdoor function to steal LP tokens staked by users, then removed liquidity from the pool for profit.One tx:https://t.co/qRXLhrAIqp pic.twitter.com/xf7vrciajN — Beosin Alert (@BeosinAlert) May 19, 2023

Previously, the DEX Merlin team revealed staff involvement in a hack that caused more than $1,82 million in damages.

In May, developers at game studio Gala Games burned nearly 21 billion GALA utility tokens from their own reserves. One of the reasons for removing the coins from circulation was to neutralize a possible exit-scam scenario.

Author: