DeFi project Swaprum has disappeared with client funds worth $3 million in what appears to be a rug pull, just weeks after it was audited by CertiK. Now people are pointing fingers at CertiK, saying it approved “another carpet-pulling.”
Security company PeckShield said on Twitter that the money was in the form of Ethereum and the “scammers” used popularly coin mixing app Tornado Cash to launder funds.
Swaprum, one decentralized exchange (DEX) which runs on the Ethereum scaling solution decision, appears to have deleted all of its social media accounts. Its website, which allows users to exchange digital coins and tokens without signing up, remains active.
Decentralized finance protocol—apps that want to automate what banks and brokerages do—will be hit hard by hacks and rug pulls. This is because the sphere is new and experimental.
CertiK published its audit of the DEX earlier this month, saying it had no critical risks but three major risks—including a highly centralized protocol.
CertiK has since been criticized on Twitter as a result. “Like a [sic] audit firm, CertiK can freely choose with whom they do business,” wrote TradingStrategy.ai co-founder Mikko Ohtamaa.
“CertiK made a deliberate business decision to approve another rug pull.”
🚨 Swaprum (@Swaprum) of Arbitrum which its founders saw off for ~$3M
Here’s what happened:
— Hacken🇺🇦 (@hackenclub) May 19, 2023
A rug pull occurs when a developer launches a project that seems legitimate but then disappears with the investor’s funds.
CertiK did not immediately respond Decryptquestions. But last month, another DEX audited by CertiK, zkSyncbased in Merlin, drained about $1.82 million. CertiK blamed the Merlin attack on “rogue developers.”
In a post on TwitterCertiK said that, “Initial investigations indicate that the rogue developers are based in Europe, and we are working with law enforcement to track them down,” and urged them to receive a 20% white hat bounty. Merlin itself has accused “several members of the Back-End team” of draining its contracts in a post on Twitter.