On May 18, 2023, the deployer of Swaprum Finance, a decentralized finance platform on the Arbitrum chain, executed an exit scam (Rug Pull) and took around $3 million in user funds. They immediately deleted both their website and all of their social media profiles following the scam.
Swaprum is a DeFi exchange built on Arbitrum One Chain that offers high farming rewards, low swapping fees, and a sustainable SAPR token.
Vulnerability Analysis & Impact:
Deployer Address: 0xaaf8b44376f4ef3eD477eeEB3553b7623FEF5E1c
SAPR Token: 0x2ae25460c44d578e6f41ab900a7a5425b6492c16
Malicious Upgrade txn: 0x11a84164726c57dd7c3c0f610ed65cfa5f062009b3d51bcacc31e52c50908a9c
SAPR Minting txn: 0x821b2e98bb5ab19b6b35e5abaceca3d263a17b07039bc169823d7cf27460168e
Liquidity Removing txn: 0xcb64a40d652ff8bfac2e08aa6425ace9c19f0eeb4a6e32f0c425f9f9ea747edf
Tornado Cash transfer txn: 0xfffb4bbabeafc906800ec790c8c9cd9c6b6e11532f6a9e210dc091f29909bafd
Exit Scam Steps:
- On May 18th, the reward contract was upgraded to a malicious version by the deployer. They included the
add()function (backdoor), which transferred LP tokens from the contract to the deployer.
- After the upgrade, the deployer used the modified
add()function to steal LP tokens staked by users. The stolen LP tokens were then used to remove liquidity from various pools such as USDT/WETH, USDT/USDC, etc.
- Additionally, the deployer called
getToken()and minted 200,000,000 SAPR tokens into their wallet, draining the liquidity from the SAPR/WETH Pool.
- The deployer proceeded to swap all tokens for 1620 ETH ($3 million) and bridged all the funds to Ethereum before transferring them to Tornado Cash.
This occurrence highlights the risks that are associated with cryptocurrency investments, and it serves as a reminder that investors must exercise caution when dealing with digital assets.
Any project that promises sky-high returns should be carefully considered because DeFi scammers need liquidity to fund their scheme.
Web3 security- Need of the hour
Why QuillAudits For Web3 Security? QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions, saving millions in funds.
Want more Such Security Blogs & Reports?
Connect with QuillAudits on :