Decoding Swaprum Finance $3 Million Rug Pull | QuillAudits

--

Summary:

On May 18, 2023, the deployer of Swaprum Finance, a decentralized finance platform on the Arbitrum chain, executed an exit scam (Rug Pull) and took around $3 million in user funds. They immediately deleted both their website and all of their social media profiles following the scam.

About Project:

Swaprum is a DeFi exchange built on Arbitrum One Chain that offers high farming rewards, low swapping fees, and a sustainable SAPR token.

Exit Scam Steps:

  • On May 18th, the reward contract was upgraded to a malicious version by the deployer. They included theadd() function (backdoor), which transferred LP tokens from the contract to the deployer.
  • After the upgrade, the deployer used the modified add() function to steal LP tokens staked by users. The stolen LP tokens were then used to remove liquidity from various pools such as USDT/WETH, USDT/USDC, etc.
  • Additionally, the deployer called getToken() and minted 200,000,000 SAPR tokens into their wallet, draining the liquidity from the SAPR/WETH Pool.
  • The deployer proceeded to swap all tokens for 1620 ETH ($3 million) and bridged all the funds to Ethereum before transferring them to Tornado Cash.

After the Incident:

Immediately after the hack, they deleted their website and social media accounts, including Twitter, GitHub, Gitbook, and Medium.

The flow of funds:

The deployer transferred all funds to the Ethereum chain via Multichain, AcrossProtocol, and CelerNetwork, and finally deposited approximately 1620 ETH in Tornado Cash.

Bridged to Ethereum
Transferred to Tornado Cash

Price Impact:

Following the rug pull, the token’s value plummeted. See here.

Conclusion:

This occurrence highlights the risks that are associated with cryptocurrency investments, and it serves as a reminder that investors must exercise caution when dealing with digital assets.

Any project that promises sky-high returns should be carefully considered because DeFi scammers need liquidity to fund their scheme.

Web3 security- Need of the hour

Why QuillAudits For Web3 Security? QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions, saving millions in funds.

Want more Such Security Blogs & Reports?

Connect with QuillAudits on :

Linkedin | Twitter | Website | Newsletter | Discord | Telegram

Partner with QuillAudits :

--

--

QuillAudits - Web3 Security 🛡️

Smart Contract Auditing Experts , Making web3 a safer place . audits@quillhash.com