Swaprum DEX Drained in $3M Crypto Rugpull: Users Reeling

• Swaprum DEX, a decentralized exchange on the Ethereum layer-2 network Arbitrum, was drained of 1,628 ETH (approximately $3 million) in an apparent rugpull.
• Blockchain security firms discovered that the team removed liquidity from SAPR, the platform’s native token, and moved funds to Tornado Cash via Ethereum.
• Further analysis by blockchain security platforms revealed that a deployer added backdoor functions to the smart contract to enable theft of liquidity pool tokens staked by users.

Swaprum DEX Drained in $3M Crypto Rugpull

A decentralized exchange (DEX) called Swaprum was drained of approximately 1,628 ether (ETH), worth roughly $3 million, in an apparent rugpull or exit scam. The protocol is built on the Ethereum layer-2 network Arbitrum and offers high farming rewards as well as potential earnings of up to 100% annual percentage yield (APY).

Backdoor Functions Added to Smart Contract

Blockchain security firms Peckshield and Beosin flagged the incident on Friday and released further information regarding how the exit scam was executed. It was found that a deployer added backdoor functions to the Swaprum smart contract which enabled them to drain tokens from the liquidity pools. This was done using a function called add() which allowed for LP tokens to be transferred out of the contract for personal gain.

Liquidity Removed From SAPR Token

The team first removed all liquidity from SAPR, the platform’s native token, before selling it for ETH which they then moved over to Tornado Cash. The exact timeline of when this happened has yet to be determined but it did occur in late Thursday hours according to onchain data.

Security Flagged by Blockchain Firms

Peckshield were amongst one of many blockchain security firms who flagged this incident as suspicious activity with further analysis being conducted by Beosin revealing what actually occurred with regards to backdoor functions being added into smart contracts etcetera.

Investigation Into Incident Ongoing

It is currently unknown who is responsible for such malicious activity however investigations are underway and more details may emerge over time.