A DeFi project on Arbitrum has fraudulently taken customers’ funds and vanished.
According to an on-chain analysis conducted by blockchain security entity Peck Shield, an approximate amount of 1,628 ETH, equivalent to $3 million, has been withdrawn from the liquidity pools associated with the SAPR token.
The incident involves Swaprum, a new DeFi protocol on Arbitrum. Swaprum allegedly executed a deliberate rug pull by systematically withdrawing all liquidity from the pool and converting the token holdings into ETH. The action caused a significant drop in the SAPR price – the token lost 100% of its value.
More Issues in the Unregulated Space
To evade regulatory scrutiny and obfuscate their actions, Swaprum employed Tornado Cash, a prominent transaction mixer service on the Ethereum network, to launder the illicitly obtained funds. Unfortunately, investors holding the remaining SAPR tokens incurred substantial financial losses.
Swaprum’s social media accounts, including Twitter, Telegram, and GitHub, completely vanished overnight. The only trace left is the project’s official website, which remains accessible at the time of writing.
Malicious website checker Beosin Alert uncovered a “backdoor” within Swaprum’s smart contract.
According to their security analysts, the Swaprum development team exploited this vulnerability, surreptitiously pilfered liquidity provider (LP) tokens, and drained the liquidity from the pool. This malevolent act enabled the perpetrator to seize substantial amounts of holding.
The incident alternatively raised concerns about CertiK, Swaprum’s security audit. Just a few weeks ago, the project was audited by CertiK. Many criticized the security firm as the audit appeared to fail to identify the vulnerabilities within the smart contract.
In response to the criticism, CertiK emphasized that an audit does not ensure that a project would have adopted all the recommended changes.
Speaking with Decrypt, a spokesperson from CertiK said that auditors had no power over whether the projects would implement their recommendations, but they could “clearly and publicly call out vulnerabilities” if discovered.
“We did this with Swaprum, and the audit report is freely accessible on our website,” the spokesperson added.
This recent incident represents yet another instance of fraudulent activities targeting the layer-2 ecosystem. Last month, a similar case unfolded with Merlin, a decentralized exchange (DEX) operating on zkSync, where nearly $2 million vanished comparably. Merlin reportedly underwent an audit by CertiK.
The risk of funds being drained was alerted on May 18. A Twitter account indicated certain red flags associated with Swaprum’s operations. The concerns stem from various pieces of evidence that have come to light, indicating possible fraudulent activities.
Traders and investors are advised to exercise caution and stay informed about the risks.
The post highlights several key points to substantiate the claims against Swaprum, including suspected contract irregularities, unusual buyer activity, unusual revenue generation, and Tornado Cash transactions.
DeFi Exchanges Could Be Regulated
As the regulatory landscape for DeFi continues to take shape, authorities like the CFTC and SEC aim to strike a balance between fostering innovation and ensuring investor protection.
Commodity Futures Trading Commission (CFTC) Chair Rostin Behnam recently expressed his belief that decentralized exchanges (DEXs) and other components of decentralized finance (DeFi) can be subject to regulation in the United States, despite being labeled by “just code.”
During an interview on Bloomberg’s Odd Lots podcast, Behnam dismissed the notion that the decentralized nature of these platforms makes them immune to regulation.
He emphasized that existing US securities laws already encompass the majority of digital assets and that legal precedents play a crucial role in determining the regulatory framework.
Behnam stated, “It’s easy to suggest, ‘oh there’s no institution, there’s no individual, it’s just code, you can’t regulate that, it’s self-effectuating,’ but that really is the wrong set of questions,” He highlighted the significance of legal analysis based on established precedents.
Asserting the commitment to holding bad actors accountable, Behnam indicated that the CFTC or the Securities and Exchange Commission (SEC) would regulate the rapidly evolving DeFi space.