Skip to main content

In a turn of events that has shaken the crypto world, Swaprum, a blockchain project that boasted strong security, was hit by a rug pull. This breach led to a loss of roughly $3M and a significant plummet in their token value. This happened despite Swaprum undergoing a thorough security audit by CertiK, shedding light on the unpredictability and inherent risks in the crypto landscape.

The rug pull was orchestrated using a technique called a proxy pattern. This method enables administrators of smart contracts to alter these contracts post-deployment. In Swaprum’s scenario, a manipulated contract was introduced, embedded with features that enabled the siphoning off of funds.

On 18th May, at precisely 15:48:16, the previously audited smart contract was replaced with a malicious one. (The transaction details can be viewed here).

From 15:49:06 to 16:49:59 on the same day, several transactions were performed, accumulating tokens and exchanging them for Ethereum (ETH). By the end of this operation, the perpetrator had accrued a significant amount of ETH, equating to about $2.86M, and transferred these funds into an external wallet. The external wallet can be checked here, and the transaction details are available here.

The transactions timeline suggests this was a manual operation. Can we guard against such proxy attacks?

The most reliable measure is to steer clear of projects utilizing smart contract proxy patterns, as they pose substantial risks and can be exploited by malicious actors. It’s crucial to ensure that the projects you invest in do not carry such risks.

At Chainkraft, our mission is to secure the crypto space. We detected the smart contract alteration and promptly notified our enterprise customers. This early warning gave them time to move their funds away from the project, mitigating potential losses.

Let’s remain vigilant, stay informed, and work together to build a safer crypto environment.