The project had been audited by blockchain security firm CertiK, and displayed the "audited by CertiK" badge on their website. This added to criticisms of CertiK, who have come under fire for auditing multiple projects that later turned out to be scams. CertiK defended themselves, writing that, "As an auditor, we cannot force projects to implement our recommendations, but we can clearly and publicly call out vulnerabilities where we find them". They argued that they had identified vulnerabilities within their audit that ultimately allowed for the exploit, including the high degree of centralization and the upgradability of the smart contracts.
Decentralized exchange Swaprum, a project on the Arbitrum layer-2 network, suddenly disappeared with around 1,628 ETH (~$2.96 million) in an apparent rug pull. The thieves then mixed the money through Tornado Cash.