ArbiSwap, a decentralized exchange (DEX) that runs on the Arbitrum network, has been rugged by its developer. The exploit was caused by the swapping of the contract, which included a recoverToken function that allowed the developer to recover user funds to their wallet. The rug pull was targeted at pool2, which contained all the stolen funds, while nonnative liquidity providers should be safe.
Victims of the exploit can use the router address, to remove their liquidity. Interestingly, the rug puller made 85 ETH by mint dumping on the ARBI/USDC LP pool and forgetting the ARBI/WETH pool. This action allowed an arbitrage bot to earn $112,000 for pool2 farmers.
Despite the hack, the funds of those who deposited in the initial contract ending with 392B4 are safe. Users can interact with the contract directly to withdraw their funds and revoke permissions to ensure that their assets remain secure.
Rug pulls, also known as exit scams, are common in the decentralized finance (DeFi) space. These attacks involve malicious actors creating contracts or DEXes, and then draining user funds through various methods, including a "recover" function.
🚨🚨@Arbi_Swap is RUGGING its users!
— Rugdoc.io (@RugDocIO) March 2, 2023
Emergency withdraw https://t.co/FiD7vk929P
and revoke approvals ASAP! https://t.co/JLb7XQ5oay
MC: https://t.co/aTGWsxsbo9
Router: https://t.co/cinqNdRzJr
Rug: https://t.co/Jz2iiZGP94 pic.twitter.com/x6gvyMPXaf
The exploit has affected Arbitrum's reputation and may lead to users losing trust in the whole chain. However, this is not the first time a DEX has been hacked, and the DeFi space is still in its early stages, making it susceptible to such attacks.
The rug pull of ArbiSwap highlights the need for users to exercise caution when using DEXes and other DeFi platforms. It is essential to research and verify the legitimacy of any platform before depositing funds, especially on such popular chains as Arbitrum.
Alex Dovbnya
Valeria Blokhina
