A lot of DeFi scams claim that an auditing company has audited their code. There's also scam auditing companies too that work with these DeFi scams to add to the false legitimacy.
Although smart contract audits are pretty much security theatre where the auditor charges $10k-$30k to run your code through a program, rug pulls are way more common just through simple methods.
A few common ways:
1. Use your admin privilege to withdraw or upgrade the smart contract to drain the funds
2. Withdraw all liquidity for your token and disappear
3. Sell the entire token supply all at once, which is functionally equivalent to (2)
4. Pretend to get "hacked" and lose your private key
5. Program a backdoor into the smart contract (the least common way). Some of these are economic in nature (e.g. frontrunning), which can't necessarily be found in an audit
A few common ways:
1. Use your admin privilege to withdraw or upgrade the smart contract to drain the funds
2. Withdraw all liquidity for your token and disappear
3. Sell the entire token supply all at once, which is functionally equivalent to (2)
4. Pretend to get "hacked" and lose your private key
5. Program a backdoor into the smart contract (the least common way). Some of these are economic in nature (e.g. frontrunning), which can't necessarily be found in an audit