Protect Your Project Today
Strengthen your project with the largest web3 security provider.
A CertiK security expert will review your request and follow up shortly.

Post Mortem: Fintoch

Reports ·Incident Analysis ·
Post Mortem: Fintoch

Project name: Fintoch

Project type: Token

Date of exploit: May 5th, 2023

Asset loss: ~$31.6M

Vulnerability: Rug Pull

Date of audit report publishing: Dec 15th, 2022

Conclusion: Out of audit scope

Details of the Exploit

Background

Fintoch is a SCAM token

Nature of the Vulnerability

It was a SCAM that cheated users into buying FTH tokens with BSC-USD (a stablecoin pegged at 1 USD). Finally, it dumped FTH tokens minted during deployment to drain ~31.6M BSC-USD in the pool.

CertiK Audit Overview

Screenshot 2024-01-11 at 8.59.24 PM

Conclusion

On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.

CertiK Audited the pool and lending product of the Fintoch. However, the exploit was due to the vulnerability in the token product (i.e., FTH token), which is a different product from what CertiK has audited. Therefore, it is out of the audit scope.

Related Blogs

Post Mortem: Hector Network
Reports ·Incident Analysis

Post Mortem: Hector Network

In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.

Post Mortem: Sushiswap
Reports ·Incident Analysis

Post Mortem: Sushiswap

On April 9th, 2023, the RouteProcessor2 in Sushiswap was exploited due to missing validation on the input with processRoute function. The total loss is around $ 3.3 M.

Post Mortem: Safemoon
Reports ·Incident Analysis

Post Mortem: Safemoon

On Mar 28th, 2023, the Safemoon token contract was attacked, leading to a loss of $8.9M. The attacker took advantage of the public burn function and drained funds from the LP pool.