Back to all stories
Incident Analysis
Flare Incident Analysis
Flare Incident Analysis


On 13 November, 2022 at 03:31:28 PM +UTC the CertiK Skynet system alerted a suspicious price slippage on the Flare token of over 63%. Following our investigation, CertiK determined that the Flare token project had conducted an exit scam by taking advantage of the initial token distribution. Flare Token was created on 2 October at 07:06:49 AM +UTC, 42 days before the exploit. At the time of the exploit, Flare token had approximately 15,246 holders.

It is unclear what the token was designed to do as there are no social media accounts or coverage of the project discovered thus far. The exploiter received 3,973,277,600.69 Flare tokens from Flare token deployer and associated addresses. The exploiter stole approximately $18.5 million in holders funds.

Attack Flow

  1. The Flare deployer minted 10,000,000,000 Flare token when deploying the Flare token smart contract: Blog Image 1

  2. The Flare deployer then transfers 6,999,800,000 Flare tokens to an unverified smart contract 0xeae: blog image 2

  3. Deployer of unverified smart contract transfers 6,999,023,050.53 Flare tokens to 0xf99: blog image 3

  4. 0xf99 transfers 3,973,277,600.69 Flare tokens to 0xa0a: blog image 4

  5. 0xa0a swaps 1,000,000,000 Flare tokens to 16,942,732.78 BUSD, and then swaps 1,973,277,600.69 Flare tokens to Future tokens.

  6. 0xa0a finally swaps 1,307,251.13 future tokens to 1,568,981.16 BUSD:blog image 5


Flare token contract: 0x85a

Flare token contract deployer: 0x0d4

Unverified smart contract used in the exploit: 0xeae

Deployer of unverified smart contract: 0x2d1

Exploiter: 0xa0a

Exploit Transactions

In this transaction, 0xa0a swaps Flare tokens to BUSD:

0xa0a then swap Flare tokens to Future token:

Finally, 0xa0a swaps Future tokens to BUSD:

Example of exploiter transferring funds to be sent to tornado cash:

  1. 0xa0a transfers stolen funds to 0xe55: blog image 6
  2. Stolen funds are then washed by 0xe55 to blog image 7

Profits and Asset Tracing

At the time of writing, around 1,000,000,000 Flare tokens were swapped for 16,942,732.78 BUSD and another 1,973,277,600.69 Flare tokens were swapped to Future tokens. Future tokens were then swapped to 1,568,981.16 BUSD. The total stolen funds of this exploit is around $18.5 million. As 28 November, 0xe55 only holds a remaining 0.06 BNB.


It is almost certain that the Flare token was designed to be an exit scam from the beginning. The issue lies within intentional poor contract design and the initial token distribution created by the contract deployers.

Protect yourself and your assets by following @CertiKAlert on Twitter to stay up to date on all the latest Web3 security news, and visiting as part of your due diligence.

Do your own research and beware of scam tokens!