Back to all stories
Blogs
Incident Analysis
FinSoul: The Fintoch Fraud Continues
10/22/2023

On October 10, 2023, FinSoul token (FSL) witnessed a sharp decline of approximately 99% in its value. This was primarily attributed to an externally owned address, 0x7249, offloading 97 million out of 100 million FSL tokens, a supply they had acquired directly from the token deployer. A thorough investigation by CertiK revealed that the token is associated with a project called Standard Cross Finance. The project is a rebranded version of Fintoch, which had previously been flagged for fraudulent activities. This exit scam is the largest we have seen in October so far. It also stands as one of the most significant frauds CertiK has identified in which paid actors have been employed to deceive investors.

FinSoul: The Fintoch Fraud Continues

The FSL Exit Scam & Links to Standard Cross Finance (SCF)

On October 10th, we detected the largest exit scam so far this month, which was related to the FSL token. The token had been freshly minted on October 9, with trading commencing early the next morning. By midday, 97 million tokens found their way to the 0x7249 address, which subsequently offloaded these tokens, amassing approximately 1.6 million USDT.

696801a6-dd74-4de4-9927-0176d90c0ac4

69da8a2d-1c46-4780-aa36-6db824b10475

This selling resulted in a 99% price drop. Subsequently, the USDT was converted to BNB and routed through Tornado Cash.

865809db-c142-443b-89a9-b721722cb45a

18b0fcd8-9bb4-4d37-bd8f-b3426f33d7b6

CertiK has verified that the FSL token is associated with the project Standard Cross Finance (SCF). This project is a rebranded version of Fintoch, identified as an exit scam earlier in May this year. The SCF Telegram group has extensively promoted the FSL contract, as evident from numerous posts detailed below:

b8e152a5-576d-43c3-90ca-e66e3c6f62b4

The FSL token was advertised as part of the FinSoul product.

477f980a-4684-402c-a26b-85814dbdb386

c36bc73f-f3fa-464d-babd-392aabfbc80d

Even with clear on-chain indicators pointing to an exit scam, the SCF project communicated via Telegram that the FSL contract had a vulnerability and needed to be replaced with a new token. Since the FSL contract remains unverified, its authenticity cannot be confirmed. The dramatic price drop of FSL can be attributed directly to a deployer-linked wallet offloading its tokens. The immediate transfer of funds to Tornado Cash further signals malicious intentions, backed up by the project's history. CertiK firmly believes this incident to be an exit scam.

A new FSL contract has been deployed (0xcA7023FF89Cd3DD05DeDfeB6720611Fdf26dFF08) which at the time of writing contains approximately $800,000 in its liquidity pool. Individuals should proceed with caution when interacting with this token.

Fintoch & Standard Cross Finance

CertiK has confirmed that the Standard Cross Finance (SCF) project is a rebrand of Fintoch, which is a confirmed scam. Our assessment indicates that this rebranding occurred in August 2023, coinciding with an announcement made by an individual claiming to be the project's Chief Operations Officer on SCF's YouTube channel. The SCF website lists several principal members associated with the project, whom we've ascertained to be actors. Detailed insights into their actual identities will be provided in the Fintoch Deep Dive section of this report.

6ccf91f1-3e1f-43c2-9e9d-0969c6b51bc7

On May 25, 2023, ZachXBT first exposed Fintoch as a scam. The theft of user funds was initiated when the externally owned account (EOA) 0xeC1, labeled as Fake_Phishing1643, executed the swapForUSDT call on the contract 0x19a00e359990Ec7dAf6e9dD9A2Fb7664014bB5f7. This action resulted in a transfer of 31.6 million USDT from the contract directly to EOA 0xeC1.

cbe5460b-c5b2-4096-8f99-54a66a29dfb1

The majority of the stolen funds from the Fintoch exit scam were transferred to the Tron network using SWFT Swap, and to the Ethereum network via the Multichain bridge. Once on the Tron network, these funds were dispersed across various wallets. Meanwhile, the funds that moved to Ethereum were primarily deposited into Tornado Cash and HitBTC.

CertiK did not audit the affected contract and has labelled the project as an exit scam on Skynet.

4b3c50bd-7f4e-4de1-8be7-4e354947c680

Fintoch & Standard Cross Finance Deep Dive

Both the Fintoch and Standard Cross Finance websites showcased an identical core team, which our investigations have revealed to be actors. CertiK has successfully verified the true identities of the individuals posing as the CEO, COO, and CFO of the project. Additionally, we came upon a promotional poster featuring the image of the alleged CTO, linked to a mobile entertainment company. We've chosen to withhold their names in this report for privacy reasons. As for the two female members of the team, we couldn't definitively ascertain their identities. However, based on our findings, there's a strong likelihood that they are also actors.

5403fb39-3b60-4ff0-873b-a009e467154b

We have not seen the individuals claiming to be the CFO, CTO, Marketing Director and Financial Report in marketing material. Consequently, the depth of their involvement in this scam remains uncertain. The CEO and COO, however, are prominently featured in promotional materials from both Fintoch and Standard Cross Finance. While it's doubtful they played a role in the technical aspects, like contract deployment or on-chain activities, it's clear they actively promoted the scam using false identities.

To illustrate, a video from Standard Cross Finance showcases an individual, presenting himself as William Thompson, addressing an audience at an event in Vietnam. Our research indicates that this individual has made multiple appearances at various events, consistently endorsing both Fintoch and Standard Cross Finance.

e0302e7d-141d-4ad5-b807-27090740d4f4

In the FTC Public Chain Launch Q2 Report video on the SCF YouTube channel, we observe the individuals portraying the roles of the CEO and COO endorsing the Fintoch scam from a leased workspace.

bffc643a-80fe-418d-baa0-9dc43852b496

We've pinpointed the office's location to East Hamilton Avenue, Campbell, CA, USA. Due to the empty car park during day light, it is highly likely the video was shot on a weekend or on a public holiday when legitimate companies using the space were not present. We then see the individual enter the building and step into an office space.

d86a97f2-a016-4be0-be64-3bc8c1abf5b5

At a separate event in Vietnam, more members associated with the Standard Cross Finance project were spotted on stage. One particular individual from this group has been linked to another alleged scam from Vietnam named Fish Koi. Local news sources have reported multiple accusations of fraudulent activities associated with this scheme. Detailed accounts of these allegations can be found here.

e87d889a-a921-44a4-8b9a-897527011703

Scammers Utilizing Paid Actors

We published an investigative report – Unveiling the KYC Actor Industry – which details how scammers are increasingly hiring actors to complete KYC procedures on their behalf. The trend has now enlarged to include scammers enlisting actors to impersonate pivotal roles in their fabricated ventures, as in the case of Finctoch/SCF. Another case in point is the Harvest Keeper scam, where an actor sourced from Fiverr was cast as the project's founder. This scam resulted in financial damages nearing $1 million.

7a8394f4-2d11-403a-9ef5-b906639dd840

A counterfeit Uniswap project orchestrated a conference in Shenzen, China, leveraging actors to champion a deceptive token. The scams involving Fintoch and Standard Cross Finance rank as the most extensive instances of paid actor utilization identified by CertiK this year. The industry will, in all likelihood, continue to witness such tactics, with scammers employing actors to hide the real project owners and retain anonymity.

Furthermore, generative AI poses a novel opportunity for scammers to create "people" who never even exist, but can serve as representatives of a project.

Conclusion

In this report, we've demonstrated the expertise of our investigative team in identifying scams that use actors and in tracing the genuine perpetrators behind these schemes. Our experts, who come from a range of law enforcement and intelligence backgrounds, leverage their experiences and specialized skill sets to delve deep into complex scams, ensuring that fraudsters are exposed and communities are better informed about potential risks.

These experts also carry out our thorough KYC (Know Your Customer) verification process for project teams. Undertaking such verification not only acts as a protective shield against potential scams but also lays a strong foundation of trust between project owners and their communities. With tiered verification levels—Gold, Silver, and Bronze—project teams have a structured pathway to demonstrate their commitment to transparency and integrity, making it simpler for communities to gauge and place confidence in a project's legitimacy. Users can check out the KYC Leaderboard to see which projects have successfully passed this rigorous verification process.