Back to all stories
Blogs
Incident Analysis
Post Mortem: Fintoch
1/8/2024
Post Mortem: Fintoch

Project name: Fintoch

Project type: Token

Date of exploit: May 5th, 2023

Asset loss: ~$31.6M

Vulnerability: Rug Pull

Date of audit report publishing: Dec 15th, 2022

Conclusion: Out of audit scope

Details of the Exploit

Background

Fintoch is a SCAM token

Nature of the Vulnerability

It was a SCAM that cheated users into buying FTH tokens with BSC-USD (a stablecoin pegged at 1 USD). Finally, it dumped FTH tokens minted during deployment to drain ~31.6M BSC-USD in the pool.

CertiK Audit Overview

Screenshot 2024-01-11 at 8.59.24 PM

Conclusion

On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.

CertiK Audited the pool and lending product of the Fintoch. However, the exploit was due to the vulnerability in the token product (i.e., FTH token), which is a different product from what CertiK has audited. Therefore, it is out of the audit scope.