Project name: Fintoch
Project type: Token
Date of exploit: May 5th, 2023
Asset loss: ~$31.6M
Vulnerability: Rug Pull
Date of audit report publishing: Dec 15th, 2022
Conclusion: Out of audit scope
Fintoch is a SCAM token
It was a SCAM that cheated users into buying FTH tokens with BSC-USD (a stablecoin pegged at 1 USD). Finally, it dumped FTH tokens minted during deployment to drain ~31.6M BSC-USD in the pool.
On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.
CertiK Audited the pool and lending product of the Fintoch. However, the exploit was due to the vulnerability in the token product (i.e., FTH token), which is a different product from what CertiK has audited. Therefore, it is out of the audit scope.