Back to all stories
Post Mortem: Fintoch
1/8/2024
Project name: Fintoch
Project type: Token
Date of exploit: May 5th, 2023
Asset loss: ~$31.6M
Vulnerability: Rug Pull
Date of audit report publishing: Dec 15th, 2022
Conclusion: Out of audit scope
Details of the Exploit
Background
Fintoch is a SCAM token
Nature of the Vulnerability
It was a SCAM that cheated users into buying FTH tokens with BSC-USD (a stablecoin pegged at 1 USD). Finally, it dumped FTH tokens minted during deployment to drain ~31.6M BSC-USD in the pool.
CertiK Audit Overview
Conclusion
On May 5th, 2023, the Fintoch was rugpulled, leading to a loss of ~$31.6M.
CertiK Audited the pool and lending product of the Fintoch. However, the exploit was due to the vulnerability in the token product (i.e., FTH token), which is a different product from what CertiK has audited. Therefore, it is out of the audit scope.
Related Stories
In light of the $2.7 million withdrawal incident from Hector Network's contract, we have gathered all the relevant information and are committed to maintaining transparency with the public.
1/17/2024
On April 9th, 2023, the RouteProcessor2 in Sushiswap was exploited due to missing validation on the input with processRoute function. The total loss is around $ 3.3 M.
1/8/2024
On Mar 28th, 2023, the Safemoon token contract was attacked, leading to a loss of $8.9M. The attacker took advantage of the public burn function and drained funds from the LP pool.
1/8/2024
