In May 2023, a DeFi platform, Fintoch, rug pulled its users for $31.6M.
Fintoch claimed to be backed by Morgan Stanley, had a fake CEO played by an actor, and offered outrageous 1% daily returns.
The case goes in DeFi history as the biggest exit scam of 2023.
On May 22, 2023, Fintoch β a fraudulent DeFi exchange operating on BSC β rug pulled their investors with a shocking $31.6 million scam. A reputable on-chain analyst, ZachXBT, was the first to draw widespread media attention to this scam.
Key Events in Fintoch Crypto Scam
Launched in March 2023, Fintoch posed as a legit DeFi platform with backing from the prominent Morgan Stanley. However, Morgan Stanley debunked these claims in a statement in May.
In early May, the Monetary Authority of Singapore (MAS) issued a cautionary investor warning regarding Fintoch. Around the same time, Fintoch made claims of launching its own blockchain.
Fast forward to May 22: stolen USDT finds its way to TRON and Ethereum network. On May 23, the platform abruptly halted withdrawals, citing a supposed chain migration.
However, the real bombshell dropped a day later. It was on May 24 that a collective outcry about the withdrawal issues on X raised the alarm among on-chain experts, ultimately leading to the exposure of the scam.
A bonus twist? Bob Lambert, the supposed CEO of Fintoch, turned out to be nothing more than a paid actor! His real name is Mike Provenzano, and he has played in several short films and series.
A total of $31.6 Million was stolen from deceived users.
Looking Through Deception: How Fintoch Deceived Everyone?
Fintoch lured investors with the promise of a 1% daily ROI and claimed affiliation with Morgan Stanley. Although investors were warned numerous times, people rode the bandwagon and invested millions.
The Fintoch rug pull scam used deceptive techniques, including:
False Identity: Claimed ties to Morgan Stanley, used actor Bobby Lambert as fake CEO.
Social Media Deception: Used platforms like X and Telegram, used bots and shills for fake reviews on Trustpilot and Medium.
Blockchain Tricks: Used smart contracts for fund collection and bridges for moving stolen assets across blockchains (e.g., Tron, Ethereum) to operate covertly.
What Sparked The Suspicion?
On May 24, Fintoch transferred 31.6 million USDT to multiple addresses on the Tron and Ethereum networks:
The DFintoch project deployed the FintochSTO contract. During deployment, 100,000 FTH tokens were minted and sent to the 0xfcE4.. address.
On May 22, 2023, a transfer of 34,341 FTH tokens was made from 0xfcE4.. to 0x19a0..
After that, the scammers swapped FTM tokens to BSC-USD and used Multichain and SWFT to bridge the stolen funds.
This move caused panic among investors as they reported being unable to withdraw their assets.
Following Fintochβs silence on the withdrawal issue, several users flocked to the comment section of the platformβs last tweet, published on May 23, demanding an explanation. Their pleas were met with cold automated bot responses.
So far, there has been no legal action or reimbursement plan, as the identities of the real founders remain anonymous.
Aftermath & Reactions
The aftermath of the Fintoch rug pull scam had a profound impact on both investors and the reputation of DeFi. First and foremost, investors who had put their money into FTC (the Fintoch native token) found themselves in a tough spot, holding onto assets that had essentially lost their value.
What made matters worse was that the Fintoch team remained anonymous, leaving these investors with no real options for recovery or legal action. But the ramifications extended beyond the immediate victims. The scam shed a bad light on the reputation of crypto, implanting seeds of skepticism, especially toward emerging DeFi projects.
This incident didnβt just impact the interest of disheartened investors. It also drew the attention of regulators, legislators, and the media. BSC, where FTC had been actively traded, also took a hit.
Post-Hack Security Measures & Lessons Learned
Fintoch was a Ponzi project that showed all the warning signs of an exit scam. Many of the projectβs claims β its CEO, affiliation with Morgan Stanley, and registration in Silicon Valley β were completely fabricated.
It promised guaranteed ROI and multiple organizations issued warnings about the scam. Despite this, the founders were able to net over $31M of user funds. This Fintoch rug pull was one of the largest exit scams in the DeFi in 2023. And it highlighted the risks and vulnerabilities of investing in unregulated and unverified projects.
In our view, the best approach is to check a projectβs rating by different auditing companies. It gives you a heads-up if there is something suspicious.
The blockchain industry has been grappling with scalability issues, which have hindered widespread adoption due to its technical constraints. As the demand for blockchain, decentralized applications (dApps), and transactions increases, the limitations of existing networks become increasingly apparent. High transaction fees and network congestion have plagued platforms like Ethereum, hampering their ability to support large-scale
The experimental semi-fungible token standard, ERC-404, combines elements from ERC-20 and ERC-721 tokens. Despite rising popularity, it has yet to secure an official Ethereum Improvement Proposal (EIP) designation. However, its unique attributes, such as enabling fractional ownership of NFTs and enhancing liquidity, coupled with the potential for automated NFT minting and burning processes, suggest a
Decentralized applications (dApps) are software that run on a decentralized network, often using blockchain technology. These applications can serve various purposes for end users, such as brokers, art collectors, traders, investors, and documents of public trust. However, their functionality and value attract malicious groups aiming to exploit vulnerabilities for financial gain. This article explores real-world examples of dApp security breaches, their attack vectors, and the lessons learned.