• Hacken
  • Blog
  • Discover
  • Fintoch Rug Pull Explained

Fintoch Rug Pull Explained

4 minutes

TL;DR

  • In May 2023, a DeFi platform, Fintoch, rug pulled its users for $31.6M.
  • Fintoch claimed to be backed by Morgan Stanley, had a fake CEO played by an actor, and offered outrageous 1% daily returns.
  • The case goes in DeFi history as the biggest exit scam of 2023.

On May 22, 2023, Fintoch – a fraudulent DeFi exchange operating on BSC – rug pulled their investors with a shocking $31.6 million scam. A reputable on-chain analyst, ZachXBT, was the first to draw widespread media attention to this scam.

Key Events in Fintoch Crypto Scam

  • Launched in March 2023, Fintoch posed as a legit DeFi platform with backing from the prominent Morgan Stanley. However, Morgan Stanley debunked these claims in a statement in May. 
  • In early May, the Monetary Authority of Singapore (MAS) issued a cautionary investor warning regarding Fintoch. Around the same time, Fintoch made claims of launching its own blockchain.
  • Fast forward to May 22: stolen USDT finds its way to TRON and Ethereum network. On May 23, the platform abruptly halted withdrawals, citing a supposed chain migration.
  • However, the real bombshell dropped a day later. It was on May 24 that a collective outcry about the withdrawal issues on X raised the alarm among on-chain experts, ultimately leading to the exposure of the scam.
  • A bonus twist? Bob Lambert, the supposed CEO of Fintoch, turned out to be nothing more than a paid actor! His real name is Mike Provenzano, and he has played in several short films and series. 

A total of $31.6 Million was stolen from deceived users.

Bob Lambert - a paid actor was posing as the CEO of Fintoch.

Looking Through Deception: How Fintoch Deceived Everyone?

Fintoch lured investors with the promise of a 1% daily ROI and claimed affiliation with Morgan Stanley. Although investors were warned numerous times, people rode the bandwagon and invested millions.

The Fintoch rug pull scam used deceptive techniques, including:

  • False Identity: Claimed ties to Morgan Stanley, used actor Bobby Lambert as fake CEO.
  • Unrealistic Returns: Promised unsustainable 1% daily returns indicate a Ponzi scheme.
  • Social Media Deception: Used platforms like X and Telegram, used bots and shills for fake reviews on Trustpilot and Medium.
  • Blockchain Tricks: Used smart contracts for fund collection and bridges for moving stolen assets across blockchains (e.g., Tron, Ethereum) to operate covertly.

What Sparked The Suspicion?

On May 24, Fintoch transferred 31.6 million USDT to multiple addresses on the Tron and Ethereum networks:

  1. The DFintoch project deployed the FintochSTO contract. During deployment, 100,000 FTH tokens were minted and sent to the 0xfcE4.. address.
  2. On May 22, 2023, a transfer of 34,341 FTH tokens was made from 0xfcE4.. to 0x19a0..
  3. After that, the scammers swapped FTM tokens to BSC-USD and used Multichain and SWFT to bridge the stolen funds.

This move caused panic among investors as they reported being unable to withdraw their assets.

Following Fintoch’s silence on the withdrawal issue, several users flocked to the comment section of the platform’s last tweet, published on May 23, demanding an explanation. Their pleas were met with cold automated bot responses.

After a few days of inactivity, on May 26, the stolen USDT started moving on Tron to different deposit addresses on exchanges like Binance and Huione Pay.

So far, there has been no legal action or reimbursement plan, as the identities of the real founders remain anonymous. 

An illustrative representation depicting the flow of stolen funds.

Aftermath & Reactions

The aftermath of the Fintoch rug pull scam had a profound impact on both investors and the reputation of DeFi.  First and foremost, investors who had put their money into FTC (the Fintoch native token) found themselves in a tough spot, holding onto assets that had essentially lost their value. 

What made matters worse was that the Fintoch team remained anonymous, leaving these investors with no real options for recovery or legal action. But the ramifications extended beyond the immediate victims. The scam shed a bad light on the reputation of crypto, implanting seeds of skepticism, especially toward emerging DeFi projects.

This incident didn’t just impact the interest of disheartened investors. It also drew the attention of regulators, legislators, and the media. BSC, where FTC had been actively traded, also took a hit.

Post-Hack Security Measures & Lessons Learned

Fintoch was a Ponzi project that showed all the warning signs of an exit scam. Many of the project’s claims — its CEO, affiliation with Morgan Stanley, and registration in Silicon Valley — were completely fabricated.

It promised guaranteed ROI and multiple organizations issued warnings about the scam. Despite this, the founders were able to net over $31M of user funds. This Fintoch rug pull was one of the largest exit scams in the DeFi in 2023. And it highlighted the risks and vulnerabilities of investing in unregulated and unverified projects.

In our view, the best approach is to check a project’s rating by different auditing companies. It gives you a heads-up if there is something suspicious.

Subscribe
to our newsletter

Be the first to receive our latest company updates, Web3 security insights, and exclusive content curated for the blockchain enthusiasts.

Speaker Img

Table of contents

  • →TL;DR
  • →Key Events in Fintoch Crypto Scam
  • →What Sparked The Suspicion?
  • →Post-Hack Security Measures & Lessons Learned

Tell us about your project

Follow Us

Read next:

More related

Trusted Web3 Security Partner