DeFi tool FinNexus (FNX) plunges by 90% after hack—some allege an inside job
The control over decentralized finance platform FinNexus's smart contract was suddenly transferred to a third-party wallet, causing users to suspect a rug pull.
Decentralized finance (DeFi) project FinNexus (FNX), which touts itself as the “most versatile DeFi options platform,” claimed that it was hacked yesterday, leading to a massive dump of its tokens by the attacker. But some users suspect foul play.
“FinNexus (FNX) contract deployer changed the token owner to some address on Ethereum and BSC [Binance Smart Chain]. This address minted: 323 million FNX ($6M) on Ethereum, 60 million FNX ($1.6M) on BSC and started dumping tokens,” tweeted The Block’s research analyst Igor Igamberdiev yesterday, adding, “Rug pull or StOlEn PrIvAtE kEy?”
FinNexus (FNX) contract deployer changed the token owner to some address on Ethereum and BSC.
This address minted:
– 323M FNX ($6M) on Ethereum
– 60M FNX ($1.6M) on BSC
and started dumping tokens.Rug pull or StOlEn PrIvAtE kEy? pic.twitter.com/yuYe9yM0WM
— Igor Igamberdiev (@FrankResearcher) May 17, 2021
Basically, the control over FinNexus’s smart contract was suddenly transferred to an unknown third-party wallet, allowing it to create a ton of new tokens and immediately exchange them for Etehreum and Wrapped Bitcoin.
As a result, the price of FNX has collapsed, plummeting by up to 92% since yesterday. According to crypto metrics platform CoinMarketCap, The token has dropped from its 24-hour high of $0.356 to as low as $0.0272 at some point. At press time, FNX is trading at around $0.0637, still down 82% on the day.
FinNexus later confirmed the incident, claiming that its ERC-20 smart contract fell victim to a hack.
“We regret to inform our traders and investors that the FinNexus erc20 contract appears to have been hacked. For safety reasons please withdraw your funds from the pools. The team is working on this issue and we will provide updates as they become available,” the developers stated.
We regret to inform our traders and investors that the FinNexus erc20 contract appears to have been hacked.
For safety reasons please withdraw your funds from the pools.
The team is working on this issue and we will provide updates as they become available.
— FinNexus (@fin_nexus) May 17, 2021
An “honest” hack or a rug pull?
However, some users argued that this may very well have been a good old “rug pull” conducted by FinNexus—a malicious practice where crypto developers abandon their projects and run away with users’ funds.
“Not a hack, ownership was transferred from the original contract creator to a new wallet that minted over 300m fnx, rug pulled liquidity on uni and sushi, transferred it to another new wallet that converted it to eth/wbtc,” one user pointed out on Twitter.
original contract owner:https://t.co/cS80tnEZAb
new owner/rugpull-er:https://t.co/cS80tnEZAb#crypto #fnx #rugpull
— James Rozelle ??? (@JamesRozelle31) May 17, 2021
Others similarly questioned the validity of FinNexus’s hack claims, suggesting that the attack might also have been conducted by one of the project’s disgruntled employees.
Whatever the case may be, significant damage has already been done to both the project and its investors.