Exploit Radar: Solfire Finance Burns Victims with a Rug Pull

TRM InsightsTRM Investigations
Exploit Radar: Solfire Finance Burns Victims with a Rug Pull

Quick take

  • Solfire.Finance executed a rug pull on January 23, 2022 and deleted all public facing accounts.
  • Solfire.Finance scammers bridged over $3 million in customer funds to Ethereum and provided approximately $1.8 million in liquidity to a Decentralized Finance (DeFi) protocol.
  • An Ethereum wallet attributed to the Solfire.finance scammer currently holds approximately $1.6 million while a Solana wallet holds approximately $59 million Fire tokens.

What happened

Solfire.Finance was launched on October 31, 2021 as an asset management app with an alleged diversified portfolio on Solana (sol). An archived version of the website reveals that Solfire.Finance ran a Github, telegram, and twitter account. By all appearances, Solfire.Finance seemed normal until a rugpull was executed January 23, 2022.

Figure: Screenshot of an introduction to Solfire.Finance obtained from an archived version

TRM Labs’ investigation indicates that the Solfire.Finance protocol began stealing user funds at approximately 3:41 UTC on January 23, 2022 with a large outbound sol transaction to a wallet likely attributed to the scammers. Two sol wallets received a bulk of the stolen funds from Solfire.Finance and proceeded to swap for USDC and USDT. The scammers quickly made these swaps to bridge the stolen funds to eth. One wallet likely attributed to the scammers currently holds approximately $1.6 million in eth while the other wallet provided liquidity to a DeFi protocol. Prior to the rug, scammers funded an eth wallet via a Tornado Cash deposit. This same wallet would later be used to fund the wallets that received the stolen funds bridged from sol.

TRM Labs graph displays the cross chain swap from Solana to Ethereum

TRM will continue to monitor on-chain flows associated with the Solfire.Finance rugpull and update our systems so that TRM partners are automatically alerted of any exposure to scammer wallets. Victims should consider filing a report with FBI’s Internet Crime Complaint Center (IC3) here.

About TRM Labs

TRM Labs is the only blockchain intelligence tool with cross-chain analytics, which enables investigators to view cross-chain swaps and multiple flows within one graph. For more information, or to report leads contact us at investigations@trmlabs.com.

TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses and public agencies detect, investigate and manage crypto-related fraud and financial crime. TRM's risk management platform includes solutions for transaction monitoring and wallet screening, entity risk scoring including VASP due diligence, and source and destination of funds tracing. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships.

TRM is based in San Francisco, CA, and is hiring across engineering, product, sales, and data science. To learn more, visit www.trmlabs.com.

This is some text inside of a div block.
Subscribe and stay up to date with our insights

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Transaction Monitoring/Wallet Screening
Training Services
Training Services
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.