- Solfire.Finance executed a rug pull on January 23, 2022 and deleted all public facing accounts.
- Solfire.Finance scammers bridged over $3 million in customer funds to Ethereum and provided approximately $1.8 million in liquidity to a Decentralized Finance (DeFi) protocol.
- An Ethereum wallet attributed to the Solfire.finance scammer currently holds approximately $1.6 million while a Solana wallet holds approximately $59 million Fire tokens.
Solfire.Finance was launched on October 31, 2021 as an asset management app with an alleged diversified portfolio on Solana (sol). An archived version of the website reveals that Solfire.Finance ran a Github, telegram, and twitter account. By all appearances, Solfire.Finance seemed normal until a rugpull was executed January 23, 2022.
TRM Labs’ investigation indicates that the Solfire.Finance protocol began stealing user funds at approximately 3:41 UTC on January 23, 2022 with a large outbound sol transaction to a wallet likely attributed to the scammers. Two sol wallets received a bulk of the stolen funds from Solfire.Finance and proceeded to swap for USDC and USDT. The scammers quickly made these swaps to bridge the stolen funds to eth. One wallet likely attributed to the scammers currently holds approximately $1.6 million in eth while the other wallet provided liquidity to a DeFi protocol. Prior to the rug, scammers funded an eth wallet via a Tornado Cash deposit. This same wallet would later be used to fund the wallets that received the stolen funds bridged from sol.
TRM will continue to monitor on-chain flows associated with the Solfire.Finance rugpull and update our systems so that TRM partners are automatically alerted of any exposure to scammer wallets. Victims should consider filing a report with FBI’s Internet Crime Complaint Center (IC3) here.
About TRM Labs
TRM Labs is the only blockchain intelligence tool with cross-chain analytics, which enables investigators to view cross-chain swaps and multiple flows within one graph. For more information, or to report leads contact us at firstname.lastname@example.org.
TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses and public agencies detect, investigate and manage crypto-related fraud and financial crime. TRM's risk management platform includes solutions for transaction monitoring and wallet screening, entity risk scoring including VASP due diligence, and source and destination of funds tracing. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships.
TRM is based in San Francisco, CA, and is hiring across engineering, product, sales, and data science. To learn more, visit www.trmlabs.com.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.