Decentralized finance (DeFi) project FinNexus (FNX), which touts itself as the “most versatile DeFi options platform,” claimed that it was hacked yesterday, leading to a massive dump of its tokens by the attacker. But some users suspect foul play.
“FinNexus (FNX) contract deployer changed the token owner to some address on Ethereum and BSC [Binance Smart Chain]. This address minted: 323 million FNX ($6M) on Ethereum, 60 million FNX ($1.6M) on BSC and started dumping tokens,” tweeted The Block’s research analyst Igor Igamberdiev yesterday, adding, “Rug pull or StOlEn PrIvAtE kEy?”
FinNexus (FNX) contract deployer changed the token owner to some address on Ethereum and BSC.— Igor Igamberdiev (@FrankResearcher) May 17, 2021
This address minted:
– 323M FNX ($6M) on Ethereum
– 60M FNX ($1.6M) on BSC
and started dumping tokens.
Rug pull or StOlEn PrIvAtE kEy? pic.twitter.com/yuYe9yM0WM
Basically, the control over FinNexus’s smart contract was suddenly transferred to an unknown third-party wallet, allowing it to create a ton of new tokens and immediately exchange them for Ethereum and Wrapped Bitcoin.
As a result, the price of FNX has collapsed, plummeting by up to 92% since yesterday. According to crypto metrics platform CoinMarketCap, The token has dropped from its 24-hour high of $0.356 to as low as $0.0272 at some point. At press time, FNX is trading at around $0.0637, still down 82% on the day.
FinNexus later confirmed the incident, claiming that its ERC-20 smart contract fell victim to a hack.
We regret to inform our traders and investors that the FinNexus erc20 contract appears to have been hacked.— FinNexus (@fin_nexus) May 17, 2021
For safety reasons please withdraw your funds from the pools.
The team is working on this issue and we will provide updates as they become available.
An “honest” hack or a rug pull?
However, some users argued that this may very well have been a good old “rug pull” conducted by FinNexus—a malicious practice where crypto developers abandon their projects and run away with users’ funds.
Others similarly questioned the validity of FinNexus’s hack claims, suggesting that the attack might also have been conducted by one of the project’s disgruntled employees.
Whatever the case may be, significant damage has already been done to both the project and its investors.