TRM Investigations
January 27, 2022

Exploit Radar: Solfire Finance Burns Victims with a Rug Pull

TRM InsightsTRM Investigations
Exploit Radar: Solfire Finance Burns Victims with a Rug Pull

Quick take

  • Solfire.Finance executed a rug pull on January 23, 2022 and deleted all public facing accounts.
  • Solfire.Finance scammers bridged over $3 million in customer funds to Ethereum and provided approximately $1.8 million in liquidity to a Decentralized Finance (DeFi) protocol.
  • An Ethereum wallet attributed to the Solfire.finance scammer currently holds approximately $1.6 million while a Solana wallet holds approximately $59 million Fire tokens.

What happened

Solfire.Finance was launched on October 31, 2021 as an asset management app with an alleged diversified portfolio on Solana (sol). An archived version of the website reveals that Solfire.Finance ran a Github, telegram, and twitter account. By all appearances, Solfire.Finance seemed normal until a rugpull was executed January 23, 2022.

Figure: Screenshot of an introduction to Solfire.Finance obtained from an archived version

TRM Labs’ investigation indicates that the Solfire.Finance protocol began stealing user funds at approximately 3:41 UTC on January 23, 2022 with a large outbound sol transaction to a wallet likely attributed to the scammers. Two sol wallets received a bulk of the stolen funds from Solfire.Finance and proceeded to swap for USDC and USDT. The scammers quickly made these swaps to bridge the stolen funds to eth. One wallet likely attributed to the scammers currently holds approximately $1.6 million in eth while the other wallet provided liquidity to a DeFi protocol. Prior to the rug, scammers funded an eth wallet via a Tornado Cash deposit. This same wallet would later be used to fund the wallets that received the stolen funds bridged from sol.

TRM Labs graph displays the cross chain swap from Solana to Ethereum

TRM will continue to monitor on-chain flows associated with the Solfire.Finance rugpull and update our systems so that TRM partners are automatically alerted of any exposure to scammer wallets. Victims should consider filing a report with FBI’s Internet Crime Complaint Center (IC3) here.

About TRM Labs

TRM Labs is the only blockchain intelligence tool with cross-chain analytics, which enables investigators to view cross-chain swaps and multiple flows within one graph. For more information, or to report leads contact us at investigations@trmlabs.com.

TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses and public agencies detect, investigate and manage crypto-related fraud and financial crime. TRM's risk management platform includes solutions for transaction monitoring and wallet screening, entity risk scoring including VASP due diligence, and source and destination of funds tracing. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships.

TRM is based in San Francisco, CA, and is hiring across engineering, product, sales, and data science. To learn more, visit www.trmlabs.com.

This is some text inside of a div block.
TRM Labs, Inc.
Subscribe and stay up to date with our insights
arrow right
January 27, 2022

What you need to know about implementing the Travel Rule

arrow right
January 5, 2022

Tinyman: The First DeFi Exploit of 2022?

arrow right
October 30, 2023

TRM Talks: Policy Roundtable October 2023

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT