- Recently, we’ve noticed that the Solfire finance Dapp was rugged or hacked.
- The platform supposedly lost more than $10 Million.
- Further, the funds have been traced to addresses and Binance can easily track them out.
The project owner of SolFire Finance stole all the investors’ funds and transferred them to the ETH chain via a cross-chain bridge. Through our investigation, we found that the project owner initially transferred the GAS on the SOLANA chain through the binance hot wallet.
Further, the GitHub account and Twitter account of the project is deleted and the website is not accessible anymore.
The ETH accounts were funded for GAS via Tornado cash. And then, SOLANA accounts were funded for GAS via Binance. Binance could identify the thief by identifying the SOLANA address, which then funds (BZCDVsp7tVsGiKNHrJfxfSXXNikLdBaXkJs7kfSTr1GR),
Funds were stolen from the Solfire hot wallet and sent to two addresses, namely D6RBPLyUYhUE98rWZrewSkpmSDLypGRoGV4EqvGKkvym and 8XnyGsVNGFWQ2UYAzwj8gqJsCETMzmbY6ZFTqHpRWfy. The second address sells everything into soETH and sends it (664 soETH) over the sollet bridge to Ethereum to address where it sits as ETH.
D6RBPLyUYhUE98rWZrewSkpmSDLypGRoGV4EqvGKkvym receives USDC and USDT. It then sends them over the sollet bridge to Ethereum to 0x1e669254badd2866b217983d6a2fcbbf07d66ff7 who adds liquidity to Curve 3-pool.
The sollet bridge address is FBUKfg7Thx4WDM4ATehJe1xWzuGtMk1myXhRSvuSq19h. The Binance hot wallet address is 2ojv9BAiHUrvsm9gxDe7fJSzbNZSJcxZvf8dqmWGHG8S.
Here’s a link to the detailed analysis of this hack.