In April 2023, Ordinals Finance performed a rug pull. The scam project stole an estimated $1 million from the project’s users.
Inside the Attack
The Ordinals Finance project was designed to allow users to lend and borrow inscriptions. In April 2023, the developer behind the project performed a rug pull by taking advantage of the safuToken and ownerRewithdraw functions built into the protocol’s smart contracts.
In total, 269 million OFI tokens were drained from the project. This resulted in a total loss of approximately $1 million. Since then, the stolen tokens were transferred to other accounts, and the project’s Twitter account was deleted.
Lessons Learned From the Attack
Centralized withdrawal functions like safuTokens are typically billed as a failsafe against issues with the contract, allowing tokens to be withdrawn before they are stolen or lost forever. However, this type of function is often abused in rug pulls.
There are better, more decentralized ways to implement failsafes while avoiding the risk of rug pulls. Want to design a better governance mechanism for your project? Let’s talk.