Join ACCESS EU, the first-of-its-kind digital assets security and DLT summit
Halborn Logo

// Blog

Explained: Hacks

Explained: The Ordinals Finance Rug Pull (April 2023)


Rob Behnke

May 1st, 2023

In April 2023, Ordinals Finance performed a rug pull. The scam project stole an estimated $1 million from the project’s users.

Inside the Attack

The Ordinals Finance project was designed to allow users to lend and borrow inscriptions. In April 2023, the developer behind the project performed a rug pull by taking advantage of the safuToken and ownerRewithdraw functions built into the protocol’s smart contracts.

In total, 269 million OFI tokens were drained from the project. This resulted in a total loss of approximately $1 million. Since then, the stolen tokens were transferred to other accounts, and the project’s Twitter account was deleted.

Lessons Learned From the Attack

Centralized withdrawal functions like safuTokens are typically billed as a failsafe against issues with the contract, allowing tokens to be withdrawn before they are stolen or lost forever. However, this type of function is often abused in rug pulls.

There are better, more decentralized ways to implement failsafes while avoiding the risk of rug pulls. Want to design a better governance mechanism for your project? Let’s talk.