Ordinals Finance conducted a $1 million rug pull: CertiK

By: Henry Felix

Ordinals Finance conducted a $1 million rug pull: CertiK

April 25, 2023 7:28 AM

Following the disclosure of the suspected exit scam, the DeFi protocol appears to have removed its social media presence.

The Ethereum-based decentralized finance (DeFi) system Ordinals Finance, which facilitates the lending and borrowing of inscriptions, has been accused of conducting an exit fraud, often known as a "rug pull."

CertiK, a blockchain security firm, claimed on April 24 that the protocol's developer extracted 256 million OFI tokens from its smart contracts using a "safuToken" function. CertiK announced that additional 13 million OFI had been removed via a "ownerRewithdraw" function, increasing the overall amount of tokens transferred to 269 million.

The overall loss to investors, according to the blockchain security firm, is $1 million. According to CoinGecko data, the market capitalization of OFI was $2.3 million prior to the purported exodus, but it decreased to slightly more than $143,000 subsequently. This means that the losses exceeded $2 million. However, some OFI token owners may have sold as soon as the news came, which could explain the lesser number indicated by CertiK. 

According to blockchain data, the Ordinals deployer account used the safuToken function to withdraw→ almost 256 million OFI tokens. These funds were purportedly transferred→ to a different Ethereum account in a series of transactions. Evidence from the blockchain indicates that this address was the recipient of OFI sent from several different addresses. These tokens were then deposited into Tornado Cash.

The project's Twitter account appears to be defunct.


On April 24, the Ordinals Finance Twitter account was removed. Twitter is the source. 

Following receipt of the 256 million OFI, the deployer account executed→ 12 distinct transactions exchanging OFI for Ether.


On April 24, the Ordinals Finance deployer handles transactions. source: Etherscan.

The deployer then sent 85.5 ETH to an account ending in "cCF," where it was put into Tornado Cash.

The safuToken transfer took place through a contract called "OEB Staking." This function purports to allow the contract's "owner" to transfer all staked tokens to itself and is listed→ at the bottom of the file, on lines 1445-1450.


In the OEB Staking contract, the SafuToken function. source:Etherscan


The deployer account also made several calls to the OFI Staking contract to transfer tokens to itself, each time calling a method on lines 305-308 called "ownerRewithdraw." It appears to allow→ the owner to withdraw any number of tokens from the staking contract as long as the contract balance exceeds a variable known as "totalOwedValue."