The Russian-based FINIKO Ponzi awarded its owners with more than $235M

Investment firm Finiko (Kazan, Russia) had ceased all its activity soon after one of its owners was captured and put into custody by the Russian authorities. So far, the various sources keep speculating on the scale of the damage implied. The Russian Ministry of Internal Affairs estimates the figure to go as high as $95ml (RUB 7bn), whereas the Russian Central Bank has a moderate take – somewhere next to $40ml (RUB 3bn). The ongoing criminal case hints at just over $1bn (RUB 80bn) in overall claims.

Clain reckons both estimates are quite far from the truth.

The investment firm worked tightly with crypto based on the info derived from Finiko’s website and its corresponding social media sources. Throughout its lifetime, Finiko was accepting investments in both BTC and USDT, and for transacting purposes, even had used their own FNK (ERC-20) token. FNK tokens were listed on several crypto exchanges - Uniswap, Bithumb, and a few other less liquid trade platforms.

For yield-thirsty investors, who were less crypto savvy, the company offered a hassle-free option to convert fiat money in crypto using a third-party service provider - Rapid Wallets. Rapid Wallets, as it reads on their website, “is a service that simplifies the acceptance of cryptocurrencies as payment for goods and services.” The service is still on and allows to query Finiko’s data via its API. Below is a snapshot example of Finiko client’s personal data, along with transaction details, that our team was able to fetch.

Although Rapid Wallets domain was registered back in 2017 and had U.S. shady business address, it became active only in 2019, when Finiko moved up its gear to attract depositor clients at scale. Web analytics also confirms that most of the traffic was fluxing from Russia.

Using our proprietary blockchain analytics platform, Clain has detected around 800K bitcoin addresses and additional 120K eth addresses related to the Finiko project for its entire lifespan.

Clain estimates that Finiko’s total transactional volume has amounted to 59K (USD 1.63Bn) in bitcoin, and roughly USD 1.26Bn in ERC-20 tokens, 40% of which were transacted on Binance exchange.

Ethereum-based transactions were settled primarily in USDT, with major exchanges involved on both ends.

As seen from the chart below, the bitcoin-related transactions were facilitated largely by Binance and Russian-based BitZlato exchange, known widely for having a loose KYC policy and being tightly connected to the dark marketplace - Hydra. We assume the inexperienced victims were using an option of P2P transfers to streamline the deposit procedure.

Some of the outgoing flows indicate that the portion of Finiko funds was finally settled at owners' cold wallets (labeled as "Finiko Scam"). As of July end, the amount of those transfers had reached $150ml. Look at how rapidly funds have been drained from it lately, shrinking in 5-6 times from the preceding period:

For instance, Clain analytics detected that on July 26 alone, at least $1mn was withdrawn to the Wasabi Wallet mixer to obfuscate money.

By the end of July, the wallets controlled by the Finiko owners collected around 4.66K of bitcoin and sent it further to Huobi Exchange. On the Ethereum wallets, the balance amounted to $42mn (5 times less than a month before)

Assuming those funds are, in fact, the depositors’ money, one can reasonably deduce that the Finiko damage may reach at least $235mn – that is far more than the officials assessed.

We are happy to talk

we are happy to talk and will get back to you as soon as possible