Audit log

Every state-changing event for Aave V3: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-29 16:00:01Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,970,397

   sig

   53ojCUZotuii…E6bboAZzcopyexplorer ↗

   hash

   zyhqDXVECDiJ…vHRTa6nTcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (8563 B) ▸

   {"actor":"system:backfill","investigation_id":"96c6369e-4f55-49a7-8101-2c6d114057e2","kind":"publish","page_slug":"aave-v3","published_at":"2026-05-29T16:00:00.967Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Aave V3","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://aave.com/docs/aave-v3/overview","type":"other","url":""},{"credibility":3,"name":"https://coinlaw.io/aave-statistics/","type":"other","url":""},{"credibility":3,"name":"https://aave.com/blog/aave-2025-recap","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/350525/how-aaves-stablecoin-gho-is-core-to-its-plan-to-10x-its-revenue","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2026/04/19/aave-records-usd6-billion-tvl-drop-as-kelp-hack-exposes-structural-risk-at-defi-lender","type":"other","url":""},{"credibility":3,"name":"https://news.bitcoin.com/zachxbt-flags-280m-kelpdao-exploit-hitting-ethereum-defi-lending-markets/","type":"other","url":""},{"credibility":3,"name":"https://unchainedcrypto.com/aaves-6-6-billion-tvl-drop-exposes-structural-risk-from-liquid-restaking-tokens/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2026/04/20/aave-could-face-up-to-usd230-million-in-losses-after-kelp-dao-bridge-exploit-triggers-defi-chaos","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://news.bitcoin.com/defi-united-secures-160m-as-industry-moves-to-cover-aave-bad-debt-crisis/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2026/04/26/aave-raises-nearly-80-of-the-usd200-million-it-needs-to-cover-bad-debt-left-by-kelp-dao-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2026/04/23/aave-rallies-defi-partners-to-contain-fallout-from-usd292-million-kelpdao-hack","type":"other","url":""},{"credibility":3,"name":"https://unchainedcrypto.com/aaves-defi-united-recovery-effort-reaches-238-million-as-crypto-rallies-to-bail-out-its-biggest-lender/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/05/26/aave-and-kelp-dao-restore-rseth-operations-after-april-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2026/05/18/aave-restores-weth-collateral-limits-as-rseth-crisis-enters-recovery-phase","type":"other","url":""},{"credibility":3,"name":"https://nftplazas.com/aave-commits-25000-eth-to-industry-wide-recovery-fund/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://governance.aave.com/t/aave-v2-v3-security-incident-04-11-2023/15335","type":"other","url":""},{"credibility":3,"name":"https://vibraniumaudits.com/post/aave-hacked-via-periphery-contract-56kstolenfromtipjar","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/aave-repay-adapter-hack-analysis-aafd234e15b9","type":"other","url":""},{"credibility":3,"name":"https://coinrabbit.io/blog/aave-hack-exploit-history-multi-million-losses-in-defi-crypto-hacks-and-key-lessons/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://aave.com/security","type":"other","url":""},{"credibility":3,"name":"https://oxor-io.github.io/public_audits/Aave/Aave-v3.3.0-Audit-Report.pdf","type":"other","url":""},{"credibility":3,"name":"https://www.certora.com/reports/aave-v3-risk-steward","type":"other","url":""},{"credibility":3,"name":"https://aave.com/docs/aave-v3/umbrella","type":"other","url":""},{"credibility":3,"name":"https://governance.aave.com/t/bgd-aave-safety-module-umbrella/18366","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/umbrella-reshapes-aave-staking","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.ccn.com/news/crypto/sec-long-investigation-aave-everything-should-know/","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/news/sec-closes-4-long-investigation-091715487.html","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/news/290227","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580","type":"other","url":""},{"credibility":3,"name":"https://news.bitcoin.com/incident-report-llamarisk-aave-service-providers-detail-kelp-rseth-hack-across-ethereum-and-arbitrum-markets/","type":"other","url":""},{"credibility":3,"name":"https://www.nydig.com/research/the-butterfly-effect-comes-to-defi","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/aave-price-crash-kelpdao-exploit-whale-dump-rxi8o9","type":"other","url":""}]}],"sources_used":[],"summary":"Aave V3 is the third major iteration of the Aave decentralized lending protocol, one of the largest in DeFi with over $14 billion in total value locked across 21 chains as of May 2026. The protocol's core smart contracts have not been directly exploited; however, in April 2026, a $292 million bridge exploit targeting integrated asset KelpDAO's rsETH generated significant bad debt on Aave V3 markets, an event flagged by on-chain investigator ZachXBT. The protocol demonstrated institutional resilience by coordinating a cross-industry recovery fund (DeFi United) that ultimately raised over $327 million, with full rsETH operations restored by May 25, 2026.","timeline":[{"date":"2022-03-16","event":"Aave V3 officially launched on Avalanche, Polygon, Arbitrum, Optimism, Fantom, and Harmony.","source":""},{"date":"2023-01-27","event":"Aave V3 deployed on Ethereum mainnet.","source":""},{"date":"2023-07-15","event":"GHO, Aave's native decentralized stablecoin, launched on Ethereum mainnet.","source":""},{"date":"2023-11-04","event":"Aave receives bug bounty disclosure of critical vulnerability affecting V2 pools. Guardian pauses V2 Ethereum and freezes assets on V2/V3 across multiple chains. No funds lost.","source":""},{"date":"2023-12-01","event":"All Aave V2/V3 markets resume full normal operations following November 2023 security incident.","source":""},{"date":"2024-06-20","event":"Certora completes formal verification and security audit of Aave V3 Risk-Steward contracts.","source":""},{"date":"2024-08-28","event":"ParaSwapRepayAdapter periphery contract exploited for approximately $56,000. Core Aave V3 contracts unaffected.","source":""},{"date":"2025-01-29","event":"Oxor completes security audit of Aave V3.3.0 smart contracts.","source":""},{"date":"2025-06-01","event":"Aave Umbrella safety module launches on Ethereum with support for aUSDC, aUSDT, aWETH, and GHO staking.","source":""},{"date":"2025-12-16","event":"SEC closes four-year investigation into Aave with no enforcement action.","source":""},{"date":"2026-04-18","event":"KelpDAO rsETH LayerZero bridge exploit: attacker mints 116,500 unbacked rsETH and deposits 89,567 rsETH as collateral on Aave V3, borrowing ~$191 million. ZachXBT flags the exploit publicly.","source":""},{"date":"2026-04-18","event":"Aave Protocol Guardian freezes rsETH/wrsETH reserves across all 11 affected V3 deployments within hours of the exploit.","source":""},{"date":"2026-04-19","event":"Aave TVL falls approximately $6.6 billion. AAVE token declines 10-13%.","source":""},{"date":"2026-04-20","event":"Aave service providers publish rsETH Incident Report, estimating bad debt between $123.7 million and $230.1 million.","source":""},{"date":"2026-04-23","event":"Aave launches DeFi United coalition to raise funds covering bad debt. Aave DAO and Mantle pledge combined 55,000 ETH.","source":""},{"date":"2026-04-25","event":"DeFi United raises $160 million, representing approximately 80% of estimated bad debt coverage needed.","source":""},{"date":"2026-05-18","event":"Aave restores normal WETH loan-to-value ratios across six V3 networks as recovery exceeds 95%.","source":""},{"date":"2026-05-25","event":"Aave and Kelp DAO announce full restoration of rsETH operations. DeFi United total raised surpasses $327 million. Approximately 106,993 of 112,103 unbacked rsETH recovered or offset.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 9c8963e9-bf6e-4c7c-97fc-0b6d315e189dcopy
2. #2reviewby reviewerreviewer

   2026-06-04 03:24:23Z
   Score: 68 → 68 (no score change)
   The Aave V3 investigation page is largely accurate on core facts — the exploit mechanics, bad debt estimates, and timeline dates are well-supported by independent sources. The most significant verifiable errors are: (1) the AAVE token decline is understated at 10-13% when primary sources report 16-20%; (2) the Umbrella launch date is June 5 not June 1; (3) the DeFi United total of $327M is not corroborated — credible sources cite $300M-$320M; (4) the specific rsETH recovery figures (106,993/112,103) do not match the 116,131.72 rsETH restoration reported in primary sources. All section 'content' fields are empty, meaning the investigation has no body text, limiting its standalone utility.
   anchoranchored

   chain

   ●mainnet-betaslot 424,161,624

   sig

   5aH4XSB3pBbK…YKTPnjVZcopyexplorer ↗

   hash

   8j9DZEtERR4c…eC9fQbCtcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1039 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-04T03:24:23.544Z","decision":"review","investigation_id":"96c6369e-4f55-49a7-8101-2c6d114057e2","new_score":68,"page_slug":"aave-v3","prev_score":68,"reason":"The Aave V3 investigation page is largely accurate on core facts — the exploit mechanics, bad debt estimates, and timeline dates are well-supported by independent sources. The most significant verifiable errors are: (1) the AAVE token decline is understated at 10-13% when primary sources report 16-20%; (2) the Umbrella launch date is June 5 not June 1; (3) the DeFi United total of $327M is not corroborated — credible sources cite $300M-$320M; (4) the specific rsETH recovery figures (106,993/112,103) do not match the 116,131.72 rsETH restoration reported in primary sources. All section 'content' fields are empty, meaning the investigation has no body text, limiting its standalone utility.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 14c8bc64-8947-493a-992c-932a6ec99f6fcopy
3. #3review reviseby judgejudge

   2026-06-04 03:24:23Z
   Score: 68 → 58 (-10)
   The reviewer confirmed 13 of 20 claims outright with strong tier-1 sourcing. The disputed_pct of 15% places this page in the revise band. The single hard-disputed finding (claim_findings[12]: Umbrella launch date stated as June 1, confirmed as June 5 by multiple independent sources) is a minor date error. More consequentially, the $327 million DeFi United fundraise total — stated in both the summary and claim_findings[17] — is not corroborated by any source; credible reporting consistently cites $300M-$320M, making this a repeated overstatement of a headline recovery figure. The AAVE token decline in claim_findings[12] is also understated at 10-13% when primary sources report 16-20%, which affects readers' assessment of market impact severity. Additionally, all seven section content fields are empty (coverage_gaps, priority: high), meaning the page has no body text beyond the summary and timeline — a structural deficiency requiring revision before the page can stand alone as a useful investigation.
   anchoranchored

   chain

   ●mainnet-betaslot 424,161,627

   sig

   5pphkK31syU9…x7KBeoz4copyexplorer ↗

   hash

   ANLx5dR5UGK4…rEoMhCcDcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1362 B) ▸

   {"actor":"judge","decided_at":"2026-06-04T03:24:23.544Z","decision":"review_revise","investigation_id":"96c6369e-4f55-49a7-8101-2c6d114057e2","new_score":58,"page_slug":"aave-v3","prev_score":68,"reason":"The reviewer confirmed 13 of 20 claims outright with strong tier-1 sourcing. The disputed_pct of 15% places this page in the revise band. The single hard-disputed finding (claim_findings[12]: Umbrella launch date stated as June 1, confirmed as June 5 by multiple independent sources) is a minor date error. More consequentially, the $327 million DeFi United fundraise total — stated in both the summary and claim_findings[17] — is not corroborated by any source; credible reporting consistently cites $300M-$320M, making this a repeated overstatement of a headline recovery figure. The AAVE token decline in claim_findings[12] is also understated at 10-13% when primary sources report 16-20%, which affects readers' assessment of market impact severity. Additionally, all seven section content fields are empty (coverage_gaps, priority: high), meaning the page has no body text beyond the summary and timeline — a structural deficiency requiring revision before the page can stand alone as a useful investigation.","score_delta":-10,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 2569f575-5a4a-4085-b651-9b115eca8baccopy