Audit log

Every state-changing event for Agave: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-28 15:33:46Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,748,317

   sig

   49rY9EPDDqLL…AtALfN5qcopyexplorer ↗

   hash

   BxBhVo5ejuqZ…fGi7b4bVcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (4139 B) ▸

   {"actor":"system:backfill","investigation_id":"81f77d2a-2c49-4e61-9298-d94c9922ddbc","kind":"publish","page_slug":"agave","published_at":"2026-05-28T15:33:46.500Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Agave","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/agave-hundred-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/137932/defi-protocols-agave-and-hundred-finance-exploited-on-gnosis-chain-for-11-million","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/03/15/defi-lending-protocol-agave-plunges-over-20-amid-exploit-investigation","type":"other","url":""},{"credibility":3,"name":"https://fortune.com/crypto/2022/03/16/crypto-investor-scam-agave-defi/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/agave-hundred-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.vidma.io/blog/the-agave-and-hundred-finance-hack-a-11-7m-reentrancy-exploit","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/a-poc-of-the-hundred-finance-heist-4121f23a098","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/unlucky-agave-and-hundred-finance-defi-protocols-exploited-for-11m","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/03/15/defi-lending-protocol-agave-plunges-over-20-amid-exploit-investigation","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/agave","type":"other","url":""},{"credibility":3,"name":"https://x.com/agave_lending","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://fortune.com/crypto/2022/03/16/crypto-investor-scam-agave-defi/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://wiki.1hive.org/projects/agave","type":"other","url":""},{"credibility":3,"name":"https://medium.com/honeyswap/1hive-introduction-to-agave-agve-100e36fe3560","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/agave-token","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/agave-hundred-rekt","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/defi-protocols-agave-hundred-finance-hacked-attacker-steals-11m-worth-of-crypto/","type":"other","url":""}]}],"sources_used":[],"summary":"Agave was a decentralized lending protocol on Gnosis Chain forked from Aave v2, developed by members of the 1Hive community. On March 15, 2022, the protocol suffered a reentrancy exploit that drained approximately $5.5 million in user funds, part of a coordinated $11.7 million attack that simultaneously hit Hundred Finance. The protocol paused operations following the hack and formally closed down in March 2024 with no documented user compensation.","timeline":[{"date":"2021-01-01","event":"Agave protocol launched on xDAI (Gnosis Chain) by the 1Hive community as a fork of Aave v2","source":""},{"date":"2022-03-15","event":"Reentrancy exploit drains approximately $5.5 million from Agave and $6.2 million from Hundred Finance simultaneously; total losses $11.7 million. Attacker address: 0x0a16a85be44627c10cee75db06b169c7bc76de2c","source":""},{"date":"2022-03-15","event":"Agave pauses all contracts and announces investigation via Twitter","source":""},{"date":"2022-03-15","event":"Stolen funds transferred to Tornado Cash within hours of exploit; approximately 4,479 ETH laundered in total across both protocols","source":""},{"date":"2022-03-15","event":"AGVE token price drops more than 20% following public disclosure of exploit","source":""},{"date":"2024-03-25","event":"Agave DAO formally announces closure; redemption portal opened at agavefinance.eth.limo/redeem/ for AGVE token holders","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 80a55b0c-8e61-4aac-80f5-a72619318ed4copy
2. #2reviewby reviewerreviewer

   2026-06-15 18:24:08Z
   Score: 18 → 18 (no score change)
   The factual core of this investigation is accurate and well-supported: the March 15, 2022 reentrancy exploit, the $5.5M Agave / $6.2M Hundred Finance / $11.7M total figures, the Tornado Cash laundering of ~4,479 ETH, the AGVE price drop, and the March 2024 closure are all confirmed by multiple credible sources. The two partially-supported findings are (1) the protocol launch date is listed as 2021-01-01 in the timeline when documented sources confirm a September 1, 2021 launch, and (2) the 'no compensation' assertion is accurate for hack victims but conflates the absence of hack restitution with the AGVE governance-token redemption portal that was opened. No disputed or fabricated claims were found.
   anchoranchored

   chain

   ●mainnet-betaslot 426,687,961

   sig

   31ja7G4FMZ8y…uXNomgrGcopyexplorer ↗

   hash

   5n3u9ioPp2my…jYkdo15xcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1049 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-15T18:24:08.163Z","decision":"review","investigation_id":"81f77d2a-2c49-4e61-9298-d94c9922ddbc","new_score":18,"page_slug":"agave","prev_score":18,"reason":"The factual core of this investigation is accurate and well-supported: the March 15, 2022 reentrancy exploit, the $5.5M Agave / $6.2M Hundred Finance / $11.7M total figures, the Tornado Cash laundering of ~4,479 ETH, the AGVE price drop, and the March 2024 closure are all confirmed by multiple credible sources. The two partially-supported findings are (1) the protocol launch date is listed as 2021-01-01 in the timeline when documented sources confirm a September 1, 2021 launch, and (2) the 'no compensation' assertion is accurate for hack victims but conflates the absence of hack restitution with the AGVE governance-token redemption portal that was opened. No disputed or fabricated claims were found.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 7b15d573-8405-4227-9b2d-d6bed52a4d88copy
3. #3review approveby judgejudge

   2026-06-15 18:24:08Z
   Score: 18 → 52 (+34)
   The reviewer confirmed 11 of 13 claims outright and partially supported the remaining 2 — both minor (an imprecise launch date in the timeline, and a nuance around hack-victim vs. governance-token redemption). Disputed claims stand at 0%. The two primary incidents (claim_findings[2] and claim_findings[5]) are both attribution type (b) 'suffered': Agave was exploited by an external attacker through a chain-level token behaviour it did not introduce, and its subsequent closure was an orderly wind-down with no evidence of fraudulent intent. Under the platform's fraud-likelihood scoring rubric, CRITICAL (0–19) is reserved for entities whose own conduct constitutes confirmed fraud, exit scams, or Ponzi schemes. Placing a hack victim at score 18 violates the anti-conflation rule. The reviewer's recommended score of 52 (CAUTIONARY) correctly reflects that the protocol is defunct, users received no hack restitution, and there is a minor unresolved audit-scope gap — without over-penalising for harm the entity suffered rather than caused. A positive delta of +34 is applied to correct this mis-classification.
   anchoranchored

   chain

   ●mainnet-betaslot 426,687,963

   sig

   5K797shu1zRk…Nh5DBh1Rcopyexplorer ↗

   hash

   6ifAyZEugtFT…K6wApRJGcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1462 B) ▸

   {"actor":"judge","decided_at":"2026-06-15T18:24:08.163Z","decision":"review_approve","investigation_id":"81f77d2a-2c49-4e61-9298-d94c9922ddbc","new_score":52,"page_slug":"agave","prev_score":18,"reason":"The reviewer confirmed 11 of 13 claims outright and partially supported the remaining 2 — both minor (an imprecise launch date in the timeline, and a nuance around hack-victim vs. governance-token redemption). Disputed claims stand at 0%. The two primary incidents (claim_findings[2] and claim_findings[5]) are both attribution type (b) 'suffered': Agave was exploited by an external attacker through a chain-level token behaviour it did not introduce, and its subsequent closure was an orderly wind-down with no evidence of fraudulent intent. Under the platform's fraud-likelihood scoring rubric, CRITICAL (0–19) is reserved for entities whose own conduct constitutes confirmed fraud, exit scams, or Ponzi schemes. Placing a hack victim at score 18 violates the anti-conflation rule. The reviewer's recommended score of 52 (CAUTIONARY) correctly reflects that the protocol is defunct, users received no hack restitution, and there is a minor unresolved audit-scope gap — without over-penalising for harm the entity suffered rather than caused. A positive delta of +34 is applied to correct this mis-classification.","score_delta":34,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision e863f2be-a74d-481c-9828-f21ee77df2b1copy