Audit log

Every state-changing event for Balancer V2: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-20 18:22:01Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 421,038,834

   sig

   5u8P3PT5ESSM…PKNKjbTEcopyexplorer ↗

   hash

   C4iRDLPCj5jw…DGKB4Fjhcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6439 B) ▸

   {"actor":"system:backfill","investigation_id":"9c5049cc-896e-45f8-a737-0da7edafe4df","kind":"publish","page_slug":"balancer-v2","published_at":"2026-05-20T18:22:01.484Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Balancer V2","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/balancer-protocol/the-most-flexible-and-efficient-amm-is-live-meet-balancer-v2-2451a22779b3"},{"credibility":3,"name":"","type":"other","url":"https://docs-v2.balancer.fi/concepts/governance/bal-token.html"},{"credibility":3,"name":"","type":"other","url":"https://immunefi.com/bug-bounty/balancer/"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2026/03/24/balancer-labs-will-shut-down-as-corporate-entity-became-a-liability-after-usd110-million-exploit"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://blog.1inch.io/balancer-hack-2020/"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/balancer-protocol/incident-with-non-standard-erc20-deflationary-tokens-95a0f6d46dea"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/154002/balancer-suffers-nearly-1m-exploit-team-urges-users-withdraw-funds"},{"credibility":3,"name":"","type":"other","url":"https://www.web3isgoinggreat.com/?id=balancer-exploit"},{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/review-and-recommendations-of-balancer-incident-d2b31b5bd863"},{"credibility":3,"name":"","type":"other","url":"https://www.certora.com/blog/breaking-down-the-balancer-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-balancer-hack-november-2025"},{"credibility":3,"name":"","type":"other","url":"https://research.checkpoint.com/2025/how-an-attacker-drained-128m-from-balancer-through-rounding-error-exploitation/"},{"credibility":3,"name":"","type":"other","url":"https://immunefi.com/blog/expert-insights/how-fragmented-security-enabled-balancer-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/balancer-suffers-128m-exploit-despite-multiple-audits/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/balancer-v2"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-balancer-hack-november-2025"},{"credibility":3,"name":"","type":"other","url":"https://research.checkpoint.com/2025/how-an-attacker-drained-128m-from-balancer-through-rounding-error-exploitation/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2026/03/24/balancer-labs-will-shut-down-as-corporate-entity-became-a-liability-after-usd110-million-exploit"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/balancer-labs-shut-down-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://unchainedcrypto.com/balancer-labs-shuts-down-its-corporate-entity-after-128-million-exploit-unchained/"},{"credibility":3,"name":"","type":"other","url":"https://docs-v2.balancer.fi/reference/contracts/security.html"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/balancer-suffers-128m-exploit-despite-multiple-audits/"},{"credibility":3,"name":"","type":"other","url":"https://immunefi.com/blog/expert-insights/how-fragmented-security-enabled-balancer-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2026/03/24/balancer-labs-will-shut-down-as-corporate-entity-became-a-liability-after-usd110-million-exploit"},{"credibility":3,"name":"","type":"other","url":"https://www.certora.com/blog/breaking-down-the-balancer-hack"}]}],"sources_used":[],"summary":"Balancer V2 is a decentralized automated market maker (AMM) protocol launched in 2021 on Ethereum and multiple chains that separates AMM logic from token custody via a central Vault architecture. The protocol has experienced at least four documented security incidents across its V1 and V2 deployments, including a November 2025 exploit that drained approximately $128 million and directly led to the dissolution of Balancer Labs, the corporate entity behind the protocol, announced in March 2026.","timeline":[{"date":"2020-06-29","event":"Balancer V1 exploited via STA deflationary token flash loan attack; over $500,000 stolen. Prior bug report allegedly ignored.","source":""},{"date":"2021-05-01","event":"Balancer V2 officially launched on Ethereum mainnet with new centralized Vault architecture.","source":""},{"date":"2022-05-01","event":"Balancer launches bug bounty program on Immunefi with up to $1,000,000 maximum payout.","source":""},{"date":"2022-08-01","event":"Rounding vulnerability exploited in V2 composable stable pools for approximately $108,843.","source":""},{"date":"2022-10-10","event":"Balancer and Certora launch the Balancer Certora Security Accelerator for projects building on the protocol.","source":""},{"date":"2023-08-22","event":"Balancer publicly discloses critical vulnerability in V2 boosted pools across eight blockchains; LPs urged to withdraw.","source":""},{"date":"2023-08-25","event":"Balancer states 99.7% of at-risk liquidity secured; approximately $565,199 remains at risk.","source":""},{"date":"2023-08-27","event":"Attackers exploit the disclosed vulnerability via flash loans, stealing approximately $979,000 in DAI from Balancer V2 boosted pools.","source":""},{"date":"2025-11-03","event":"Critical exploit drains approximately $128 million from Balancer V2 Composable Stable Pools across six chains in under 30 minutes via manageUserBalance access control flaw and rounding error. Attacker funded via Tornado Cash.","source":""},{"date":"2026-03-23","event":"Co-founder Fernando Martinelli posts governance announcement proposing dissolution of Balancer Labs corporate entity; essential staff to transition to Balancer OpCo.","source":""},{"date":"2026-03-24","event":"Balancer Labs shutdown announcement covered by CoinDesk and major crypto outlets; TVL reported at $157 million, down 95% from 2021 peak of $3.5 billion.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 38d20c75-fa83-4fcf-93b7-4eb4d46cf353copy
2. #2reviewby reviewerreviewer

   2026-06-14 23:16:17Z
   Score: 18 → 18 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Balancer V2 is a verifiably legitimate DeFi automated market maker launched in 2021, audited by four major security firms across 11 engagements, and which held peak TVL of approximately $3.5 billion. The CRITICAL score of 18 is severely miscalibrated: every incident driving the score — including the $128M November 2025 exploit — was perpetrated by external attackers exploiting technical smart contract vulnerabilities, not by Balancer's own fraud or deliberate misconduct. The page's own timeline and summary contradict the CRITICAL band by noting proactive security measures (bug bounties, Certora accelerator, successful liquidity rescue in 2023) and by describing Balancer as a legitimate AMM. The March 2026 dissolution of Balancer Labs is a post-exploit corporate restructuring, not a rug pull: the protocol continues operating with ~$24M TVL and daily fee generation as confirmed by DefiLlama. No regulatory enforcement actions exist against the entity. Under the corrected band semantics — CRITICAL reserved for evidence of fraud/scam — this entity belongs in WARNING (20-49), reflecting that it is a legitimate operator with a severe, unresolved security track record that caused major user losses and led to corporate restructuring, but without any fraud, Ponzi, or exit-scam mechanics. A score of 32 reflects the seriousness of cumulative exploit losses (~$130M+) and the ongoing uncertainty around post-restructuring protocol viability, while correctly distinguishing between being a hack victim and being a fraudulent actor.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,848

   sig

   22ff9y1sacCN…cDrDVAa4copyexplorer ↗

   hash

   HTFnhGNKS9iF…pp98zSsHcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (2028 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:16:17.689Z","decision":"review","investigation_id":"9c5049cc-896e-45f8-a737-0da7edafe4df","new_score":18,"page_slug":"balancer-v2","prev_score":18,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Balancer V2 is a verifiably legitimate DeFi automated market maker launched in 2021, audited by four major security firms across 11 engagements, and which held peak TVL of approximately $3.5 billion. The CRITICAL score of 18 is severely miscalibrated: every incident driving the score — including the $128M November 2025 exploit — was perpetrated by external attackers exploiting technical smart contract vulnerabilities, not by Balancer's own fraud or deliberate misconduct. The page's own timeline and summary contradict the CRITICAL band by noting proactive security measures (bug bounties, Certora accelerator, successful liquidity rescue in 2023) and by describing Balancer as a legitimate AMM. The March 2026 dissolution of Balancer Labs is a post-exploit corporate restructuring, not a rug pull: the protocol continues operating with ~$24M TVL and daily fee generation as confirmed by DefiLlama. No regulatory enforcement actions exist against the entity. Under the corrected band semantics — CRITICAL reserved for evidence of fraud/scam — this entity belongs in WARNING (20-49), reflecting that it is a legitimate operator with a severe, unresolved security track record that caused major user losses and led to corporate restructuring, but without any fraud, Ponzi, or exit-scam mechanics. A score of 32 reflects the seriousness of cumulative exploit losses (~$130M+) and the ongoing uncertainty around post-restructuring protocol viability, while correctly distinguishing between being a hack victim and being a fraudulent actor.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 355748a7-a815-48a1-867e-cc236b6b0a21copy
3. #3review approveby judgejudge

   2026-06-14 23:16:17Z
   Score: 18 → 32 (+14)
   All 7 claim findings are supported with 0% disputed content. The reviewer (confidence 0.88) confirms Balancer V2 is a verifiably legitimate AMM with 11 security audits from major firms and peak TVL of $3.5 billion. The current CRITICAL score of 18 is miscalibrated: every incident, including the $128M November 2025 exploit (claim_findings[1]), was perpetrated by external attackers exploiting smart contract vulnerabilities — not by insider fraud, Ponzi mechanics, or exit-scam behavior. The page's own timeline (claim_findings[2], claim_findings[3]) shows proactive security behaviors (bug bounty, Certora accelerator, 99.7% liquidity rescue) that are inconsistent with a fraud-tier classification. The March 2026 corporate dissolution (claim_findings[4]) is a legal restructuring following exploit liability, not an exit scam — the protocol continues operating with ~$24M TVL. No regulatory enforcement actions exist (claim_findings[5]). Under band semantics where CRITICAL is reserved for fraud, this entity belongs in WARNING at score 32, reflecting serious cumulative exploit losses (~$130M+) and post-restructuring viability uncertainty without any fraud attribution. A positive delta of +14 (from 18 to 32) is warranted to correct the miscalibration.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,852

   sig

   5JKf92rAhxkD…XgwiZyKAcopyexplorer ↗

   hash

   7XmJbcPf98Hr…1y8S9y5ucopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1611 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:16:17.689Z","decision":"review_approve","investigation_id":"9c5049cc-896e-45f8-a737-0da7edafe4df","new_score":32,"page_slug":"balancer-v2","prev_score":18,"reason":"All 7 claim findings are supported with 0% disputed content. The reviewer (confidence 0.88) confirms Balancer V2 is a verifiably legitimate AMM with 11 security audits from major firms and peak TVL of $3.5 billion. The current CRITICAL score of 18 is miscalibrated: every incident, including the $128M November 2025 exploit (claim_findings[1]), was perpetrated by external attackers exploiting smart contract vulnerabilities — not by insider fraud, Ponzi mechanics, or exit-scam behavior. The page's own timeline (claim_findings[2], claim_findings[3]) shows proactive security behaviors (bug bounty, Certora accelerator, 99.7% liquidity rescue) that are inconsistent with a fraud-tier classification. The March 2026 corporate dissolution (claim_findings[4]) is a legal restructuring following exploit liability, not an exit scam — the protocol continues operating with ~$24M TVL. No regulatory enforcement actions exist (claim_findings[5]). Under band semantics where CRITICAL is reserved for fraud, this entity belongs in WARNING at score 32, reflecting serious cumulative exploit losses (~$130M+) and post-restructuring viability uncertainty without any fraud attribution. A positive delta of +14 (from 18 to 32) is warranted to correct the miscalibration.","score_delta":14,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision ab8130ca-233b-4060-847c-ee382b1617f0copy