← Balancer5 decisions on this page
Audit log
Every state-changing event for Balancer: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.
- #1publishby system:backfill2026-05-30 19:10:53ZScore: ? → ? (no score change)anchoranchored
- chain
- ●mainnet-betaslot 423,217,278
- sig
5qg8TKKLfqHn…9HUwnMc1explorer ↗- hash
F64nJcNu71zo…RL29cHUpsha256 → base58
verifying row…full verify ↗canonical bytes (8319 B) ▸
{"actor":"system:backfill","investigation_id":"36f75834-67ae-4c11-b2be-78c9066f6778","kind":"publish","page_slug":"balancer","published_at":"2026-05-30T19:10:53.718Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Balancer","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptopotato.com/balancer-protocol-guide/","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/academy/article/what-is-balancer","type":"other","url":""},{"credibility":3,"name":"https://getblock.io/blog/bringing-perfect-balance-to-amms-story-of-balancer-bal/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.peckshield.com/2020/06/28/balancer/","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/33937/hacker-steals-500k-crypto-balancer-pool","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/balancerdeflationhack.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/euler-attack-causes-locked-tokens-losses-in-11-defi-protocols-including-balancer","type":"other","url":""},{"credibility":3,"name":"https://forum.balancer.fi/t/euler-hack-post-mortem/4490","type":"other","url":""},{"credibility":3,"name":"https://www.panewslab.com/en/articles/281ef9d5-31d1-4e7b-a9a6-267939b5cfa9","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=balancer-exploit","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/154002/balancer-suffers-nearly-1m-exploit-team-urges-users-withdraw-funds","type":"other","url":""},{"credibility":3,"name":"https://www.bitdegree.org/crypto/news/balancer-warns-users-of-vulnerability-in-some-pools-2-8m-still-at-risk","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/balancer-drained-for-almost-1m-days-after-disclosing-vulnerability/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/197953/balancer-frontend-hit-by-dns-attack-over-250k-stolen","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/balancer-social-engineering-attack-dns-provider-frontend-hijack","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/analysis-of-balancer-bgp-hijacking-incident-40adb6b285b5","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/251970/balancer-dns-attack-frontend","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://velocorexyz.medium.com/velocore-incident-post-mortem-6197020ec3e9","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/velocore-rekt/","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/velocore-finance-exploit-june-2-2024-detailed-analysis/","type":"other","url":""},{"credibility":3,"name":"https://smartcontractshacking.com/hacks/velocore-v2-hack-2024","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://research.checkpoint.com/2025/how-an-attacker-drained-128m-from-balancer-through-rounding-error-exploitation/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-balancer-hack-november-2025","type":"other","url":""},{"credibility":3,"name":"https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/377863/balancer-identifies-rounding-error-as-root-cause-of-multi-chain-defi-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.certora.com/blog/breaking-down-the-balancer-hack","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/defi/balancer-suffers-128m-exploit-despite-multiple-audits/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.dlnews.com/articles/defi/balancer-suffers-128m-exploit-despite-multiple-audits/","type":"other","url":""},{"credibility":3,"name":"https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/","type":"other","url":""},{"credibility":3,"name":"https://www.certora.com/blog/breaking-down-the-balancer-hack","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/exclusives/balancer-defi-protocol-may-have-lost-over-100-million-due-to-a-2023-bug/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptopotato.com/balancer-protocol-guide/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/learn/balancer/","type":"other","url":""},{"credibility":3,"name":"https://www.ccn.com/education/crypto/balancer-exploit-smart-contracts-defi-blockchains-assets-impacted/","type":"other","url":""}]}],"sources_used":[],"summary":"Balancer is a decentralized automated market maker (AMM) protocol on Ethereum, founded in 2018 by Fernando Martinelli and Mike McDonald, that allows multi-token liquidity pools with customizable weighting. The protocol has suffered six documented security incidents between 2020 and 2025, resulting in cumulative losses exceeding $140 million, including a catastrophic $128 million exploit in November 2025 caused by an arithmetic precision flaw in Composable Stable Pool contracts. Despite multiple audits by major firms including Trail of Bits, OpenZeppelin, and Certora, systemic smart contract vulnerabilities and a highly complex protocol architecture have repeatedly exposed user funds to loss.","timeline":[{"date":"2018-01-01","event":"Balancer protocol research begins at BlockScience as an R&D project.","source":""},{"date":"2020-03-01","event":"Balancer Labs raises $3 million in seed funding and launches Balancer V1 mainnet.","source":""},{"date":"2020-06-01","event":"BAL governance token launches; 25 million tokens allocated to founders and investors, 65 million to liquidity providers.","source":""},{"date":"2020-06-28","event":"Deflationary token flash loan exploit: attacker uses dYdX flash loan to drain STA and STONK pools. Approximately $523,600 stolen. Balancer reimburses affected users.","source":""},{"date":"2021-04-01","event":"Balancer V2 launches with unified vault architecture, separating pool logic from asset custody.","source":""},{"date":"2023-03-13","event":"Euler Finance is exploited for $197 million. Balancer's bb-e-USD pool suffers approximately $11.9 million in indirect losses. Emergency subDAO pauses the pool.","source":""},{"date":"2023-08-22","event":"Balancer publicly discloses a critical vulnerability in V2 boosted pools and urges liquidity providers to withdraw funds. Approximately $2.8 million estimated at risk.","source":""},{"date":"2023-08-25","event":"Balancer reports 99.7% of at-risk liquidity withdrawn; approximately $565,199 still in vulnerable pools.","source":""},{"date":"2023-08-27","event":"Attackers exploit the disclosed August 22 vulnerability via flash loans, draining over $2.1 million across eight networks.","source":""},{"date":"2023-09-19","event":"Balancer frontend compromised via social engineering attack on EuroDNS registrar and BGP hijacking. Approximately $253,044 stolen from users who interacted with malicious front-end across six networks.","source":""},{"date":"2023-09-20","event":"Balancer DAO successfully recovers control of compromised domain by approximately 5:45 pm UTC.","source":""},{"date":"2024-06-02","event":"Velocore, a Balancer-fork DEX, is exploited for approximately $6.8 million on Linea and zkSync Era due to faulty logic in its ConstantProductPool contract.","source":""},{"date":"2025-11-03","event":"Balancer V2 suffers its largest-ever exploit: approximately $128.64 million drained across six blockchain networks in under 30 minutes via a rounding error in _upscaleArray() within ComposableStablePool contracts. Safe Harbor recoveries begin within hours.","source":""}]},"v":1}Verify offline (run on your own machine)python -m src.verify_decision c954d8bd-ecd4-44c7-bd81-a8d9410808a6 - #2reviewby reviewerreviewer2026-06-13 20:59:00ZScore: 32 → 32 (no score change)The Balancer investigation page is factually sound on all major claims, with no disputed or fabricated assertions found. The primary issues are minor imprecision: the BAL token allocation figure of '65 million to liquidity providers' omits 10M in ecosystem/fundraising funds; the '$2.8M at risk' figure at August 22 disclosure conflates a later status update; the specific loss amount for the September 2023 DNS attack varies across sources ($238K-$253K range); and the $2.1M August 2023 exploit figure comes from PeckShield analysis rather than consensus. The most significant structural gap is that all nine page sections have empty content fields — the investigation consists only of a summary and timeline with no written section analysis, though sources are listed.anchoranchored
- chain
- ●mainnet-betaslot 426,276,051
- sig
2a9pu5CvM4gW…T1BaYVgRexplorer ↗- hash
8enS2oHxwQJ9…1gZ5N5uCsha256 → base58
verifying row…full verify ↗canonical bytes (1114 B) ▸
{"actor":"reviewer","decided_at":"2026-06-13T20:59:00.386Z","decision":"review","investigation_id":"36f75834-67ae-4c11-b2be-78c9066f6778","new_score":32,"page_slug":"balancer","prev_score":32,"reason":"The Balancer investigation page is factually sound on all major claims, with no disputed or fabricated assertions found. The primary issues are minor imprecision: the BAL token allocation figure of '65 million to liquidity providers' omits 10M in ecosystem/fundraising funds; the '$2.8M at risk' figure at August 22 disclosure conflates a later status update; the specific loss amount for the September 2023 DNS attack varies across sources ($238K-$253K range); and the $2.1M August 2023 exploit figure comes from PeckShield analysis rather than consensus. The most significant structural gap is that all nine page sections have empty content fields — the investigation consists only of a summary and timeline with no written section analysis, though sources are listed.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}Verify offline (run on your own machine)python -m src.verify_decision 93df8743-6ed5-4661-a3b1-ee0f4f491549 - #3review approveby judgejudge2026-06-13 20:59:00ZScore: 32 → 32 (no score change)The reviewer checked 18 claims and found zero disputed. Twelve claims were fully confirmed by Tier 1 or Tier 2 sources; four were partially supported due to minor imprecision — notably the BAL token allocation (claim_findings[8]) omits a 10M ecosystem/fundraising tranche, the August 22 vulnerability disclosure (claim_findings[12]) conflates an initial risk figure with a two-day-later status update, and the September 2023 DNS theft figure (claim_findings[14]) varies by ~$15K across sources. None of these imprecisions touch the page's core allegations. Two high-priority coverage gaps exist — missing on-chain wallet and transaction evidence, and nine section fields that are empty skeleton structures — but coverage gaps indicate areas for expansion rather than grounds for denial. Reviewer confidence of 0.82 supports approving the page as factually sound.anchoranchored
- chain
- ●mainnet-betaslot 426,276,053
- sig
3ih9GBirxj1v…892pR8hoexplorer ↗- hash
AeKRaviyDCZY…y8x6uZ3wsha256 → base58
verifying row…full verify ↗canonical bytes (1211 B) ▸
{"actor":"judge","decided_at":"2026-06-13T20:59:00.386Z","decision":"review_approve","investigation_id":"36f75834-67ae-4c11-b2be-78c9066f6778","new_score":32,"page_slug":"balancer","prev_score":32,"reason":"The reviewer checked 18 claims and found zero disputed. Twelve claims were fully confirmed by Tier 1 or Tier 2 sources; four were partially supported due to minor imprecision — notably the BAL token allocation (claim_findings[8]) omits a 10M ecosystem/fundraising tranche, the August 22 vulnerability disclosure (claim_findings[12]) conflates an initial risk figure with a two-day-later status update, and the September 2023 DNS theft figure (claim_findings[14]) varies by ~$15K across sources. None of these imprecisions touch the page's core allegations. Two high-priority coverage gaps exist — missing on-chain wallet and transaction evidence, and nine section fields that are empty skeleton structures — but coverage gaps indicate areas for expansion rather than grounds for denial. Reviewer confidence of 0.82 supports approving the page as factually sound.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}Verify offline (run on your own machine)python -m src.verify_decision a7253fb9-8c85-41b9-bc44-48befef438be - #4reviewby reviewerreviewer2026-06-14 23:16:23ZScore: 32 → 32 (no score change)Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Balancer is a legitimate, long-running DeFi AMM protocol that has been repeatedly victimized by external attackers, not a fraudulent or deceptive entity. The current score of 32 places it in the lower WARNING band alongside entities with actual fraud risk, which constitutes an over-penalty. Every incident on the page was perpetrated by outside attackers exploiting smart contract arithmetic vulnerabilities, cross-protocol exposure from a third-party collapse (Euler Finance), or an infrastructure hijack against a DNS registrar — none constitute insider fraud or concealed negligence. The page also incorrectly attributes the Velocore fork exploit ($6.8M) to Balancer directly, inflating cumulative losses, and the Euler Finance contagion loss is collateral damage rather than a Balancer contract flaw. Adjusting for these misattributions, direct Balancer losses total approximately $131M across five incidents. The November 2025 $128M exploit remains severe and partially unresolved (partial recovery of $19-55M documented), and Balancer Labs shut down as corporate entity in March 2026 — both warrant staying in WARNING band. A score of 42 correctly reflects a legitimate protocol with severe, recurring external security incidents while not treating it as a fraudulent entity; the Velocore, Euler, and DNS modifier penalties should be removed or substantially reduced. The page's omission of Balancer V3's unaffected status and clean audit is a material gap that further skews the risk portrayal.anchoranchored
- chain
- ●mainnet-betaslot 426,514,943
- sig
3GqnDYtAcHgt…ixCP5PX9explorer ↗- hash
AF9BbupBDjv4…zZMRaXxjsha256 → base58
verifying row…full verify ↗canonical bytes (1988 B) ▸
{"actor":"reviewer","decided_at":"2026-06-14T23:16:23.008Z","decision":"review","investigation_id":"36f75834-67ae-4c11-b2be-78c9066f6778","new_score":32,"page_slug":"balancer","prev_score":32,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Balancer is a legitimate, long-running DeFi AMM protocol that has been repeatedly victimized by external attackers, not a fraudulent or deceptive entity. The current score of 32 places it in the lower WARNING band alongside entities with actual fraud risk, which constitutes an over-penalty. Every incident on the page was perpetrated by outside attackers exploiting smart contract arithmetic vulnerabilities, cross-protocol exposure from a third-party collapse (Euler Finance), or an infrastructure hijack against a DNS registrar — none constitute insider fraud or concealed negligence. The page also incorrectly attributes the Velocore fork exploit ($6.8M) to Balancer directly, inflating cumulative losses, and the Euler Finance contagion loss is collateral damage rather than a Balancer contract flaw. Adjusting for these misattributions, direct Balancer losses total approximately $131M across five incidents. The November 2025 $128M exploit remains severe and partially unresolved (partial recovery of $19-55M documented), and Balancer Labs shut down as corporate entity in March 2026 — both warrant staying in WARNING band. A score of 42 correctly reflects a legitimate protocol with severe, recurring external security incidents while not treating it as a fraudulent entity; the Velocore, Euler, and DNS modifier penalties should be removed or substantially reduced. The page's omission of Balancer V3's unaffected status and clean audit is a material gap that further skews the risk portrayal.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}Verify offline (run on your own machine)python -m src.verify_decision 8ff59022-29a4-48ff-87eb-06244d08c556 - #5review approveby judgejudge2026-06-14 23:16:23ZScore: 32 → 42 (+10)This is a severity-calibration review, not a fact-dispute review: all six claim_findings (indices 0-5) are supported with zero disputed claims. The reviewer (confidence 0.82) confirms Balancer is a legitimate, long-running DeFi AMM that was repeatedly victimized by external attackers rather than acting fraudulently. Three specific misattributions inflate the current score of 32 into an over-penalized band: the Velocore fork exploit ($6.8M) belongs to an independent protocol and not Balancer (claim_findings[2]); the Euler Finance $11.9M loss was cross-protocol collateral damage, not a Balancer contract flaw (claim_findings[1]); and the DNS/BGP hijack ($253K) targeted third-party registrar EuroDNS, overstating protocol-layer risk (claim_findings[1]). The page content stands as published and must remain live. The recommended score of 42 appropriately keeps Balancer in WARNING given the severity of the November 2025 $128M ComposableStablePool exploit and the March 2026 Balancer Labs corporate shutdown, without treating a suffered-by victim as a fraudulent entity. A positive delta of +10 corrects the band from 32 to the reviewer-recommended 42.anchoranchored
- chain
- ●mainnet-betaslot 426,514,946
- sig
4puhMU2oevL7…aZKGJCAKexplorer ↗- hash
8iCxQ2z4f6gn…KieRrzVZsha256 → base58
verifying row…full verify ↗canonical bytes (1507 B) ▸
{"actor":"judge","decided_at":"2026-06-14T23:16:23.008Z","decision":"review_approve","investigation_id":"36f75834-67ae-4c11-b2be-78c9066f6778","new_score":42,"page_slug":"balancer","prev_score":32,"reason":"This is a severity-calibration review, not a fact-dispute review: all six claim_findings (indices 0-5) are supported with zero disputed claims. The reviewer (confidence 0.82) confirms Balancer is a legitimate, long-running DeFi AMM that was repeatedly victimized by external attackers rather than acting fraudulently. Three specific misattributions inflate the current score of 32 into an over-penalized band: the Velocore fork exploit ($6.8M) belongs to an independent protocol and not Balancer (claim_findings[2]); the Euler Finance $11.9M loss was cross-protocol collateral damage, not a Balancer contract flaw (claim_findings[1]); and the DNS/BGP hijack ($253K) targeted third-party registrar EuroDNS, overstating protocol-layer risk (claim_findings[1]). The page content stands as published and must remain live. The recommended score of 42 appropriately keeps Balancer in WARNING given the severity of the November 2025 $128M ComposableStablePool exploit and the March 2026 Balancer Labs corporate shutdown, without treating a suffered-by victim as a fraudulent entity. A positive delta of +10 corrects the band from 32 to the reviewer-recommended 42.","score_delta":10,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}Verify offline (run on your own machine)python -m src.verify_decision 446e80d1-4625-461d-b711-5a62a5af323b
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine —
python -m src.verify_decision <event_id>.