← Bent Finance1 decision on this page

Audit log

Every state-changing event for Bent Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-28 17:44:15Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,768,070
sig
4ZfrNykxjkSa…qZLJTGNcexplorer ↗
hash
98AzT24xzUqR…jNSez445sha256 → base58
verifying row…full verify ↗
canonical bytes (4706 B) ▸
{"actor":"system:backfill","investigation_id":"a55e587b-e7b5-423a-ac18-aba6c2e8355c","kind":"publish","page_slug":"bent-finance","published_at":"2026-05-28T17:44:15.924Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Bent Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://halborn.com/explained-the-bent-finance-hack-december-2021/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/bent-finance","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/bent-finance-exploit-originated-from-deployer-address-confirms-protocol/","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/bentfinancemaliciousbalanceinjection.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://halborn.com/explained-the-bent-finance-hack-december-2021/","type":"other","url":""},{"credibility":3,"name":"https://www.vidma.io/blog/the-bent-finance-betrayal-unraveling-the-1-75m-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/bentfinancemaliciousbalanceinjection.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coincodecap.com/bent-finances-makes-a-stronger-comeback","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/bentfinancemaliciousbalanceinjection.php","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/bent-finance-exploit-originated-from-deployer-address-confirms-protocol/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coingecko.com/en/coins/bent-finance","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/bent-finance","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/bent-finance/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/bentfinancemaliciousbalanceinjection.php","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/bent-finance","type":"other","url":""},{"credibility":3,"name":"https://bentfi.medium.com/getting-bent-w-vesting-roadmaps-and-the-hundredth-ape-409b6c228bd","type":"other","url":""}]}],"sources_used":[],"summary":"Bent Finance is an Ethereum-based DeFi yield aggregator built on top of Curve Finance and Convex Finance, offering staking and liquidity pool boosting for the BENT token. In December 2021, the protocol suffered an insider exploit in which a rogue developer with access to the contract deployer private key inserted a backdoor into the cvxCRV and MIM pool contracts, resulting in the theft of approximately 440 ETH (~$1.75M). Stolen funds were ultimately returned by the attacker and reimbursed to users by late December 2021, but the incident caused a 73% BENT token price collapse and left the protocol with negligible TVL.","timeline":[{"date":"2021-11-30","event":"Rogue developer silently updates Bent Finance cvxCRV pool contract to hardcode a malicious token balance for attacker address 0xd23cfffa066f81c7640e3f0dc8bb2958f7686d1f. A subsequent clean update is deployed to conceal the modification.","source":""},{"date":"2021-12-09","event":"Attacker's primary wallet receives two deposits from Tornado Cash, pre-funding the operation.","source":""},{"date":"2021-12-12","event":"Attacker begins executing withdrawals. First batch: 263,000 cvxCRV-f extracted from Bent Finance pools, converted to ETH, and sent to Tornado Cash.","source":""},{"date":"2021-12-19","event":"BENT token reaches all-time high of $15.90 per token.","source":""},{"date":"2021-12-20","event":"Exploit discovered at approximately 8:55 PM EST. Bent Finance disables reward claims and alerts users. Second batch of approximately 240 ETH laundered via Tornado Cash. Total: ~440 ETH (~$1.75M) laundered.","source":""},{"date":"2021-12-21","event":"PeckShield publicly confirms exploit originated from Bent Finance's own deployer address. Protocol issues official confirmation and advises all pool investors to withdraw funds. BENT token drops 73-74%. Team employs two independent white hat developers.","source":""},{"date":"2021-12-24","event":"Hacker agrees to return stolen funds to team multisig at 0xaBb8B277F49de499b902A1E09A2aCA727595b544. Full reimbursement of 512,696 cvxcrv-f tokens completed. Community contributed ~200,000 additional cvxCRV to cover deficit.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision ef7774d2-eee8-4aac-8768-2c34482ad766

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.