Audit log

Every state-changing event for Bybit: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1reviewby reviewerreviewer

   2026-05-08 20:51:17Z
   Score: 42 → 42 (no score change)
   The page is broadly accurate on the core factual narrative of the February 2025 Bybit hack — attack mechanics, attribution, amount stolen, and remediation response are all well-supported by high-credibility sources. The most significant issues are in the regulatory section, which contains two materially stale claims: the assertion that Bybit is still registered in the British Virgin Islands (the BVI entity was dissolved in July 2023) and the claim that Bybit holds no full regulatory license from major jurisdictions (Bybit obtained an EU MiCAR license in May 2025 and a UAE SCA license in October 2025). Minor factual errors include the FBI wallet address count (51, not 50) and the DPRK total theft figure ($3 billion understates the CSIS-cited $3.4 billion). One cited CoinTelegraph URL is link-rotted (404).
   anchoranchored

   chain

   ●mainnet-betaslot 418,471,884

   sig

   3LvLV8xeDUSm…gZ7ZJjYscopyexplorer ↗

   hash

   55phVb13joSE…ReHXMUv3copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1156 B) ▸

   {"actor":"reviewer","decided_at":"2026-05-08T20:51:17.606Z","decision":"review","investigation_id":"cc5d2629-b918-4554-b41b-cf765ff31285","new_score":42,"page_slug":"bybit","prev_score":42,"reason":"The page is broadly accurate on the core factual narrative of the February 2025 Bybit hack — attack mechanics, attribution, amount stolen, and remediation response are all well-supported by high-credibility sources. The most significant issues are in the regulatory section, which contains two materially stale claims: the assertion that Bybit is still registered in the British Virgin Islands (the BVI entity was dissolved in July 2023) and the claim that Bybit holds no full regulatory license from major jurisdictions (Bybit obtained an EU MiCAR license in May 2025 and a UAE SCA license in October 2025). Minor factual errors include the FBI wallet address count (51, not 50) and the DPRK total theft figure ($3 billion understates the CSIS-cited $3.4 billion). One cited CoinTelegraph URL is link-rotted (404).","score_delta":0,"sequence_num":1,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 75b07346-1f86-4118-a733-d4006ecc2c6ecopy
2. #2review reviseby judgejudge

   2026-05-08 20:51:17Z
   Score: 42 → 27 (-15)
   The core factual narrative of the February 2025 hack — attack mechanics, ETH amount, supply chain vector, Lazarus Group attribution, and Bybit's remediation — is well-supported across multiple high-credibility sources and does not require correction. However, the regulatory section contains materially stale and incorrect claims that require revision: claim_findings[7] states Bybit is registered in the British Virgin Islands, but a Tier 1 BVI FSC public statement confirms that entity was dissolved in July 2023; claim_findings[30] states Bybit holds no full regulatory license in major Western jurisdictions, which is contradicted by Tier 1 CoinDesk reporting that Bybit obtained a full EU MiCAR license in Austria (May 2025) and a UAE SCA license (October 2025). Additionally, claim_findings[22] attributes the characterization of Bybit's crisis response as 'unusually transparent' to CSIS and Wilson Center, but direct review of both Tier 1 sources shows neither contains that characterization — CSIS is mildly critical. The disputed_pct of 18% and three high-priority coverage gaps confirm the page needs targeted factual corrections, not wholesale revision.
   anchoranchored

   chain

   ●mainnet-betaslot 418,471,888

   sig

   23WZn25WRKAV…yA8nUoNhcopyexplorer ↗

   hash

   p83y42fBZriS…2savvadkcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1512 B) ▸

   {"actor":"judge","decided_at":"2026-05-08T20:51:17.606Z","decision":"review_revise","investigation_id":"cc5d2629-b918-4554-b41b-cf765ff31285","new_score":27,"page_slug":"bybit","prev_score":42,"reason":"The core factual narrative of the February 2025 hack — attack mechanics, ETH amount, supply chain vector, Lazarus Group attribution, and Bybit's remediation — is well-supported across multiple high-credibility sources and does not require correction. However, the regulatory section contains materially stale and incorrect claims that require revision: claim_findings[7] states Bybit is registered in the British Virgin Islands, but a Tier 1 BVI FSC public statement confirms that entity was dissolved in July 2023; claim_findings[30] states Bybit holds no full regulatory license in major Western jurisdictions, which is contradicted by Tier 1 CoinDesk reporting that Bybit obtained a full EU MiCAR license in Austria (May 2025) and a UAE SCA license (October 2025). Additionally, claim_findings[22] attributes the characterization of Bybit's crisis response as 'unusually transparent' to CSIS and Wilson Center, but direct review of both Tier 1 sources shows neither contains that characterization — CSIS is mildly critical. The disputed_pct of 18% and three high-priority coverage gaps confirm the page needs targeted factual corrections, not wholesale revision.","score_delta":-15,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 42c9280b-0e73-48aa-89bb-272823126386copy
3. #3reviewby reviewerreviewer

   2026-05-09 03:28:15Z
   Score: 72 → 72 (no score change)
   The core hack narrative is well-sourced and accurate: dates, ETH amounts, attribution chain, and exchange response details are confirmed by primary sources including the FBI IC3 PSA and blockchain analytics firms. The two significant issues are (1) the Overview section's present-tense claim that Bybit 'is registered in the British Virgin Islands' — the BVI entity was dissolved July 4, 2023 and the Regulatory section correctly acknowledges this, creating an internal contradiction — and (2) the UK is listed as a restricted jurisdiction despite Bybit relaunching UK services in December 2025. Secondary issues include the Phemex hack amount ($29M stated vs ~$73M actual total), imprecise DPRK cumulative theft sourcing, and an understated user count.
   anchoranchored

   chain

   ●mainnet-betaslot 418,531,328

   sig

   BnyPdDvsL7Y5…91DRx4EScopyexplorer ↗

   hash

   A29qP5TUyTAD…rEvxcCo9copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1094 B) ▸

   {"actor":"reviewer","decided_at":"2026-05-09T03:28:15.267Z","decision":"review","investigation_id":"cc5d2629-b918-4554-b41b-cf765ff31285","new_score":72,"page_slug":"bybit","prev_score":72,"reason":"The core hack narrative is well-sourced and accurate: dates, ETH amounts, attribution chain, and exchange response details are confirmed by primary sources including the FBI IC3 PSA and blockchain analytics firms. The two significant issues are (1) the Overview section's present-tense claim that Bybit 'is registered in the British Virgin Islands' — the BVI entity was dissolved July 4, 2023 and the Regulatory section correctly acknowledges this, creating an internal contradiction — and (2) the UK is listed as a restricted jurisdiction despite Bybit relaunching UK services in December 2025. Secondary issues include the Phemex hack amount ($29M stated vs ~$73M actual total), imprecise DPRK cumulative theft sourcing, and an understated user count.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision e7665d36-ffec-47cc-b870-f9959795aea2copy
4. #4review approveby judgejudge

   2026-05-09 03:28:15Z
   Score: 72 → 72 (no score change)
   The reviewer examined 28 claims across 7 sections and found 0 disputed, 17 confirmed, 6 partially supported, and 2 stale. The reviewer initially flagged two high-priority issues (BVI present-tense claim in Overview and UK listed as restricted despite December 2025 re-entry) plus three medium-priority corrections (Phemex amount, DPRK figure attribution, user count). All five issues were editorially corrected prior to this decision. The corrected page is factually sound with well-sourced hack narrative confirmed by FBI IC3, multiple forensic firms, and blockchain analytics providers.
   anchoranchored

   chain

   ●mainnet-betaslot 418,531,332

   sig

   47tRjbnSsST1…wwo1zFXUcopyexplorer ↗

   hash

   DB8xKNbaGDAT…Bpq3FkATcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (934 B) ▸

   {"actor":"judge","decided_at":"2026-05-09T03:28:15.267Z","decision":"review_approve","investigation_id":"cc5d2629-b918-4554-b41b-cf765ff31285","new_score":72,"page_slug":"bybit","prev_score":72,"reason":"The reviewer examined 28 claims across 7 sections and found 0 disputed, 17 confirmed, 6 partially supported, and 2 stale. The reviewer initially flagged two high-priority issues (BVI present-tense claim in Overview and UK listed as restricted despite December 2025 re-entry) plus three medium-priority corrections (Phemex amount, DPRK figure attribution, user count). All five issues were editorially corrected prior to this decision. The corrected page is factually sound with well-sourced hack narrative confirmed by FBI IC3, multiple forensic firms, and blockchain analytics providers.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 2cf72f12-83eb-4ee8-9848-f245e6659d0bcopy