Audit log

Every state-changing event for Clipper: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-29 16:47:20Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,977,555

   sig

   TFq4YEkWSP8G…WStrnxejcopyexplorer ↗

   hash

   AodQbyRB9kna…GGQUpqT2copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6249 B) ▸

   {"actor":"system:backfill","investigation_id":"c275fe15-9424-451f-aec8-4c4a41641a09","kind":"publish","page_slug":"clipper","published_at":"2026-05-29T16:47:20.374Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Clipper","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.clipper.exchange/what-is-clipper/","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/clipper-dex","type":"other","url":""},{"credibility":3,"name":"https://docs.clipper.exchange/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/linked/111163/dex-developer-shipyard-software-raises-21-million-for-its-first-exchange-clipper","type":"other","url":""},{"credibility":3,"name":"https://www.banklesstimes.com/news/2023/01/31/shipyard-software-raises-21m-for-clipper-decentralized-exchange-ravikant-among-backers/","type":"other","url":""},{"credibility":3,"name":"https://www.linkedin.com/pulse/clipper-dex-people-paul-veradittakit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.com/news/clipper-dex-says-withdrawal-vulnerability-led-to-450k-hack-denies-private-key-leak/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/clipper-dex-liquidity-pools-exploited-for-450000/","type":"other","url":""},{"credibility":3,"name":"https://thecyberexpress.com/clipper-cyberattack/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=clipper-dex-hack","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Clipper_Exchange_Asset_Deposit/Withdrawal_Manipulation","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Clipper_Exchange_Asset_Deposit/Withdrawal_Manipulation","type":"other","url":""},{"credibility":3,"name":"https://www.bitcoinsensus.com/news/clipper-dex-seeks-negotiation-with-hacker-after-450000-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.clipper.exchange/after-rigorous-security-testing-clipper-dex-is-set-to-sail/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@clipper_dex/after-rigorous-security-testing-clipper-dex-is-set-to-sail-b21e6be46c43","type":"other","url":""},{"credibility":3,"name":"https://docs.clipper.exchange/audits","type":"other","url":""},{"credibility":3,"name":"https://thecyberexpress.com/clipper-cyberattack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptopotato.com/zachxbt-targets-lesser-known-dex-in-fresh-allegations-over-illicit-crypto-flows/","type":"other","url":""},{"credibility":3,"name":"https://www.banklesstimes.com/articles/2026/05/04/zachxbt-alleges-tokenlon-processed-millions-in-suspected-illicit-crypto-funds/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.admiraldao.xyz/","type":"other","url":""},{"credibility":3,"name":"https://docs.clipper.exchange/governance-token/sail-supply-and-circulation","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/clipper-dex","type":"other","url":""},{"credibility":3,"name":"https://thecyberexpress.com/clipper-cyberattack/","type":"other","url":""}]}],"sources_used":[],"summary":"Clipper is a decentralized exchange (DEX) built by Shipyard Software and governed by AdmiralDAO, designed to offer retail traders the lowest per-transaction costs on trades under $10,000 using a novel Formula Market Maker (FMM) mechanism. On December 1, 2024, a protocol logic exploit drained approximately $457,878 from its Optimism and Base liquidity pools by manipulating a single-asset deposit and withdrawal function; the attacker voluntarily returned 104 ETH in January 2025. While the protocol has legitimate venture backing and a documented technical architecture, the exploit revealed a gap between audited and deployed code, and the protocol has been flagged by on-chain investigator ZachXBT.","timeline":[{"date":"2021-06-30","event":"Clipper DEX launches on Ethereum mainnet, developed by Shipyard Software. Protocol is prefunded with $1 million in alpha liquidity.","source":""},{"date":"2021-07-01","event":"Within two weeks of launch, Clipper reports $14 million per week in trading volume across approximately 1,800 traders and 5,000 transactions.","source":""},{"date":"2023-01-31","event":"Shipyard Software announces $21 million in combined equity and liquidity funding. Polychain Capital leads the equity round. Three Arrows Capital is among the liquidity pledgers (Three Arrows Capital had already collapsed in June 2022).","source":""},{"date":"2024-11-30","event":"Attacker begins exploit on Clipper's Base network pool at approximately 8:22 PM MST, followed by the Optimism pool at approximately 9:15 PM MST.","source":""},{"date":"2024-12-01","event":"Clipper publicly confirms the exploit. Total loss reported at approximately $457,878, affecting Optimism and Base pools and representing roughly 6% of TVL. Swaps and deposits are suspended across all chains. Single-asset withdrawals are disabled.","source":""},{"date":"2024-12-01","event":"Chaofan Shou of security firm Fuzzland publicly alleges the incident resulted from a private key leak. Clipper explicitly denies this characterization, attributing the exploit to a withdrawal function logic vulnerability.","source":""},{"date":"2024-12-04","event":"Clipper publishes official post-mortem detailing the exploit mechanism, root causes including the circuit-breaker database interaction, and remediation plans.","source":""},{"date":"2025-01-15","event":"The attacker voluntarily returns 104 ETH to the Clipper treasury, citing personal health issues for the delay and stating no further vulnerabilities are known to remain. AdmiralDAO begins planning LP refund distribution.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 35f44f80-05cf-40cd-bd9e-5b5e5f6b6d29copy
2. #2reviewby reviewerreviewer

   2026-06-03 02:53:57Z
   Score: 48 → 48 (no score change)
   The page's core exploit narrative — amount, timestamps, mechanism, attacker communications, and post-mortem — is well-supported by multiple credible sources. However, two significant accuracy problems undermine the page: (1) the ZachXBT 'flagged' claim in the summary is a misattribution — both cited sources describe ZachXBT's investigation of Tokenlon, an entirely different DEX; and (2) the funding announcement is dated January 31, 2023 in the timeline when the actual announcement was July 13, 2021. A notable omission is the Polychain Capital lawsuit against Shipyard Software, which is material to the entity's risk profile.
   anchoranchored

   chain

   ●mainnet-betaslot 423,940,078

   sig

   4spRcqMA442u…PaiSC5B8copyexplorer ↗

   hash

   5owf6yhPBSj1…2273gF21copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (974 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-03T02:53:56.953Z","decision":"review","investigation_id":"c275fe15-9424-451f-aec8-4c4a41641a09","new_score":48,"page_slug":"clipper","prev_score":48,"reason":"The page's core exploit narrative — amount, timestamps, mechanism, attacker communications, and post-mortem — is well-supported by multiple credible sources. However, two significant accuracy problems undermine the page: (1) the ZachXBT 'flagged' claim in the summary is a misattribution — both cited sources describe ZachXBT's investigation of Tokenlon, an entirely different DEX; and (2) the funding announcement is dated January 31, 2023 in the timeline when the actual announcement was July 13, 2021. A notable omission is the Polychain Capital lawsuit against Shipyard Software, which is material to the entity's risk profile.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 877ca518-ed04-4fea-9878-fbf96c813356copy
3. #3review reviseby judgejudge

   2026-06-03 02:53:57Z
   Score: 48 → 33 (-15)
   The page's core exploit narrative is well-documented and confirmed across multiple sources. However, two disputed claims require correction before the page can stand. First, claim_findings[4] identifies a clear misattribution: both sources cited to support the claim that ZachXBT flagged Clipper actually describe ZachXBT's investigation of Tokenlon, an entirely separate DEX — Clipper is not mentioned in either article. This is a named-person claim with no supporting evidence and must be removed or corrected. Second, claim_findings[8] dates the $21 million funding announcement to January 31, 2023, when the actual announcement was July 13, 2021; the page appears to have adopted a re-publication date, producing a timeline in which Three Arrows Capital is listed as a participant more than six months after their collapse. Additionally, a high-priority coverage gap — the Polychain Capital lawsuit against Shipyard Software — is material to the entity's governance risk profile and should be added. The under_investigation flag is applied due to the named-person misattribution.
   anchoranchored

   chain

   ●mainnet-betaslot 423,940,083

   sig

   4w8ddKczJCf1…fqCKKnuYcopyexplorer ↗

   hash

   AzSLPtiBy5a3…Wn28ez3Mcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1432 B) ▸

   {"actor":"judge","decided_at":"2026-06-03T02:53:56.953Z","decision":"review_revise","investigation_id":"c275fe15-9424-451f-aec8-4c4a41641a09","new_score":33,"page_slug":"clipper","prev_score":48,"reason":"The page's core exploit narrative is well-documented and confirmed across multiple sources. However, two disputed claims require correction before the page can stand. First, claim_findings[4] identifies a clear misattribution: both sources cited to support the claim that ZachXBT flagged Clipper actually describe ZachXBT's investigation of Tokenlon, an entirely separate DEX — Clipper is not mentioned in either article. This is a named-person claim with no supporting evidence and must be removed or corrected. Second, claim_findings[8] dates the $21 million funding announcement to January 31, 2023, when the actual announcement was July 13, 2021; the page appears to have adopted a re-publication date, producing a timeline in which Three Arrows Capital is listed as a participant more than six months after their collapse. Additionally, a high-priority coverage gap — the Polychain Capital lawsuit against Shipyard Software — is material to the entity's governance risk profile and should be added. The under_investigation flag is applied due to the named-person misattribution.","score_delta":-15,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 7812e26d-da38-432a-9213-d697c6fc44d2copy