Audit log

Every state-changing event for Clober Liquidity Vault: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-30 04:56:40Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 423,087,959

   sig

   5FjSGga5ugR6…vVP9gZHCcopyexplorer ↗

   hash

   5g3eCKv3AabC…CQmYcG6mcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6889 B) ▸

   {"actor":"system:backfill","investigation_id":"1a79704b-57a7-48c8-a46e-fc27bd4c6d12","kind":"publish","page_slug":"clober-liquidity-vault","published_at":"2026-05-30T04:56:40.499Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Clober Liquidity Vault","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/clober-liquidity-vault","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://x.com/CloberDEX/status/1863504665851433203","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/cloberdex-reentrancy-exploit-501k","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/cloberdex-liquidity-vault-hack-analysis-f22eb960aa6f","type":"other","url":""},{"credibility":3,"name":"https://x.com/peckshieldalert/status/1866434326596112705","type":"other","url":""},{"credibility":3,"name":"https://x.com/peckshield/status/1866443215186088048","type":"other","url":""},{"credibility":3,"name":"https://basescan.org/address/0x012fc6377f1c5ccf6e29967bce52e3629aaa6025","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/clober-dex-hack","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/cloberdex-reentrancy-exploit-501k","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/peckshieldalert/status/1866434326596112705","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://lunaray.medium.com/cloberdex-hack-analysis-04bc7cd3cbc4","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/clober-liquidity-vault","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/clober-vault-exploited-team-offers-bounty/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/peckshieldalert/status/1866434326596112705","type":"other","url":""},{"credibility":3,"name":"https://x.com/peckshield/status/1866443215186088048","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/cloberdex-reentrancy-exploit-501k","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/cloberdex-liquidity-vault-hack-analysis-f22eb960aa6f","type":"other","url":""},{"credibility":3,"name":"https://lunaray.medium.com/cloberdex-hack-analysis-04bc7cd3cbc4","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/clober-dex-hack","type":"other","url":""},{"credibility":3,"name":"https://www.nominis.io/insights/crypto-security-incidents-december-2024","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/clober-vault-exploited-team-offers-bounty/","type":"other","url":""},{"credibility":3,"name":"https://www.mitrade.com/insights/news/live-news/article-3-515047-20241211","type":"other","url":""}]}],"sources_used":[],"summary":"Clober is a fully on-chain order book DEX (Decentralized Exchange) for EVM networks, built on the proprietary LOBSTER algorithm, which launched on February 14, 2023. Its Liquidity Vault product, a hybrid order-book/AMM product launched on Coinbase's Base network in December 2024, was exploited for approximately 133.7 ETH (~$501,000) within days of launch due to a reentrancy vulnerability introduced in post-audit code changes. The attacker ultimately moved the stolen funds through Tornado Cash after on-chain bounty negotiations failed.","timeline":[{"date":"2023-02-14","event":"Clober V1 launches as the first fully on-chain order book DEX for EVM, introducing the LOBSTER algorithm.","source":""},{"date":"2024-11-30","event":"Clober announces the Clober Liquidity Vault (CLV) going live on Base network, combining order book precision with AMM simplicity using Chainlink DataStream price feeds.","source":""},{"date":"2024-12-10","event":"Clober Liquidity Vault on Base is exploited via a reentrancy attack on the Rebalancer contract's _burn() function. Attacker uses a 267.4 ETH Morpho Blue flash loan and a malicious strategy contract. Approximately 133.7 ETH (~$501,000) is drained. PeckShield issues the first public alert.","source":""},{"date":"2024-12-10","event":"Stolen 133.7 ETH is bridged from Base to Ethereum mainnet via Across Protocol and split across two attacker-controlled addresses: 0x711C87A0767101Fa6f3893FACb670B5689621e23 and 0x7760d838192f6E526721a0f6b160627baE989a3e.","source":""},{"date":"2024-12-11","event":"Clober team issues a public statement confirming the exploit, asserting Core protocol and Arbitrum are unaffected, and sends an on-chain message offering the attacker a 20% white-hat bounty (~$100,000) with no legal repercussions.","source":""},{"date":"2024-12-11","event":"CertiK, QuillAudits, SolidityScan, and Lunaray publish independent technical post-mortems. Security researcher Raz0r of Decurity identifies the vulnerable burnHook as a post-audit code addition.","source":""},{"date":"2024-12-31","event":"Clober team confirms bounty negotiations with the attacker have failed and that the stolen assets have been moved into Tornado Cash, effectively laundering the funds.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 8a5ac38b-87ef-4673-95ea-bd9596f567e3copy