Audit log

Every state-changing event for Curio: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-19 20:13:17Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,839,271

   sig

   hjYonJUZkBf5…24ExeV3Ccopyexplorer ↗

   hash

   22Lmw4zX2oLz…C59mZyC6copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (5149 B) ▸

   {"actor":"system:backfill","investigation_id":"fab6ead4-3fe8-4c91-acad-4791c1109db0","kind":"publish","page_slug":"curio","published_at":"2026-05-19T20:13:17.668Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Curio","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://investcurio.medium.com/curiodao-the-future-of-real-assets-2964c789078"},{"credibility":3,"name":"","type":"other","url":"https://www.venturelab.swiss/Meet-CurioInvest-CEO-Rey-Fernando-Verboonen-and-find-out-how-Wikipedia-helps-him-fall-asleep"},{"credibility":3,"name":"","type":"other","url":"https://www.crunchbase.com/person/fernando-verboonen"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/curio-rekt"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/neptune-mutual/analysis-of-the-curio-exploit-1df31252fe66"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/curio-hit-by-16-million-exploit-due-to-voting-power-vulnerability/"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2024/03/26/curio-strikes-back-with-cgt-2-0-following-16-million-exploit/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://rekt.news/curio-rekt"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.venturelab.swiss/Meet-CurioInvest-CEO-Rey-Fernando-Verboonen-and-find-out-how-Wikipedia-helps-him-fall-asleep"},{"credibility":3,"name":"","type":"other","url":"https://www.crunchbase.com/organization/curio-edc3"},{"credibility":3,"name":"","type":"other","url":"https://go.curioinvest.com/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://investcurio.medium.com/curiodaos-recovery-plan-1255427f35de"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2024/03/26/curio-strikes-back-with-cgt-2-0-following-16-million-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/curio-hit-by-16-million-exploit-due-to-voting-power-vulnerability/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/curio-rekt"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/neptune-mutual/analysis-of-the-curio-exploit-1df31252fe66"},{"credibility":3,"name":"","type":"other","url":"https://investcurio.medium.com/curiodaos-recovery-plan-1255427f35de"}]}],"sources_used":[],"summary":"Curio (CurioDAO) is a multi-chain real-world asset (RWA) DeFi protocol that suffered a critical smart contract exploit on March 23, 2024, resulting in approximately $16 million in losses after an attacker exploited a voting-power privilege escalation vulnerability to mint approximately 1 billion unauthorized CGT governance tokens. The protocol had no known third-party security audits prior to the exploit and relied on internal reviews. Curio announced a recovery plan including a new CGT 2.0 token and a phased compensation program, though independent verification of full compensation delivery remains limited.","timeline":[{"date":"2024-03-23","event":"Exploit executed on Curio's Ethereum governance contract. Attacker acquires minimal CGT tokens, escalates voting privileges via IDSChief/IDSPause contracts, and mints approximately 1 billion unauthorized CGT tokens. Estimated loss: $16 million.","source":""},{"date":"2024-03-23","event":"CurioDAO Association publicly announces the exploit and halts emergency operations.","source":""},{"date":"2024-03-25","event":"Curio publishes official post-mortem identifying a permission access logic vulnerability in the MakerDAO-derived governance smart contract as the root cause.","source":""},{"date":"2024-03-25","event":"Multiple independent security firms (Hacken, Cyvers, Neptune Mutual, Halborn) publish technical analyses of the exploit, corroborating the attack vector.","source":""},{"date":"2024-03-25","event":"Curio announces recovery plan: CGT 2.0 token launch within 2 weeks, four-stage 90-day LP compensation in USDC/USDT, 10% treasury airdrop, and white hat bounty of 10% of recovered funds.","source":""},{"date":"2024-03-26","event":"Curio announces CGT 2.0 token publicly, pledging 100% restoration for pre-exploit CGT holders across all affected networks.","source":""},{"date":"2025-03-23","event":"Projected completion date of the four-stage, one-year compensation program. Independent verification of full delivery is not available in public sources.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision b6cd1a91-dad3-4150-894f-26098cd9f932copy