Audit log

Every state-changing event for Curve DEX: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-20 18:59:00Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-beta

   sig

   2fi7UUU8FFiW…B7BnXo2Gcopyexplorer ↗

   hash

   A1vdmoFxQrEf…gpJq3qFFcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (7609 B) ▸

   {"actor":"system:backfill","investigation_id":"3e4567af-0a09-4107-b598-0cddbf8e26fa","kind":"publish","page_slug":"curve-dex","published_at":"2026-05-20T18:59:00.691Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Curve DEX","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.gemini.com/cryptopedia/curve-finance-liquidity-provider-dao"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/curve-finance"},{"credibility":3,"name":"","type":"other","url":"https://coinbureau.com/review/curve-finance-crv"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.chainalysis.com/blog/curve-finance-liquidity-pool-hack/"},{"credibility":3,"name":"","type":"other","url":"https://blockworks.co/news/curve-suffers-exploit"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-vyper-bug-hack-july-2023"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/curve-vyper-exploit-whole-story-so-far"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/curve-finance-disburse-49-million-compensation-hack-victims"},{"credibility":3,"name":"","type":"other","url":"https://techcrunch.com/2023/08/01/curve-finances-62m-exploit-exposes-larger-issues-for-defi-ecosystem/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2023/07/31/a-curve-founders-168m-stash-is-under-stress-creating-a-risk-for-defi-as-a-whole"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/243183/michael-egorov-has-sold-a-total-of-106-million-crv-for-42-million"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2023/08/03/curve-founder-still-owes-80m-despite-raising-nearly-30m-in-past-two-days"},{"credibility":3,"name":"","type":"other","url":"https://protos.com/curve-finance-gentlemans-agreement-expires-counterparties-dump-crv/"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/235149/curve-founder-liquidation-crv-token"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/defi/curve-finance-founder-michael-egorov-suffers-massive-liquidations"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/curve-finance-michael-egorov-bad-debt-llamma"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2024/12/19/founder-of-de-fi-giant-curve-gets-liquidated-again-as-crv-slumps"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/curve-finance-disburse-49-million-compensation-hack-victims"},{"credibility":3,"name":"","type":"other","url":"https://hackmd.io/@LlamaRisk/BJzSKHNjn"},{"credibility":3,"name":"","type":"other","url":"https://news.curve.finance/curve-domain-incident/"},{"credibility":3,"name":"","type":"other","url":"https://www.vibraniumaudits.com/post/curve-finance-faces-dual-security-breaches-x-account-compromised-and-dns-hijack"},{"credibility":3,"name":"","type":"other","url":"https://resources.curve.fi/risks-security/security/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coinbase.com/institutional/research-insights/research/market-intelligence/curve-finance-exploit"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/curve-finance-founder-100-million-debt-could-trigger-defi-implosion"},{"credibility":3,"name":"","type":"other","url":"https://research.kaiko.com/insights/curve-finance"},{"credibility":3,"name":"","type":"other","url":"https://resources.curve.fi/risks-security/security/"},{"credibility":3,"name":"","type":"other","url":"https://cryptorank.io/news/feed/9de9f-curve-dao-token-crv-price-prediction-2030-2"}]}],"sources_used":[],"summary":"Curve Finance is a major decentralized exchange and automated market maker (AMM) on Ethereum, optimized for low-slippage swaps of pegged assets such as stablecoins. On July 30, 2023, several of its liquidity pools were drained of approximately $70 million due to a reentrancy vulnerability in the Vyper smart contract compiler (versions 0.2.15, 0.2.16, and 0.3.0), one of the largest DeFi exploits of 2023. Separately, founder Michael Egorov's practice of using large CRV holdings as loan collateral across multiple DeFi protocols created systemic risk that culminated in a $140 million liquidation event in June 2024, generating over $10 million in bad debt across connected protocols.","timeline":[{"date":"2019-11-01","event":"Michael Egorov publishes the StableSwap whitepaper, laying out the AMM formula that will become Curve Finance.","source":""},{"date":"2020-01-01","event":"Curve Finance protocol launches on Ethereum mainnet.","source":""},{"date":"2020-08-13","event":"CRV governance token and Curve DAO contracts deployed by anonymous community member 0xc4ad.","source":""},{"date":"2021-06-01","event":"Curve v2 (Cryptoswap) launches, extending the AMM to volatile asset pairs.","source":""},{"date":"2023-07-30","event":"Multiple Curve pools exploited via Vyper compiler reentrancy vulnerability; approximately $70 million drained. CRV price drops sharply, placing Egorov's $100M+ collateralized loan positions near liquidation.","source":""},{"date":"2023-08-01","event":"Curve Finance offers $1.85 million bounty for identification of the attacker.","source":""},{"date":"2023-08-07","event":"As of this date, 73% of stolen funds ($52.3 million) returned by white hat actors and the alleged attacker. Egorov has sold 106 million CRV for $42 million in OTC deals to stabilize loan positions.","source":""},{"date":"2023-08-08","event":"Alleged Alchemix attacker returns approximately $12.7 million voluntarily.","source":""},{"date":"2023-09-27","event":"Egorov deposits $35 million CRV to fully settle his Aave debt position.","source":""},{"date":"2023-12-21","event":"Curve DAO votes 94% approval to disburse $49.2 million in compensation to July hack victims.","source":""},{"date":"2024-02-01","event":"Informal six-month OTC lockup expires; several OTC buyers begin selling CRV on exchanges, pushing price below $0.40.","source":""},{"date":"2024-06-13","event":"CRV price falls approximately 24–30% in two days; Egorov's entire $141 million CRV collateral position liquidated across five protocols (Inverse, UwU Lend, Fraxlend, LlamaLend, Aave), generating over $10 million in bad debt on Curve Lend.","source":""},{"date":"2024-06-14","event":"Egorov sells 30 million CRV for $6 million USDT to clear LlamaLend bad debt; states all bad debt fully repaid.","source":""},{"date":"2024-12-19","event":"Third liquidation event: CRV slump triggers renewed liquidation of Egorov positions, per CoinDesk reporting.","source":""},{"date":"2025-05-05","event":"Curve Finance official X account compromised; attacker promotes fraudulent CRV airdrop phishing campaign.","source":""},{"date":"2025-05-12","event":"curve.fi primary domain hijacked at DNS registrar level; visitors redirected to phishing site. Smart contracts unaffected. Protocol processes over $400 million in on-chain volume during outage.","source":""},{"date":"2025-08-01","event":"Curve reduces annual CRV inflation rate to 5.02%, cutting approximately 22 million tokens per year in emissions.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 05d02f28-208b-4ea5-9490-1685ffd55ddccopy
2. #2reviewby reviewerreviewer

   2026-06-13 21:46:47Z
   Score: 38 → 38 (no score change)
   The Curve DEX investigation is broadly accurate on the major events but contains three notable errors: the $1.85M bounty is dated August 1 when it was actually announced August 6-7; the Alchemix fund return is dated August 8 when it occurred August 4-5; and the OTC lockup expiry is described as pushing CRV 'below $0.40' when the cited source reports CRV was ~$0.47 at expiry. The bad debt description in the summary slightly overstates geographic scope (primarily LlamaLend, not broadly 'across connected protocols'). All five section content fields are empty, meaning the investigation is structurally incomplete.
   anchoranchored

   chain

   ●mainnet-betaslot 426,283,255

   sig

   4iKTrnTDdbxy…We3MLhd4copyexplorer ↗

   hash

   BomjZszyVSvz…rXkrk9Aqcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (961 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-13T21:46:47.585Z","decision":"review","investigation_id":"3e4567af-0a09-4107-b598-0cddbf8e26fa","new_score":38,"page_slug":"curve-dex","prev_score":38,"reason":"The Curve DEX investigation is broadly accurate on the major events but contains three notable errors: the $1.85M bounty is dated August 1 when it was actually announced August 6-7; the Alchemix fund return is dated August 8 when it occurred August 4-5; and the OTC lockup expiry is described as pushing CRV 'below $0.40' when the cited source reports CRV was ~$0.47 at expiry. The bad debt description in the summary slightly overstates geographic scope (primarily LlamaLend, not broadly 'across connected protocols'). All five section content fields are empty, meaning the investigation is structurally incomplete.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 1bed3bd6-35dc-4fb8-b866-ba5a7f452368copy
3. #3review reviseby judgejudge

   2026-06-13 21:46:47Z
   Score: 38 → 26 (-12)
   17% of claims (3 of 18) were disputed by the reviewer. Two timeline entries carry incorrect dates: claim_findings[9] places the $1.85M public bounty on August 1, 2023 when Tier 2 sources (Decrypt, CoinTelegraph) confirm it was announced August 6-7 after a deadline expired; claim_findings[11] dates the Alchemix fund return to August 8, 2023 when contemporaneous reporting confirms it occurred August 4-5. claim_findings[14] additionally states OTC selling pushed CRV below $0.40, contradicting the cited Protos source which reports CRV was approximately $0.47 at expiry. These are timeline precision errors rather than disputes of the core narrative. A high-priority coverage gap also flags that all five section content fields are empty strings, leaving the page with no narrative body — this structural incompleteness independently warrants revision regardless of the factual findings.
   anchoranchored

   chain

   ●mainnet-betaslot 426,283,257

   sig

   4NX8tDfNjRrw…D1uNMhBzcopyexplorer ↗

   hash

   6c3oobhKZAsX…bPWBe4mXcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1239 B) ▸

   {"actor":"judge","decided_at":"2026-06-13T21:46:47.585Z","decision":"review_revise","investigation_id":"3e4567af-0a09-4107-b598-0cddbf8e26fa","new_score":26,"page_slug":"curve-dex","prev_score":38,"reason":"17% of claims (3 of 18) were disputed by the reviewer. Two timeline entries carry incorrect dates: claim_findings[9] places the $1.85M public bounty on August 1, 2023 when Tier 2 sources (Decrypt, CoinTelegraph) confirm it was announced August 6-7 after a deadline expired; claim_findings[11] dates the Alchemix fund return to August 8, 2023 when contemporaneous reporting confirms it occurred August 4-5. claim_findings[14] additionally states OTC selling pushed CRV below $0.40, contradicting the cited Protos source which reports CRV was approximately $0.47 at expiry. These are timeline precision errors rather than disputes of the core narrative. A high-priority coverage gap also flags that all five section content fields are empty strings, leaving the page with no narrative body — this structural incompleteness independently warrants revision regardless of the factual findings.","score_delta":-12,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 95bf09eb-d523-4851-a8f9-a92763ba098acopy
4. #4reviewby reviewerreviewer

   2026-06-14 23:15:45Z
   Score: 26 → 26 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Curve Finance is a legitimate, long-running DeFi protocol that has suffered a series of security incidents and governance stress events but has not committed fraud, run a Ponzi scheme, or executed an exit scam. The two largest incidents driving the current WARNING score are (a) the July 2023 exploit, which was caused by a compiler-level bug in the third-party Vyper language and is therefore not attributable to Curve's own negligence or fraud — roughly 73% of funds were recovered — and (b) the June 2024 founder liquidation, where bad debt was fully repaid within days. The 2025 X-account and DNS hijacks are third-party infrastructure attacks that did not compromise the protocol's smart contracts. The VC fraud lawsuit was dismissed by a California appeals court in February 2025. With ~$1.43B TVL in mid-2026, active governance, a scheduled emissions reduction program, and no unresolved fraud findings, Curve meets the CAUTIONARY band criteria (legitimate operator with material caveats): its caveats include continued founder governance-token concentration risk, the unresolved Swiss lawsuit, and the pattern of infrastructure security breaches. A score of 62 (CAUTIONARY) is appropriate under the band semantics — the current score of 38 (WARNING) over-penalizes the entity by treating a third-party compiler exploit and a resolved bad-debt episode as if they were ongoing fraud indicators.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,232

   sig

   64FMgbhrQXE4…ZsHkWi3Jcopyexplorer ↗

   hash

   9rKPLqj84RRi…Mk63WgMscopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1887 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:15:45.355Z","decision":"review","investigation_id":"3e4567af-0a09-4107-b598-0cddbf8e26fa","new_score":26,"page_slug":"curve-dex","prev_score":26,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Curve Finance is a legitimate, long-running DeFi protocol that has suffered a series of security incidents and governance stress events but has not committed fraud, run a Ponzi scheme, or executed an exit scam. The two largest incidents driving the current WARNING score are (a) the July 2023 exploit, which was caused by a compiler-level bug in the third-party Vyper language and is therefore not attributable to Curve's own negligence or fraud — roughly 73% of funds were recovered — and (b) the June 2024 founder liquidation, where bad debt was fully repaid within days. The 2025 X-account and DNS hijacks are third-party infrastructure attacks that did not compromise the protocol's smart contracts. The VC fraud lawsuit was dismissed by a California appeals court in February 2025. With ~$1.43B TVL in mid-2026, active governance, a scheduled emissions reduction program, and no unresolved fraud findings, Curve meets the CAUTIONARY band criteria (legitimate operator with material caveats): its caveats include continued founder governance-token concentration risk, the unresolved Swiss lawsuit, and the pattern of infrastructure security breaches. A score of 62 (CAUTIONARY) is appropriate under the band semantics — the current score of 38 (WARNING) over-penalizes the entity by treating a third-party compiler exploit and a resolved bad-debt episode as if they were ongoing fraud indicators.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 92f65e9f-6fbe-40fe-be0f-ce8622e07692copy
5. #5review approveby judgejudge

   2026-06-14 23:15:45Z
   Score: 26 → 62 (+36)
   This is a severity-calibration review, not a fact-dispute review: all six claim_findings are supported and disputed_pct is 0%. The page content stands as accurate and must remain published. The review establishes with high confidence (0.88) that the current WARNING-band score over-penalizes Curve Finance on three grounds: (1) the July 2023 $70M exploit originated from a Vyper compiler bug, a third-party failure not attributable to Curve protocol design, and 73% of funds were recovered (claim_findings[0-1]); (2) the $10M bad debt generated by the June 2024 founder liquidation was fully repaid by Egorov personally within days, making any framing of it as an unresolved community loss inaccurate (claim_findings[2]); and (3) the VC fraud lawsuit was dismissed by a California appeals court in February 2025, removing it as an active fraud indicator (claim_findings[3]). Curve continues to operate with approximately $1.43B TVL and $126B annual volume (claim_findings[4]), and the 2025 X-account and DNS incidents were infrastructure-layer attacks that did not breach its smart contracts (claim_findings[5]). Material caveats remain — ongoing Swiss proceedings, founder governance-token concentration, and a pattern of infrastructure security breaches — which correctly place the entity in the CAUTIONARY band rather than SAFE. A score_modifier_delta of +36 moves the score toward the reviewer-recommended 62 (CAUTIONARY), correcting the mis-calibration from the current over-penalized WARNING band.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,236

   sig

   ftEQcXSrYoTd…6LxFjKR7copyexplorer ↗

   hash

   8iyKXWPVhazz…PXN8oCFgcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1854 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:15:45.355Z","decision":"review_approve","investigation_id":"3e4567af-0a09-4107-b598-0cddbf8e26fa","new_score":62,"page_slug":"curve-dex","prev_score":26,"reason":"This is a severity-calibration review, not a fact-dispute review: all six claim_findings are supported and disputed_pct is 0%. The page content stands as accurate and must remain published. The review establishes with high confidence (0.88) that the current WARNING-band score over-penalizes Curve Finance on three grounds: (1) the July 2023 $70M exploit originated from a Vyper compiler bug, a third-party failure not attributable to Curve protocol design, and 73% of funds were recovered (claim_findings[0-1]); (2) the $10M bad debt generated by the June 2024 founder liquidation was fully repaid by Egorov personally within days, making any framing of it as an unresolved community loss inaccurate (claim_findings[2]); and (3) the VC fraud lawsuit was dismissed by a California appeals court in February 2025, removing it as an active fraud indicator (claim_findings[3]). Curve continues to operate with approximately $1.43B TVL and $126B annual volume (claim_findings[4]), and the 2025 X-account and DNS incidents were infrastructure-layer attacks that did not breach its smart contracts (claim_findings[5]). Material caveats remain — ongoing Swiss proceedings, founder governance-token concentration, and a pattern of infrastructure security breaches — which correctly place the entity in the CAUTIONARY band rather than SAFE. A score_modifier_delta of +36 moves the score toward the reviewer-recommended 62 (CAUTIONARY), correcting the mis-calibration from the current over-penalized WARNING band.","score_delta":36,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 7e84fad6-58d9-4168-b818-2a373c632333copy