Skip to main content
Sign in
Curve Finance1 decision on this page

Audit log

Every state-changing event for Curve Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 18:32:25Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,211,480
    sig
    3bUs7aTFXCFd…3hSx4jt8explorer ↗
    hash
    8RiJLNXtgAzM…dtZaLv12sha256 → base58
    verifying row…full verify ↗
    canonical bytes (7769 B) ▸
    {"actor":"system:backfill","investigation_id":"108d7b65-7cee-4e16-a90a-10e0f4936e64","kind":"publish","page_slug":"curve-finance","published_at":"2026-05-30T18:32:25.429Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Curve Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.gemini.com/cryptopedia/curve-finance-liquidity-provider-dao","type":"other","url":""},{"credibility":3,"name":"https://resources.curve.finance/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2023/07/31/a-curve-founders-168m-stash-is-under-stress-creating-a-risk-for-defi-as-a-whole","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://hackmd.io/@vyperlang/HJUgNMhs2","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/2qbPMcyJpR5UfoKrcjWxlQ-vyper-incident-anaylsis","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-vyper-bug-hack-july-2023","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chainalysis.com/blog/curve-finance-liquidity-pool-hack/","type":"other","url":""},{"credibility":3,"name":"https://hacken.io/discover/curve-finance-liquidity-pools-hack-explained/","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/curve-suffers-exploit","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/vyper-vulnerability-exposes-defi-ecosystem-stress-tests","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2023/08/07/curve-recoups-73-of-hacked-funds-bolstering-crv-sentiment","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/243464/curve-exploit-identity-bounty","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/curve-hack-mev-bot-behind-61m-heist-begins-returning-funds","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/curve-finance-liquidity-pool-hack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/markets/2023/07/31/a-curve-founders-168m-stash-is-under-stress-creating-a-risk-for-defi-as-a-whole","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/news/curve-exploit-curve-founder-michael-081342185.html","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/08/03/curve-founder-still-owes-80m-despite-raising-nearly-30m-in-past-two-days","type":"other","url":""},{"credibility":3,"name":"https://247wallst.com/investing/2023/08/01/curve-founder-sells-40m-in-crv-tokens-amid-liquidation-risk/","type":"other","url":""},{"credibility":3,"name":"https://unchainedcrypto.com/curve-founders-liquidation-could-trigger-chaos-for-defi/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoslate.com/curve-finance-tvl-halved-following-vyper-vulnerability-exploit/","type":"other","url":""},{"credibility":3,"name":"https://techcrunch.com/2023/08/01/curve-finances-62m-exploit-exposes-larger-issues-for-defi-ecosystem/","type":"other","url":""},{"credibility":3,"name":"https://blockworks.com/news/curve-suffers-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2023/08/09/as-curve-averts-defi-death-spiral-fiasco-exposes-serious-risks","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/curve-finance-disburse-49-million-compensation-hack-victims","type":"other","url":""},{"credibility":3,"name":"https://coingape.com/curve-finance-community-approves-49m-payout-for-july-hack-victims/","type":"other","url":""},{"credibility":3,"name":"https://www.outlookmoney.com/cryptocurrency/sec-regrets-errors-related-to-crypto-firm-enforcement-case-curve-finance-to-disburse-49m-in-compensation-to-hack-victims","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-vyper-bug-hack-july-2023","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/2qbPMcyJpR5UfoKrcjWxlQ-vyper-incident-anaylsis","type":"other","url":""},{"credibility":3,"name":"https://hackmd.io/@vyperlang/HJUgNMhs2","type":"other","url":""},{"credibility":3,"name":"https://github.com/curvefi/security-incident-reports","type":"other","url":""}]}],"sources_used":[],"summary":"Curve Finance is a major decentralized exchange (DEX) on Ethereum optimized for stablecoin and pegged-asset trading, operating since January 2020. On July 30, 2023, a latent vulnerability in the Vyper smart-contract compiler (versions 0.2.15, 0.2.16, and 0.3.0) was exploited across multiple Curve liquidity pools, draining approximately $70 million and triggering a near-systemic crisis when the resulting CRV price drop threatened to cascade-liquidate founder Michael Egorov's heavily collateralized on-chain loans. Roughly 73% of stolen funds were ultimately recovered or returned, and in December 2023 the Curve DAO voted to disburse approximately $49 million in compensation to affected liquidity providers.","timeline":[{"date":"2020-01-01","event":"Curve Finance launches on Ethereum mainnet as a stablecoin-optimized DEX.","source":""},{"date":"2021-07-01","event":"Vyper v0.2.15 released, inadvertently introducing the reentrancy lock storage-slot bug that would remain undetected for two years.","source":""},{"date":"2021-11-01","event":"Vyper v0.2.16 and v0.3.0 released, perpetuating the reentrancy vulnerability.","source":""},{"date":"2022-01-01","event":"Vyper v0.3.1 released, fixing the reentrancy lock defect — but pools already deployed with earlier versions remain vulnerable.","source":""},{"date":"2023-07-30","event":"July 30, 2023: Attackers begin exploiting Curve Finance pools compiled with vulnerable Vyper versions. JPEG'd pETH/ETH (~$11M), Alchemix alETH/ETH (~$20M), Metronome msETH/ETH (~$1.6M), and Curve CRV/ETH (~$18-22M) pools are drained. Total losses approximately $69-73 million.","source":""},{"date":"2023-07-31","event":"CRV token price falls over 20%. Curve TVL drops from ~$3.26B to ~$1.72B. Egorov's $100M+ in on-chain loans put at risk of liquidation cascade. Gauntlet recommends Aave DAO freeze CRV markets.","source":""},{"date":"2023-08-01","event":"Curve Finance offers 10% bounty to exploiters if funds are returned by August 4. c0ffeebabe.eth returns ~$5.3M from CRV/ETH pool and ~$1.6M from Metronome pool.","source":""},{"date":"2023-08-01","event":"Michael Egorov conducts approximately $42.4 million in OTC CRV token sales at $0.40/token to reduce loan exposure and avoid cascade liquidation.","source":""},{"date":"2023-08-04","event":"Bounty deadline passes without full fund return from all exploiters. Alchemix attacker begins returning funds voluntarily.","source":""},{"date":"2023-08-06","event":"Curve Finance opens $1.85 million public bounty for information leading to identification and conviction of remaining exploiters.","source":""},{"date":"2023-08-07","event":"Approximately 73% of stolen funds recovered or returned. Curve DAO receives recovered ETH from white hat operations.","source":""},{"date":"2023-12-21","event":"Curve DAO votes 94% in favor to disburse approximately $49.2 million in compensation to affected liquidity providers across CRV, alETH, pETH, and msETH pools.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 5e08eb29-8cda-4558-8172-6fb17dcb0541
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.