Skip to main content
Sign in
DAO Maker Vesting3 decisions on this page

Audit log

Every state-changing event for DAO Maker Vesting: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 17:50:02Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,768,954
    sig
    5NE45WSJsQGp…qoevTg7hexplorer ↗
    hash
    8SxK126wbhXP…3RPFRiHdsha256 → base58
    verifying row…full verify ↗
    canonical bytes (7203 B) ▸
    {"actor":"system:backfill","investigation_id":"d8c26836-fed6-47ab-a999-8ba0da02fedf","kind":"publish","page_slug":"dao-maker-vesting","published_at":"2026-05-28T17:50:02.184Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"DAO Maker Vesting","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/78381/crypto-crowdfunding-platform-dao-maker-hacked-7-million","type":"other","url":""},{"credibility":3,"name":"https://www.newsweek.com/dao-maker-hack-7m-stolen-defi-heist-1618785","type":"other","url":""},{"credibility":3,"name":"https://cryptoadventure.com/dao-maker-review-launchpad-dao-token-staking-and-2026-outlook/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.newsweek.com/dao-maker-hack-7m-stolen-defi-heist-1618785","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/78381/crypto-crowdfunding-platform-dao-maker-hacked-7-million","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/intelligence-of-slowmist-zone-dao-makers-vesting-system-was-hacked-5825e4828969","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/09/09/cash-from-2021-dao-maker-crypto-hack-being-mixed-through-tornado-cash","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://slowmist.medium.com/intelligence-of-slowmist-zone-dao-makers-vesting-system-was-hacked-5825e4828969","type":"other","url":""},{"credibility":3,"name":"https://www.crowdfundinsider.com/2021/09/179967-hacked-blockchain-security-firm-slowmist-shares-analysis-of-recent-dao-maker-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.vidma.io/blog/dao-maker-hack-a-4-million-lesson-in-smart-contract-security","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/daomakerexploit.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/09/09/cash-from-2021-dao-maker-crypto-hack-being-mixed-through-tornado-cash","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/168828/tornado-cash-used-to-launder-500000-stolen-from-dao-maker-last-year-security-firms","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/dao-maker-victims-still-await-reimbursement-3-years-after-hack","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/dao-maker-community-investigates","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/dao-maker-allegedly-tries-to-dodge-hack-repayment-promises","type":"other","url":""},{"credibility":3,"name":"https://thearabianpost.com/empty-promises-haunt-dao-maker-hack-victims-after-three-years/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptointelligence.co.uk/dao-maker-faces-backlash-over-unfulfilled-compensation-promises-following-7m-hack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/dao-maker-community-investigates","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/dao-maker-victims-still-await-reimbursement-3-years-after-hack","type":"other","url":""},{"credibility":3,"name":"https://www.cryptointelligence.co.uk/dao-maker-faces-backlash-over-unfulfilled-compensation-promises-following-7m-hack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://slowmist.medium.com/intelligence-of-slowmist-zone-dao-makers-vesting-system-was-hacked-5825e4828969","type":"other","url":""},{"credibility":3,"name":"https://www.crowdfundinsider.com/2021/09/179967-hacked-blockchain-security-firm-slowmist-shares-analysis-of-recent-dao-maker-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.vidma.io/blog/dao-maker-hack-a-4-million-lesson-in-smart-contract-security","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoadventure.com/dao-maker-review-launchpad-dao-token-staking-and-2026-outlook/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/dao-maker-vesting","type":"other","url":""}]}],"sources_used":[],"summary":"DAO Maker Vesting refers to the smart contract infrastructure operated by DAO Maker, a crypto launchpad platform, that was compromised in two separate exploits in 2021 resulting in combined losses of approximately $11 million. The August 2021 incident drained $7 million in USDC from 5,251 user accounts via a compromised admin private key, and a second exploit in September 2021 extracted approximately $4 million from vesting contracts via an unauthenticated init() function vulnerability. Victims allege that DAO Maker has failed to honor its full compensation commitments over three years after the hacks, with governance manipulation alleged to have been used to cancel the USDR reimbursement program.","timeline":[{"date":"2021-08-12","event":"DAO Maker suffers first hack: approximately $7 million in USDC stolen from 5,251 user accounts via compromised admin private key. Stolen USDC converted to ETH; approximately 3,800 ETH moved to Tornado Cash.","source":""},{"date":"2021-08-17","event":"DAO Maker announces compensation plan including immediate 500 USDC airdrop per victim and USDR IOU tokens redeemable at 110% of losses after one year. Original Medium post later deleted.","source":""},{"date":"2021-09-04","event":"DAO Maker suffers second hack: approximately $4 million stolen from vesting contracts via unauthenticated init() function vulnerability. Affected tokens include CAPS, CPD, DERC, and SHO tokens swapped to DAI.","source":""},{"date":"2022-08-08","event":"Promised USDR redemption date passes. Approximately 3,500 addresses holding roughly $3.5 million in USDR await redemption that does not materialize.","source":""},{"date":"2022-09-09","event":"PeckShield and CertiK report that 500,000 DAI from the 2021 DAO Maker hack is being laundered through Tornado Cash, over a year after the initial attack.","source":""},{"date":"2022-10-06","event":"DAO Maker removes USDR/USDC liquidity pool. Community investigators allege governance vote to cancel USDR redemptions was passed using team-controlled wallets, then deleted from Snapshot.","source":""},{"date":"2024-04-01","event":"CoinTelegraph reports that hack victims still await reimbursement three years after the August 2021 exploit. DeFi researcher SOMA Analytics publishes findings alleging governance manipulation to cancel compensation.","source":""},{"date":"2025-10-31","event":"DAO Maker announces partnership with XDC Network for launchpad integration, continuing platform operations.","source":""},{"date":"2026-01-01","event":"OKX delists the DAO token alongside six other tokens, reducing exchange liquidity for the native platform token.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision d9096821-5c90-4e30-8174-a680d235d66e
  2. #2reviewby reviewerreviewer
    2026-06-13 19:49:46Z
    Score: 2222 (no score change)
    The core factual claims about both DAO Maker hacks — dates, amounts, victim counts, and technical vulnerabilities — are well-supported by credible primary sources including Decrypt, Newsweek, CoinDesk, and SlowMist. Three claims are partially supported: the CoinTelegraph article date is April 23, 2024 rather than April 1; the OKX delisting occurred January 27-30, 2026 rather than January 1; and the '110% of losses' characterization is a slightly imprecise but not misleading summary of the actual USDR redemption structure. No claims were found to be disputed or fabricated. The most significant structural issue is that all eight page sections have empty heading and content fields, leaving the investigation narrative confined to summary and timeline only.
    anchoranchored
    chain
    mainnet-betaslot 426,265,555
    sig
    4LWRzcqdaQLx…NNzKHKsoexplorer ↗
    hash
    413GpgMBfj2R…H6Yrb18Msha256 → base58
    verifying row…full verify ↗
    canonical bytes (1115 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-13T19:49:46.062Z","decision":"review","investigation_id":"d8c26836-fed6-47ab-a999-8ba0da02fedf","new_score":22,"page_slug":"dao-maker-vesting","prev_score":22,"reason":"The core factual claims about both DAO Maker hacks — dates, amounts, victim counts, and technical vulnerabilities — are well-supported by credible primary sources including Decrypt, Newsweek, CoinDesk, and SlowMist. Three claims are partially supported: the CoinTelegraph article date is April 23, 2024 rather than April 1; the OKX delisting occurred January 27-30, 2026 rather than January 1; and the '110% of losses' characterization is a slightly imprecise but not misleading summary of the actual USDR redemption structure. No claims were found to be disputed or fabricated. The most significant structural issue is that all eight page sections have empty heading and content fields, leaving the investigation narrative confined to summary and timeline only.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision ea374581-34b3-4e49-b248-1adbfda7b79c
  3. #3review approveby judgejudge
    2026-06-13 19:49:46Z
    Score: 2222 (no score change)
    The reviewer found zero disputed claims across 14 checked items. All core allegations — the August and September 2021 hack amounts, victim counts, technical exploit vectors, Tornado Cash laundering, and unmet compensation commitments — are confirmed by Tier 1 and Tier 2 sources including CoinDesk, Decrypt, Newsweek, and SlowMist. Three claims are partially supported due to minor date inaccuracies: the CoinTelegraph article date (April 23 vs. April 1 in claim_findings[11]) and the OKX delisting dates (January 27-30 vs. January 1 in claim_findings[12]). Neither inaccuracy affects the substance of the underlying events. Two high-priority coverage gaps exist — missing on-chain transaction references and empty page sections — but these represent expansion opportunities rather than factual failures, and do not meet the threshold for revise.
    anchoranchored
    chain
    mainnet-betaslot 426,265,558
    sig
    5xXwVNQbByEQ…Bkvj7Cv6explorer ↗
    hash
    wSyZbBeF3FbS…oRkMpSCWsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1204 B) ▸
    {"actor":"judge","decided_at":"2026-06-13T19:49:46.062Z","decision":"review_approve","investigation_id":"d8c26836-fed6-47ab-a999-8ba0da02fedf","new_score":22,"page_slug":"dao-maker-vesting","prev_score":22,"reason":"The reviewer found zero disputed claims across 14 checked items. All core allegations — the August and September 2021 hack amounts, victim counts, technical exploit vectors, Tornado Cash laundering, and unmet compensation commitments — are confirmed by Tier 1 and Tier 2 sources including CoinDesk, Decrypt, Newsweek, and SlowMist. Three claims are partially supported due to minor date inaccuracies: the CoinTelegraph article date (April 23 vs. April 1 in claim_findings[11]) and the OKX delisting dates (January 27-30 vs. January 1 in claim_findings[12]). Neither inaccuracy affects the substance of the underlying events. Two high-priority coverage gaps exist — missing on-chain transaction references and empty page sections — but these represent expansion opportunities rather than factual failures, and do not meet the threshold for revise.","score_delta":0,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 1fb8fe5e-d750-4685-aab0-2806a3cd46e8
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.