Skip to main content
Sign in
EraLend1 decision on this page

Audit log

Every state-changing event for EraLend: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 15:33:53Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,748,336
    sig
    4ofsyF8TDNaz…Um2VyXYfexplorer ↗
    hash
    84xS76fDt98z…j7aYciiksha256 → base58
    verifying row…full verify ↗
    canonical bytes (4330 B) ▸
    {"actor":"system:backfill","investigation_id":"58dfd95d-061d-4889-8631-bdb547d06e1a","kind":"publish","page_slug":"eralend","published_at":"2026-05-28T15:33:53.207Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"EraLend","sections":[{"content":"","heading":"","severity":"critical","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-eralend-hack-july-2023","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/eralend-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/07/25/zksyncs-largest-lender-struck-by-34m-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/eralend-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-eralend-hack-july-2023","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-eralend-hack-july-2023","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://eralend.medium.com/charting-the-path-forward-eralends-response-and-blueprint-following-the-security-incident-aa8ae4961b4c","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2023/08/08/eralend-separates-exploited-contract-relaunches/","type":"other","url":""},{"credibility":3,"name":"https://www.binance.com/en/square/post/868073","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/eralend","type":"other","url":""}]},{"content":"","heading":"","severity":"low","sources":[{"credibility":3,"name":"https://eralend.medium.com/nexon-finance-is-now-eralend-1aa9caeac537","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/eralend-crypto-lending-protocol-security-breach/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/eralend","type":"other","url":""},{"credibility":3,"name":"https://dappradar.com/dapp/eralend","type":"other","url":""},{"credibility":3,"name":"https://eralend.medium.com/","type":"other","url":""}]}],"sources_used":[],"summary":"EraLend (formerly Nexon Finance) is a decentralized lending protocol on zkSync Era that suffered a $3.4 million read-only reentrancy exploit on July 25, 2023, draining its USDC pool due to a vulnerability in inherited SyncSwap oracle code. The protocol's pre-hack audit by PeckShield explicitly assumed a trusted price oracle, leaving the vulnerable oracle mechanism unexamined. EraLend relaunched post-hack with a fee-based compensation plan but has seen its TVL decline sharply to approximately $138,000 as of 2025-2026.","timeline":[{"date":"2023-02-09","event":"Nexon Finance public testnet launches on zkSync","source":""},{"date":"2023-03-01","event":"PeckShield audits Nexon Finance; audit assumes a trusted price oracle, leaving oracle mechanism unexamined","source":""},{"date":"2023-04-01","event":"Nexon Finance goes live on zkSync Era mainnet","source":""},{"date":"2023-05-20","event":"Nexon Finance rebrands to EraLend","source":""},{"date":"2023-07-25","event":"EraLend exploited via read-only reentrancy attack; approximately $3.4M stolen from USDC pool by attacker 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a","source":""},{"date":"2023-07-26","event":"EraLend confirms attack, suspends borrowing, advises against USDC deposits; SlowMist engaged for asset tracing","source":""},{"date":"2023-08-08","event":"EraLend separates exploited contract into 'EraLend Classic' and relaunches new protocol without SyncSwap LP pool; 10% recovery reward offered","source":""},{"date":"2024-02-07","event":"EraLend announces partnership with Pyth Network — last known public communication","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision ed297aa1-3869-48a8-be22-d0790b657abe
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.