Skip to main content
Sign in

Exactly Protocol

avoid.net/exactly-protocol42/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·4Tvt3Y…4SGV

Summary

Exactly Protocol is a decentralized, non-custodial fixed and variable interest rate lending protocol deployed on the Optimism Layer 2 network. On August 18, 2023, the protocol suffered a critical exploit in its DebtManager periphery contract that drained approximately $7.3 million from 117 user accounts through an access control bypass and reentrancy attack. Despite multiple prior audits of its core contracts, the vulnerable periphery contract was outside the audit scope at the time of the attack; the stolen funds were bridged to Ethereum and have not been publicly confirmed as recovered.

Connected Entities

1 entities · 10 linked investigations
Protocols
Exactly Protocol
Relationships
    Also appears in
    Gamma Strategies·28BitGrail·2Thorchain DEX·14Orca·85KuCoin Exchange Hack·32Zircon Gamma·32CryptoZoo·8Value DeFi Protocol·18Evolved Apes NFT·2Tinyman·52
    Have evidence about Exactly Protocol?

    Timeline(11 events)

    2021-07-01

    Exactly Protocol founded by Gabriel Gruber and team.

    Crunchbase / The Org

    2022-11-01

    Exactly Protocol launches on Ethereum Mainnet.

    Exactly Protocol Official Medium

    2023-03-01

    Exactly Protocol deploys on Optimism. DebtManager periphery contract deployed around this date.

    Exactly Protocol Incident Post-Mortem

    2023-03-30

    DebtManager contract launched on Optimism with input validation gaps present at launch.

    Exactly Protocol Incident Post-Mortem

    2023-07-12

    Permit scheme added to DebtManager contract, introducing the specific vulnerability later exploited.

    Exactly Protocol Incident Post-Mortem

    2023-08-18

    Primary attacker deploys malicious exploit contract at 08:46 UTC, begins draining user funds from DebtManager via access control bypass and reentrancy. Approximately 4,330 ETH (~$7.3M) stolen from 117 accounts.

    Exactly Protocol Incident Post-Mortem / Decrypt

    2023-08-18

    Protocol paused at approximately 10:40 UTC. Copycat attacker (tiffa.eth) exploits same vulnerability for additional ~140 ETH (~3% of losses).

    Exactly Protocol Incident Post-Mortem

    2023-08-18

    Attacker bridges approximately 1,490 ETH to Ethereum via Across Protocol and approximately 2,832.92 ETH via the Optimism Bridge.

    Decrypt / De.Fi analysis

    2023-08-22

    Exactly Protocol announces $700,000 bounty for information leading to recovery of stolen funds and arrest of attacker. Protocol engages Chainalysis for on-chain tracing.

    CryptoNews

    2023-09-01

    Protocol publishes official incident post-mortem. Re-engages ABDK to conduct expanded audit including periphery contracts previously out of scope.

    Exactly Protocol Incident Post-Mortem

    2025-03-01

    Exactly Protocol reportedly receives $2 million investment from Uphold, indicating continued operations.

    DeFiLlama / search aggregates
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/31/2026, 6:59:27 AM

    last updated: 5/31/2026, 6:59:31 AM

    avoid.net — verified advice for a post-truth world