← Exactly Protocol1 decision on this page

Audit log

Every state-changing event for Exactly Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-28 15:02:26Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,743,549
sig
1JtUECoDAgTs…rGWQ1LM2explorer ↗
hash
5nj7GVZUYoZq…SLd8RWGnsha256 → base58
verifying row…full verify ↗
canonical bytes (5924 B) ▸
{"actor":"system:backfill","investigation_id":"6cabadc3-8ceb-411b-bb9c-4948459cefc0","kind":"publish","page_slug":"exactly","published_at":"2026-05-28T15:02:26.153Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Exactly Protocol","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/exactly-protocol-rekt/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/08/18/crypto-lender-exactly-hit-by-12m-bridge-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-exactly-protocol-hack-august-2023","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/defi-exactly-protocol-hack-analysis/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/neptune-mutual/how-was-exactly-protocol-exploited-5ecfa5ad968b","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-exactly-protocol-hack-august-2023","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/defi-exactly-protocol-hack-analysis/","type":"other","url":""},{"credibility":3,"name":"https://olympix.security/blog/exactly-protocol-lost-7-3m-the-code-worked-the-assumptions-didnt","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/exactly-protocol-rekt/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@exactly_protocol/exactly-protocol-recap-4-e58db6dca618","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/exactly-protocol-announces-700000-bounty-for-information-hacker/","type":"other","url":""},{"credibility":3,"name":"https://www.pymnts.com/cryptocurrency/2023/crypto-market-exactly-protocol-targeted-in-12-million-hack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@exactly_protocol/exaip-03-addressing-the-exactly-protocol-hack-and-compensating-affected-users-6e2cd4a0a179","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@exactly_protocol/exactly-protocol-report-q4-2023-5ab2e0838c77","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.crunchbase.com/person/gabriel-gruber","type":"other","url":""},{"credibility":3,"name":"https://rocketreach.co/gabriel-gruber-email_732721","type":"other","url":""},{"credibility":3,"name":"https://www.rootdata.com/member/Gabriel%20Gruber?k=OTA5Mw%3D%3D","type":"other","url":""},{"credibility":3,"name":"https://immunefi.com/bounty/exactly/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://gov.optimism.io/t/exactly-protocol-and-the-exa-app-scaling-onchain-finance-on-optimism/9962","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@exactly_protocol/connecting-the-dots-the-exactly-protocol-and-the-exa-app-f9579ad74c67","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@exactly_protocol/scaling-the-dots-44634b918b2f","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/exactly","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://zachxbt.mirror.xyz/","type":"other","url":""},{"credibility":3,"name":"https://t.me/investigations","type":"other","url":""}]}],"sources_used":[],"summary":"Exactly Protocol is a decentralized, non-custodial fixed-rate and variable-rate lending protocol deployed on the Optimism Layer 2 network. On August 18, 2023, the protocol suffered a critical exploit resulting in approximately $7.3–$12 million in ETH stolen from 117 user accounts due to insufficient input validation in its DebtManager periphery contract. The protocol has since resumed operations, engaged law enforcement, offered a $700,000 bounty, and passed a governance proposal to compensate affected users with EXA tokens.","timeline":[{"date":"2021-07-01","event":"Exactly Protocol founded by Gabriel Gruber and Lucas Lain under Exa Labs.","source":""},{"date":"2022-11-01","event":"Exactly Protocol launched on Ethereum Mainnet.","source":""},{"date":"2023-03-01","event":"Exactly Protocol deployed on Optimism Layer 2 network.","source":""},{"date":"2023-08-18","event":"Exploit executed via malicious market address in DebtManager contract; approximately $7.3–$12 million in ETH stolen from 117 user accounts. Protocol temporarily paused. EXA token fell over 12%.","source":""},{"date":"2023-08-19","event":"Protocol published post-mortem identifying DebtManager vulnerability. $700,000 bounty announced for information leading to attacker arrest and fund recovery.","source":""},{"date":"2023-09-01","event":"Protocol team contacted US Department of Homeland Security; HSI opened case NY02HR23NY0001. Chainalysis engaged to trace stolen funds.","source":""},{"date":"2023-09-01","event":"ABDK Consulting completed audit of remediated DebtManager contract; Strategies section of web app re-enabled.","source":""},{"date":"2023-10-01","event":"EXAIP-03 governance proposal approved; one million EXA tokens allocated as compensation to 117 hack victims, with 48-month linear vesting beginning June 2024.","source":""},{"date":"2024-06-01","event":"Vesting of EXAIP-03 compensation tokens commenced via Sablier NFTs for affected users.","source":""},{"date":"2025-02-01","event":"Exactly Protocol announced partnership with Uphold fintech platform to integrate Exa Credit Card and Exa Loans.","source":""},{"date":"2025-03-01","event":"Exa App launched to general users in 160+ countries, enabling crypto-backed credit cards and fixed-rate lending.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision e89b2b24-ea65-43ea-8c6d-853ede7d3558

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.