← Impermax V31 decision on this page

Audit log

Every state-changing event for Impermax V3: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-30 04:05:55Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 423,080,249
sig
2tDXkSEKestK…Q5LepVY3explorer ↗
hash
5eY1yHi7iBT7…g1quV6xLsha256 → base58
verifying row…full verify ↗
canonical bytes (6330 B) ▸
{"actor":"system:backfill","investigation_id":"47ca9be4-2495-459e-8f6a-07a4eb08f894","kind":"publish","page_slug":"impermax-v3","published_at":"2026-05-30T04:05:55.478Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Impermax V3","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.impermax.finance/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/impermax-v3","type":"other","url":""},{"credibility":3,"name":"https://docs.impermax.finance/getting-started/code-audits","type":"other","url":""},{"credibility":3,"name":"https://impermax.medium.com/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://impermax.medium.com/impermax-v3-exploit-post-mortem-6b0818897b25","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/how-impermax-v3-lost-300k-in-flashloan-attack","type":"other","url":""},{"credibility":3,"name":"https://blog.verichains.io/p/inside-the-impermax-v3-hack","type":"other","url":""},{"credibility":3,"name":"https://monoaudit.com/en/articles/impermax-v3","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/impermaxfinancev3flashloanfeevaluationflawexploited.php","type":"other","url":""},{"credibility":3,"name":"https://incrypthos.com/security/lending-protocol-impermax-v3-drained-by-collateral-fee-valuation-flaw/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.nominis.io/insights/nominis-monthly-report-crypto-attacks-in-november-2025","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/impermax-v3","type":"other","url":""},{"credibility":3,"name":"https://x.com/ImpermaxFinance/status/1988636882977116667","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://impermax.medium.com/imx-incident-post-mortem-and-recovery-plan-aeecd4e457ce","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Impermax_Finance_Private_Key_Compromise_Token_Theft","type":"other","url":""},{"credibility":3,"name":"https://impermax.medium.com/imx-incident-refund-allocations-a873e5393cf3","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.impermax.finance/getting-started/code-audits","type":"other","url":""},{"credibility":3,"name":"https://hackenproof.com/programs/impermax-finance-smart-contracts","type":"other","url":""},{"credibility":3,"name":"https://skynet.certik.com/projects/impermax","type":"other","url":""},{"credibility":3,"name":"https://github.com/Impermax-Finance/IMX/blob/main/audit/CertiK%20Audit%20Report%20for%20IMX.pdf","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/impermax-v3","type":"other","url":""},{"credibility":3,"name":"https://www.nominis.io/insights/nominis-monthly-report-crypto-attacks-in-november-2025","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/impermax-v3","type":"other","url":""},{"credibility":3,"name":"https://impermax.medium.com/impermax-v3-exploit-post-mortem-6b0818897b25","type":"other","url":""},{"credibility":3,"name":"https://www.impermax.finance/","type":"other","url":""}]}],"sources_used":[],"summary":"Impermax V3 is the third major iteration of Impermax Finance, a DeFi leveraged yield-farming and lending protocol that allows liquidity providers to use Uniswap V3 LP tokens as collateral. The protocol suffered two separate critical exploits in 2025 — a ~$300,000 flash-loan collateral valuation attack in April and a ~$380,000 liquidation logic exploit in November — both on the Base chain, resulting in cumulative losses exceeding $680,000 and leaving lenders with unresolved bad debt. These incidents follow a 2022 private key compromise affecting the IMX token, representing a recurring pattern of security failures across the protocol's history.","timeline":[{"date":"2020-12","event":"Impermax Finance whitepaper published, outlining leveraged yield farming using LP tokens as collateral.","source":""},{"date":"2021-04-29","event":"IMX token launched via airdrop to approximately 35,000 Uniswap V2 liquidity providers. 14 million tokens distributed at token generation event.","source":""},{"date":"2022-07-16","event":"Private key compromise of several Impermax team wallets. Approximately 9 million IMX tokens and protocol-owned liquidity stolen. Team frontran attacker by selling tokens. IMX migrated to IBEX via pre-incident snapshot distribution.","source":""},{"date":"2025-04","event":"BailSec and Guardian each complete Impermax V3 Core audits prior to launch.","source":""},{"date":"2025-04-26","event":"Flash-loan exploit on Impermax V3 exploiting uncollected Uniswap V3 fee valuation flaw. Approximately $300,000–$400,000 drained from Base and Arbitrum pools. Attacker address: 0xE3223f7E3343c2C8079f261D59ee1e513086C7C3.","source":""},{"date":"2025-04-28","event":"Impermax Finance publishes official post-mortem on Medium. Protocol stabilization measures announced. Lender reimbursement plan based on pre-exploit snapshot committed to, with timeline unspecified.","source":""},{"date":"2025-07","event":"Joint re-audit of updated Impermax V3 Core completed by Guardian, BailSec (Charles Wang), and Cantina (Riley Holtereus).","source":""},{"date":"2025-08","event":"Guardian completes audit of Aerodrome Slipstream integration with Impermax V3.","source":""},{"date":"2025-11-11","event":"Second critical exploit on Impermax V3: liquidation routing logic vulnerability in cbBTC lending vault on Base. Approximately 5.39 cbBTC (~$380,000) drained. Team disables vault connections and advises all users to withdraw funds.","source":""},{"date":"2026","event":"Protocol TVL declines to approximately $98,000. Annual fee and revenue activity reported at effectively zero. Lender reimbursement status for both 2025 exploits remains unconfirmed publicly.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 2b366882-2c36-414d-bb0c-c210d17dbea0

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.