← Kannagi Finance1 decision on this page

Audit log

Every state-changing event for Kannagi Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-06-01 17:48:15Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 423,640,302
sig
3wV1eZv6BaVT…ZKcQSreAexplorer ↗
hash
AhFujeKpSmp6…4wG9BoJisha256 → base58
verifying row…full verify ↗
canonical bytes (14127 B) ▸
{"actor":"system:backfill","investigation_id":"36bc0adb-ebef-46a3-af26-c80d2d3271ab","kind":"publish","page_slug":"kannagi-finance","published_at":"2026-06-01T17:48:15.742Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Kannagi Finance","sections":[{"content":"On July 29, 2023, the anonymous operators of Kannagi Finance drained the protocol's total value locked of approximately $2.13 million, reducing the contract balance to $0.17. Following the drainage, the team deleted the project's official website, Twitter/X account, GitHub repositories, and all other communication channels. Blockchain security firm PeckShield was among the first to report the incident. MistTrack subsequently identified that 600 ETH (approximately $1.1 million at the time) from the suspected rug pull was deposited into the Tornado Cash cryptocurrency mixer to obscure the trail. No funds have been publicly reported as recovered, and no arrests or identifications of the perpetrators have been confirmed as of the time of this investigation.","heading":"Exit Scam and Fund Drainage","severity":"critical","sources":[{"credibility":2,"name":"crypto.news: zkSync Era's Kannagi Finance rug pulls and steal $2.13m","type":"news_article","url":"https://crypto.news/zksync-eras-kannagi-finance-rug-pulls-and-steal-2-13m/"},{"credibility":2,"name":"Web3 Is Going Great: Kannagi Finance rug pulls for over $2 million","type":"news_article","url":"https://www.web3isgoinggreat.com/?id=kannagi-finance-rug-pull"},{"credibility":2,"name":"Rekt News: Kannagi Finance","type":"news_article","url":"https://rekt.news/kannagi-finance-rekt"},{"credibility":2,"name":"Kannagi Finance's $2 Million User Losses Is Being Shifted To Tornado Cash (Coincu)","type":"news_article","url":"https://coincu.com/207129-kannagi-finances-2-million-user-losses/"}]},{"content":"The Kannagi Finance smart contract architecture contained documented centralization risks that enabled the exit scam. The SourceHat (formerly Solidity Finance) audit of the ERC-4626 Vault contract noted that the MainChef address could initiate withdrawals on behalf of any user by specifying the user's address and an amount to withdraw. Additionally, the owner retained the ability to set the Strategy address and the MainChef address to any address at any time, and could upgrade the contract at any time. The audit flagged these as centralized aspects but issued an overall PASS rating with the notation 'No external vulnerabilities identified,' language that critics argue obscured the severity of the internal control risks. The deployed contract code was also unverified on-chain at the time of the rug pull, which prevented independent review and may indicate that malicious functionality was added after the audit was completed.","heading":"Smart Contract Mechanics and Exploit Vector","severity":"critical","sources":[{"credibility":2,"name":"SourceHat: Kannagi Finance Smart Contract Audit","type":"other","url":"https://sourcehat.com/audits/KannagiFinance/"},{"credibility":2,"name":"Halborn: Explained: The Kannagi Finance Rug Pull (July 2023)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kannagi-finance-rug-pull-july-2023"},{"credibility":2,"name":"Rekt News: Kannagi Finance","type":"news_article","url":"https://rekt.news/kannagi-finance-rekt"}]},{"content":"Kannagi Finance was audited by two firms prior to the rug pull. SolidProof, a German blockchain security firm, audited the ERC-20 token contract on June 6, 2023, but explicitly did not audit the Vault contracts that were the vehicle for the theft. SourceHat audited the ERC-4626 Vault contract and identified centralization risks but issued a passing grade. After the incident, SolidProof issued a public statement clarifying the scope limitation of its audit and announced a collaboration with Kyber Network to form a task force to investigate the incident. The dual-audit arrangement created a gap: SolidProof's scope excluded the vault; SourceHat's audit of the vault downplayed the centralization risks that directly enabled the drain. The Halborn security firm, analyzing the incident post-hoc, criticized the broader pattern of audit reports using careful wording to pass projects despite significant centralized control risks.","heading":"Audit History and Due Diligence Failures","severity":"high","sources":[{"credibility":2,"name":"Halborn: Explained: The Kannagi Finance Rug Pull (July 2023)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kannagi-finance-rug-pull-july-2023"},{"credibility":2,"name":"SourceHat: Kannagi Finance Smart Contract Audit","type":"other","url":"https://sourcehat.com/audits/KannagiFinance/"},{"credibility":2,"name":"ChainCatcher: SolidProof partners with Kyber Network to investigate Kannagi Finance","type":"news_article","url":"https://www.chaincatcher.com/en/article/2098171"},{"credibility":3,"name":"SolidProof statement on X","type":"other","url":"https://x.com/SolidProof_io/status/1685236707786969088"}]},{"content":"The Kannagi Finance team operated entirely anonymously. Rekt News noted that the project's operators used NFT profile pictures and Discord handles containing Chinese characters, but no real-world identities were ever disclosed or verified. Beyond team anonymity, several other warning signs were present before the rug pull. The deployed smart contract code was unverified on-chain, preventing independent review. The protocol had been live for fewer than two months before the drain. SyncSwap, the leading decentralized exchange on zkSync Era, had endorsed the project through a giveaway tweet that was subsequently deleted after the rug pull occurred. The combination of anonymous operators, unverified contracts, and the short operational timeline prior to the incident are now cited as textbook pre-rug indicators.","heading":"Anonymous Team and Pre-Incident Warning Signs","severity":"high","sources":[{"credibility":2,"name":"Rekt News: Kannagi Finance","type":"news_article","url":"https://rekt.news/kannagi-finance-rekt"},{"credibility":2,"name":"Halborn: Explained: The Kannagi Finance Rug Pull (July 2023)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kannagi-finance-rug-pull-july-2023"},{"credibility":2,"name":"BeInCrypto: A Rocky Week for zkSync Era: EraLend Security Breach and Kannagi Finance Rug Pull","type":"news_article","url":"https://beincrypto.com/kannagi-finance-zksync-era-rug-pull/"}]},{"content":"The Kannagi Finance rug pull is widely cited as the first major rug pull on the zkSync Era network. It occurred within days of a separate $3.4 million exploit of EraLend, another zkSync Era protocol, on July 25, 2023, compressing two major security incidents into roughly one week on the nascent network. The back-to-back incidents triggered significant TVL withdrawals from the zkSync Era ecosystem and attracted negative attention at a time when the network was seeking to grow its DeFi footprint. The incidents collectively drew scrutiny to due diligence standards on Layer 2 networks and to the role ecosystem-leading protocols play when endorsing unvetted projects.","heading":"Impact on zkSync Era Ecosystem","severity":"medium","sources":[{"credibility":2,"name":"BeInCrypto: A Rocky Week for zkSync Era: EraLend Security Breach and Kannagi Finance Rug Pull","type":"news_article","url":"https://beincrypto.com/kannagi-finance-zksync-era-rug-pull/"},{"credibility":2,"name":"Bitcoinist: zkSync-Native DeFi Aggregator Kannagi Finance Rug Pulls $2 Million","type":"news_article","url":"https://bitcoinist.com/defi-aggregator-rug-pulls-2-million/"},{"credibility":2,"name":"CoinUnited: Kannagi Finance Rug Pull: $2.13M Lost in Latest zkSync Era Network Incident","type":"news_article","url":"https://coinunited.io/news/en/2023-07-30/crypto/cunews-kannagi-finance-rug-pull-2-13m-loss-adds-to-zksync-era-s-troubles"}]},{"content":"No funds have been publicly reported as recovered as of the time of this investigation. At least 600 ETH (approximately $1.1 million at the time) was routed through the Tornado Cash mixer within one day of the rug pull, significantly hampering on-chain tracing. The known scammer address is 0x95ec03b821f164ce55cbb26f23f591a9bd40d6c1. SolidProof and Kyber Network announced a joint investigative task force, and MistTrack pledged continued monitoring, but no public report of successful perpetrator identification or asset seizure has been published. No law enforcement action has been publicly confirmed.","heading":"Fund Recovery and Investigation Outcomes","severity":"high","sources":[{"credibility":2,"name":"Rekt News: Kannagi Finance","type":"news_article","url":"https://rekt.news/kannagi-finance-rekt"},{"credibility":2,"name":"Kannagi Finance's $2 Million User Losses Is Being Shifted To Tornado Cash (CryptoNews.net)","type":"news_article","url":"https://cryptonews.net/news/finance/21378539/"},{"credibility":2,"name":"ChainCatcher: SolidProof partners with Kyber Network to investigate Kannagi Finance","type":"news_article","url":"https://www.chaincatcher.com/en/article/2098171"}]}],"sources_used":[{"name":"Rekt News: Kannagi Finance","type":"news_article","url":"https://rekt.news/kannagi-finance-rekt"},{"name":"Halborn: Explained: The Kannagi Finance Rug Pull (July 2023)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kannagi-finance-rug-pull-july-2023"},{"name":"crypto.news: zkSync Era's Kannagi Finance rug pulls and steal $2.13m","type":"news_article","url":"https://crypto.news/zksync-eras-kannagi-finance-rug-pulls-and-steal-2-13m/"},{"name":"Web3 Is Going Great: Kannagi Finance rug pulls for over $2 million","type":"news_article","url":"https://www.web3isgoinggreat.com/?id=kannagi-finance-rug-pull"},{"name":"The Block: Kannagi Finance's TVL drops to $0.17 in apparent rug pull","type":"news_article","url":"https://www.theblock.co/post/241997/kannagi-finance-rugpull"},{"name":"BeInCrypto: A Rocky Week for zkSync Era: EraLend Security Breach and Kannagi Finance Rug Pull","type":"news_article","url":"https://beincrypto.com/kannagi-finance-zksync-era-rug-pull/"},{"name":"Bitcoinist: zkSync-Native DeFi Aggregator Kannagi Finance Rug Pulls $2 Million","type":"news_article","url":"https://bitcoinist.com/defi-aggregator-rug-pulls-2-million/"},{"name":"SourceHat: Kannagi Finance Smart Contract Audit","type":"other","url":"https://sourcehat.com/audits/KannagiFinance/"},{"name":"ChainCatcher: SolidProof partners with Kyber Network to investigate Kannagi Finance","type":"news_article","url":"https://www.chaincatcher.com/en/article/2098171"},{"name":"Coincu: Kannagi Finance's $2 Million User Losses Is Being Shifted To Tornado Cash","type":"news_article","url":"https://coincu.com/207129-kannagi-finances-2-million-user-losses/"},{"name":"CryptoNews.net: Kannagi Finance's $2 Million User Losses Is Being Shifted To Tornado Cash","type":"news_article","url":"https://cryptonews.net/news/finance/21378539/"},{"name":"CoinUnited: Kannagi Finance Rug Pull: $2.13M Loss","type":"news_article","url":"https://coinunited.io/news/en/2023-07-30/crypto/cunews-kannagi-finance-rug-pull-2-13m-loss-adds-to-zksync-era-s-troubles"},{"name":"SolidProof statement on X","type":"other","url":"https://x.com/SolidProof_io/status/1685236707786969088"},{"name":"Investing.com: zkSync Era's Kannagi Finance rug pulls and steal $2.13m","type":"news_article","url":"https://www.investing.com/news/cryptocurrency-news/zksync-eras-kannagi-finance-rug-pulls-and-steal-213m-3138451"}],"summary":"Kannagi Finance was a decentralized yield aggregator launched on zkSync Era in June 2023. On July 29, 2023, its anonymous team executed an exit scam, draining approximately $2.13 million in user deposits and deleting all online presence. The incident is considered the first major rug pull on the zkSync Era network, with at least $1.1 million subsequently routed through the Tornado Cash mixer.","timeline":[{"date":"2023-06-06","event":"SolidProof completes audit of the Kannagi Finance ERC-20 token contract. The audit scope excludes the Vault contracts.","source":"Halborn (citing SolidProof)","source_url":"https://www.halborn.com/blog/post/explained-the-kannagi-finance-rug-pull-july-2023"},{"date":"2023-06-01","event":"SourceHat (formerly Solidity Finance) audits the Kannagi Finance ERC-4626 Vault contract, flagging centralization risks but issuing an overall PASS rating.","source":"SourceHat audit report","source_url":"https://sourcehat.com/audits/KannagiFinance/"},{"date":"2023-07-01","event":"Kannagi Finance launches on zkSync Era as a decentralized yield aggregator, accumulating approximately $2.13 million in TVL within weeks.","source":"crypto.news","source_url":"https://crypto.news/zksync-eras-kannagi-finance-rug-pulls-and-steal-2-13m/"},{"date":"2023-07-25","event":"EraLend, a separate zkSync Era lending protocol, is exploited for $3.4 million, marking the start of a turbulent week for the network.","source":"BeInCrypto","source_url":"https://beincrypto.com/kannagi-finance-zksync-era-rug-pull/"},{"date":"2023-07-29","event":"Kannagi Finance team drains approximately $2.13 million in user deposits from the protocol, reducing TVL to $0.17. The project's website, Twitter/X account, and GitHub repositories are deleted.","source":"Web3 Is Going Great","source_url":"https://www.web3isgoinggreat.com/?id=kannagi-finance-rug-pull"},{"date":"2023-07-30","event":"MistTrack identifies that 600 ETH (approximately $1.1 million) from the Kannagi rug pull has been deposited into the Tornado Cash mixer. The scammer address 0x95ec03b821f164ce55cbb26f23f591a9bd40d6c1 is identified.","source":"Coincu / CryptoNews.net","source_url":"https://coincu.com/207129-kannagi-finances-2-million-user-losses/"},{"date":"2023-07-30","event":"SolidProof issues a public statement clarifying that its audit did not cover the Vault contracts involved in the rug pull, and announces a joint investigation task force with Kyber Network.","source":"ChainCatcher / SolidProof on X","source_url":"https://www.chaincatcher.com/en/article/2098171"}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 810727f8-5961-47e0-bf90-48c8bac2024c

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.