Skip to main content
Sign in
Kinto Bridge1 decision on this page

Audit log

Every state-changing event for Kinto Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-27 20:21:19Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,573,701
    sig
    2vQjXfHMb1Dp…28sUSt4Wexplorer ↗
    hash
    Ddn4iXf6Ushm…1rovBnoNsha256 → base58
    verifying row…full verify ↗
    canonical bytes (7457 B) ▸
    {"actor":"system:backfill","investigation_id":"dca215f1-2293-4a6b-83ee-148d9042eb77","kind":"publish","page_slug":"kinto-bridge","published_at":"2026-05-27T20:21:19.385Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Kinto Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.prnewswire.com/news-releases/kinto-launches-as-a-layer-2-in-arbitrum-ecosystem-301993897.html","type":"other","url":""},{"credibility":3,"name":"https://docs.kinto.xyz/kinto-the-safe-l2/general/litepaper","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/11/15/blockchain-startup-kinto-plans-first-kycd-ethereum-layer-2-blockchain-after-raising-5m","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/kinto-bridge","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/mamori-finance/%EF%B8%8F-post-mortem-k-proxy-hack-our-path-forward-c2c3809882c6","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/blockchains/kinto-token-tanks-90-as-backdoor-disclosure-lets-attacker-mint-110-000-tokens-and-drain","type":"other","url":""},{"credibility":3,"name":"https://www.dedaub.com/blog/the-cpimp-attack-an-insanely-far-reaching-vulnerability-successfully-mitigated/","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/kintotokenhiddenoffnetworkproxyinitializationexploit.php","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/just-bad-luck","type":"other","url":""},{"credibility":3,"name":"https://www.nethermind.io/blog/cpimp-attack-how-uninitialized-proxies-are-exploited-during-deployment","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/mamori-finance/%EF%B8%8F-post-mortem-k-proxy-hack-our-path-forward-c2c3809882c6","type":"other","url":""},{"credibility":3,"name":"https://www.cointeeth.com/news/ethereum-layer-2-project-kinto-folds-following-exploit-and-failed-1","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/kinto-price-slides-shutdown-1-9m-hack-july-2025/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/mamori-finance/kinto-is-shutting-down-fca59862f0e7","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/369731/ethereum-layer-2-kinto-shuts-down-in-wake-of-1-6-million-july-exploit","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/blockchains/ethereum-l2-kinto-shuts-down-months-after-exploit-as-fundraising-options-disappeared","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/kinto-plunges-81-as-eth-l2-is-set-to-wind-down-months-after-hack","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/369879/crypto-lending-protocol-wildcat-says-kinto-default-poses-no-risk-of-contagion-for-outstanding-loans","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/kintos-k-collapsed-before-unlocking/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/babylon-finance/babylon-finance-is-shutting-down-b58abf1bc251","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/babylon-finance-shutters-operations-80m-rari-hack-we-failed-need-accept-it/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/just-bad-luck","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/risks-realities-high-yield-defi-projects-lessons-kinto-collapse-2509/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptorank.io/ico/kinto","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/price/kinto/vesting","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/kinto-bridge","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/kintos-k-collapsed-before-unlocking/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/just-bad-luck","type":"other","url":""},{"credibility":3,"name":"https://x.com/zachxbt","type":"other","url":""}]}],"sources_used":[],"summary":"Kinto was a KYC-enforced Ethereum Layer 2 built on the Arbitrum Nitro stack, marketing itself as a 'safety-first' DeFi protocol with built-in AML and identity verification. On July 10, 2025, an attacker exploited a CPIMP proxy vulnerability in the $K token contract on Arbitrum, minting 110,000 unauthorized tokens and draining approximately $1.55–1.9 million from Uniswap V4 and Morpho Blue liquidity pools. Despite a partial recovery effort dubbed 'Phoenix,' the project announced shutdown effective September 30, 2025, as fundraising options collapsed and the team ran unpaid for months.","timeline":[{"date":"2023-11-15","event":"Kinto raises $3.5–5 million seed round led by SALT with participation from ParaFi Capital, Robot Ventures, SkyBridge Capital, Kraynos Capital, Modular Capital, and The Spartan Group; announces migration to Arbitrum Nitro stack.","source":""},{"date":"2024-05-01","event":"Kinto mainnet launches on the Arbitrum ecosystem as a KYC-enforced Layer 2.","source":""},{"date":"2024-06-30","event":"$K token contract deployed on Arbitrum.","source":""},{"date":"2025-01-01","event":"Final investor token round occurs at $10 per $K token.","source":""},{"date":"2025-03-19","event":"Kinto developers deploy the $K token proxy on Arbitrum without atomic initialization; attacker initializes the proxy with a backdoor hidden implementation two seconds later.","source":""},{"date":"2025-04-01","event":"$K token airdrop and public listing proceeds; token launches at approximately $7.68.","source":""},{"date":"2025-07-09","event":"CPIMP (ERC-1967 proxy) vulnerability publicly disclosed at 20:17 UTC; Venn Network runs a 36-hour remediation war room notifying affected protocols — Kinto is not reached in time.","source":""},{"date":"2025-07-10","event":"Attacker exploits $K token proxy at 08:40 UTC; mints 110,000 unauthorized $K tokens; drains 577 ETH (~$1.55–1.9M) from Uniswap V4 and Morpho Blue pools. Kinto issues first public alert at 09:50 UTC. $K token crashes 90–95%.","source":""},{"date":"2025-07-10","event":"Kinto freezes CEX trading, pulls remaining liquidity, and begins collaboration with ZeroShadow for on-chain investigation.","source":""},{"date":"2025-07-01","event":"Kinto launches Phoenix recovery initiative; raises just over $1 million in debt financing; deploys new hardened $K contract; restores balances to pre-hack block 356170028.","source":""},{"date":"2025-09-07","event":"Kinto announces full shutdown effective September 30, 2025, citing failed fundraising and unsustainable unpaid operations. $K token falls an additional 81–85% on announcement day.","source":""},{"date":"2025-09-30","event":"Kinto L2 operations, bridge, UI, and wallets shut down. Users directed to claim portals active October 1 through November 30, 2025.","source":""},{"date":"2025-10-15","event":"ERA airdrop distribution targeted; Ethereum mainnet claim contract for hack victims launches.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 2b21c6ef-e682-4eab-8479-deee4e108cd9
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.