Lava

2024-03-07

Lava Finance (lavadefi.io) launches as a decentralized multichain lending and borrowing protocol on Arbitrum and Base.

2024-03-28

PeckShield Alert publicly reports an active exploit on Lava Finance. All lending markets are paused within 15 minutes.

2024-03-29

Lava Finance flash loan exploit confirmed. Approximately $340,000 lost via a protocol logic vulnerability in the liquidation engine. Law enforcement reports filed; attacker address flagged on Arbiscan.

2024-04-26

Lava Finance publishes a post-mortem on HackMD detailing the exploit, remediation steps including the _limitFees function fix, and Insurance Fund compensation for affected users.

2024-10-04

A second exploit targets Lava Finance on Arbitrum, resulting in approximately $130,000 in losses via a protocol logic flash loan attack, despite prior mitigations.

2025-09-01

Lava (lava.xyz) pushes an app update prompting users to migrate funds to new vaults, without disclosing the transition from self-custodial DLCs to a fully custodial cold-storage model.

2025-11-04

Owen Kemeys of Foundation Devices publicly questions Lava's consent practices on X, triggering widespread media coverage of the custody model shift.

2025-11-14

Gizmodo, Bitcoin Magazine, Blockspace, and Protos publish investigations into Lava's custody model pivot. Jack Mallers raises regulatory legality concerns. Lava CEO Shehzan Maredia defends the change citing DLC technology risks.

2025-11-01

Lava (lava.xyz) announces $200 million in new funding from Founders Fund, Khosla Ventures, Susquehanna, and angels including Anthony Pompliano, concurrent with the custody controversy.