Midas Capital

2021-10-01

Midas Capital conceptualized at LisCon 2021 as a multichain deployment of Rari Capital's Fuse isolated lending protocol.

2022-01-01

Midas Capital launched, offering Tribe DAO a 25% token allocation; proposal passed with 94% governance support.

2022-04-01

Parent ecosystem Rari Capital's Fuse pools exploited for approximately $80 million; Tribe DAO destabilized.

2022-08-01

Tribe DAO votes to wind down operations. Midas Capital continues independently.

2022-10-01

Read-only reentrancy vulnerability in Curve LP tokens exploited against market.xyz for $220,000 — a known precursor to the January 2023 Midas Capital attack.

2023-01-15

Jarvis Polygon pool exploited via read-only reentrancy on WMATIC-stMATIC Curve LP token collateral. Approximately $660,000 in jCHF, jEUR, jGBP, and agEUR stolen and swapped to MATIC. Jarvis Network covers ~$350,000 shortfall.

2023-01-17

Midas Capital publishes post-mortem on January exploit; attempts to contact attacker regarding bounty; no funds recovered.

2023-04-01

Hundred Finance exploited for approximately $7 million using the same Compound V2 rounding/inflation attack pattern that would later strike Midas Capital.

2023-06-17

BNB Chain Ankr-Helio isolated pool exploited via exchange rate inflation attack (rounding vulnerability in Compound V2 fork). Approximately $340,000 drained per team post-mortem; PeckShield reports over $600,000 total. 510+ BNB laundered through Tornado Cash.

2023-06-18

Midas Capital pauses all pools, contacts authorities, and announces pivot toward permissioned protocol design.

2023-06-20

Midas Capital publishes post-mortem on June exploit detailing rounding vulnerability and incomplete fix inherited from Compound V2 / Hundred Finance patch lineage.