Audit log

Every state-changing event for NowSwap: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-28 18:57:52Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,779,228

   sig

   Xu58HkpMGR23…SAf3bnk5copyexplorer ↗

   hash

   BnD2hKvN1D2z…oVCndyQicopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (5172 B) ▸

   {"actor":"system:backfill","investigation_id":"a7231b8c-ca69-465e-9486-d6141d6205c9","kind":"publish","page_slug":"nowswap","published_at":"2026-05-28T18:57:52.217Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"NowSwap","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://nowswap.medium.com/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/nowswap","type":"other","url":""},{"credibility":3,"name":"https://halborn.com/explained-the-nowswap-protocol-hack-september-2021/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://halborn.com/explained-the-nowswap-protocol-hack-september-2021/","type":"other","url":""},{"credibility":3,"name":"https://coinchapter.com/over-1m-in-usdt-and-weth-stolen-following-nowswap-dex-hack/","type":"other","url":""},{"credibility":3,"name":"https://coingape.com/defi-hack-alert-nowswap-losses-over-1-million-in-cyber-attack/","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/nowswapprotocollogicerror.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/nowswapprotocollogicerror.php","type":"other","url":""},{"credibility":3,"name":"https://coinchapter.com/over-1m-in-usdt-and-weth-stolen-following-nowswap-dex-hack/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/nowswap","type":"other","url":""},{"credibility":3,"name":"https://www.stelareum.io/en/defi-tvl/protocol/s_nowswap.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://nowswap.medium.com/","type":"other","url":""},{"credibility":3,"name":"https://halborn.com/explained-the-nowswap-protocol-hack-september-2021/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/nowswap","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://halborn.com/explained-the-nowswap-protocol-hack-september-2021/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/building-a-poc-for-the-uranium-heist-ec83fbd83e9f","type":"other","url":""},{"credibility":3,"name":"https://coingape.com/defi-hack-alert-nowswap-losses-over-1-million-in-cyber-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://halborn.com/explained-the-nowswap-protocol-hack-september-2021/","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/nowswapprotocollogicerror.php","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/nowswap","type":"other","url":""},{"credibility":3,"name":"https://coingape.com/defi-hack-alert-nowswap-losses-over-1-million-in-cyber-attack/","type":"other","url":""}]}],"sources_used":[],"summary":"NowSwap is an Ethereum-based automated market maker (AMM) decentralized exchange that launched in July 2021, positioning itself as the first DEX optimized for small-size trades under $3,000. On September 15, 2021, the protocol suffered a smart contract exploit resulting in the loss of approximately $1.07 million in USDT and WETH, caused by an incomplete code update that left an invalid K-value check in the pair contract. Following the exploit, the protocol's total value locked effectively collapsed to near zero and has remained dormant, with no evidence of remediation, audit, or resumed operations.","timeline":[{"date":"2021-01-01","event":"NowSwap protocol reportedly launched on Ethereum mainnet (approximate, per Quadriga Initiative case study).","source":""},{"date":"2021-07-08","event":"NowSwap publicly announced via Medium post as 'the 1st DEX focused on smaller trades,' targeting sub-$3,000 transactions on Ethereum.","source":""},{"date":"2021-08-04","event":"NowSwap published a second Medium post titled 'Broadening the Accessibility of Decentralized Finance to Retail Traders.'","source":""},{"date":"2021-09-15","event":"Smart contract exploit executed in Ethereum block 13229001. Attacker drained 535,706 USDT and 158.28 WETH (~$1.07 million) via an invalid K-value check in the pair contract. Stolen USDT converted to ETH via 1inch, then laundered through Tornado Cash across four transactions. Exploit first identified by @PuPuThrashing and analyzed by PeckShield and BlockSec.","source":""},{"date":"2021-09-15","event":"NowSwap team took the application offline for investigation and stated they would work with law enforcement for fund recovery.","source":""},{"date":"2021-09-17","event":"Halborn published a detailed post-mortem of the NowSwap hack, documenting the K-value vulnerability and its parallels to the April 2021 Uranium Finance exploit.","source":""},{"date":"2024-01-01","event":"NowSwap TVL on DefiLlama reported at approximately $4.77, effectively zero. No evidence of resumed operations, audit, or team activity since the 2021 exploit.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision f4b464f7-7e0e-47b4-841c-8be409d2ece8copy