Audit log

Every state-changing event for Ploutos Money: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-29 15:59:56Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,970,392

   sig

   5BTZ3ep2z5ZD…UQiyEGoTcopyexplorer ↗

   hash

   2nSdAVo71GX4…YVzTqQhgcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6938 B) ▸

   {"actor":"system:backfill","investigation_id":"e9e0942e-35e2-4072-884f-20aa387ff7e7","kind":"publish","page_slug":"ploutos-money","published_at":"2026-05-29T15:59:56.671Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Ploutos Money","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.ploutos.money","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/ploutos-money","type":"other","url":""},{"credibility":3,"name":"https://app.ploutos.money/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptotimes.io/2026/02/26/ploutos-money-supposedly-pulls-an-exit-scam-with-188-eth-exploit/","type":"other","url":""},{"credibility":3,"name":"https://blocksec.com/blog/weekly-web3-security-incident-roundup-feb-23-mar-1-2026","type":"other","url":""},{"credibility":3,"name":"https://protos.com/defi-exploiter-targets-lending-protocols-with-oracle-tricks/","type":"other","url":""},{"credibility":3,"name":"https://crypto-economy.com/crypto-security-firm-certik-reports-new-oracle-based-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.livebitcoinnews.com/hemi-confirms-ploutos-exploit-388k-gone-across-five-chains/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptotimes.io/2026/02/26/ploutos-money-supposedly-pulls-an-exit-scam-with-188-eth-exploit/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@ellieismailidou_91686/the-ploutos-money-defi-rug-pull-how-a-ca-defi-investor-lost-300k-in-a-fake-hack-6c23d176091b","type":"other","url":""},{"credibility":3,"name":"https://bitcoinethereumnews.com/tech/hemi-confirms-ploutos-exploit-388k-gone-across-five-chains/","type":"other","url":""},{"credibility":3,"name":"https://blocksec.com/blog/weekly-web3-security-incident-roundup-feb-23-mar-1-2026","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto-economy.com/crypto-security-firm-certik-reports-new-oracle-based-exploit/","type":"other","url":""},{"credibility":3,"name":"https://blocksec.com/blog/weekly-web3-security-incident-roundup-feb-23-mar-1-2026","type":"other","url":""},{"credibility":3,"name":"https://protos.com/defi-exploiter-targets-lending-protocols-with-oracle-tricks/","type":"other","url":""},{"credibility":3,"name":"https://www.livebitcoinnews.com/hemi-confirms-ploutos-exploit-388k-gone-across-five-chains/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@ellieismailidou_91686/the-ploutos-money-defi-rug-pull-how-a-ca-defi-investor-lost-300k-in-a-fake-hack-6c23d176091b","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/ploutos-money","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/02/26/ploutos-money-supposedly-pulls-an-exit-scam-with-188-eth-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/defi-exploiter-targets-lending-protocols-with-oracle-tricks/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/02/26/ploutos-money-supposedly-pulls-an-exit-scam-with-188-eth-exploit/","type":"other","url":""},{"credibility":3,"name":"https://blocksec.com/blog/weekly-web3-security-incident-roundup-feb-23-mar-1-2026","type":"other","url":""},{"credibility":3,"name":"https://bitcoinethereumnews.com/tech/hemi-confirms-ploutos-exploit-388k-gone-across-five-chains/","type":"other","url":""}]}],"sources_used":[],"summary":"Ploutos Money was a multi-chain DeFi lending and leveraged farming protocol, forked from Aave v3.0.2, that operated across Ethereum, Arbitrum, Hemi, Hyperliquid, Avalanche, Polygon, Base, Plasma, and Katana. On February 26, 2026, the protocol lost approximately $388,000 (187.36 ETH) after its USDC price oracle was misconfigured to reference Chainlink's BTC/USD feed instead of the correct USDC/USD feed. Immediately following the exploit, the team deleted its website, GitHub repository, and all social media accounts without issuing any warning or post-mortem, prompting on-chain security firms CertiK and BlockSec to conclude that the incident was an inside job rather than an external attack.","timeline":[{"date":"2025-01-01","event":"Ploutos Money launches as a multi-chain Aave v3.0.2 fork across Plasma, Arbitrum, Polygon, Base, and Katana, advertising leveraged lending and farming features.","source":""},{"date":"2026-02-01","event":"Arbitrum integration with Ploutos announced, expanding the protocol's multi-chain footprint per TradingView/Coindar announcement.","source":""},{"date":"2026-02-26","event":"At approximately 05:00 UTC, the USDC oracle on Ploutos Money is misconfigured to reference Chainlink's BTC/USD feed instead of the USDC/USD feed (block 24538896). One block later (block 24538897), an attacker borrows 187.36 ETH using only 8 USDC as collateral. $388,000 is drained across Hemi, Ethereum, Arbitrum, Hyperliquid, and Avalanche deployments.","source":""},{"date":"2026-02-26","event":"Immediately following the exploit, the Ploutos Money website, GitHub repository, X account, and all social media are deleted. No incident notice or post-mortem is issued.","source":""},{"date":"2026-02-26","event":"CertiK and BlockSec flag the oracle misconfiguration and subsequent exploit in real time. Both firms document that the protocol's website and social accounts have been deleted.","source":""},{"date":"2026-02-27","event":"Hemi Network issues an official statement confirming the exploit, stating its core protocol is unaffected, warning users against following unverified Telegram recovery instructions, and publishing 12 contract addresses requiring permission revocation.","source":""},{"date":"2026-02-27","event":"Pseudonymous investigator Tanuki42 links the Ploutos exploiter wallet to at least four additional hacks, including two Moonwell incidents totaling approximately $1.8 million in bad debt.","source":""},{"date":"2026-03-01","event":"BlockSec includes the Ploutos Money exploit in its weekly Web3 security incident roundup for February 23 to March 1, 2026, providing detailed block-level technical analysis.","source":""},{"date":"2026-03-13","event":"On-chain trackers observe 182 ETH moving to wallet 0x640fb638efcc086f5e95536678087e14a2e96ab, which then swaps holdings to stablecoins and disperses to nine or more additional wallets.","source":""},{"date":"2026-03-21","event":"A victim account published on Medium documents a $300,000 individual loss and partial recovery of approximately $210,000 via blockchain forensics firm AYRLP, with FBI IC3 and FTC complaints filed.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 477f6b1c-a87e-4c8d-befd-55c743546871copy