Skip to main content
Sign in
Steadefi1 decision on this page

Audit log

Every state-changing event for Steadefi: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 15:02:17Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,743,531
    sig
    4swJ5eynZEAr…brmf4uAFexplorer ↗
    hash
    HGW6kDBQ93sz…d8EkteiEsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5415 B) ▸
    {"actor":"system:backfill","investigation_id":"20d96410-203b-456b-b61e-0c61ebd56ac8","kind":"publish","page_slug":"steadefi","published_at":"2026-05-28T15:02:17.893Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Steadefi","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/steadefi","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/intro-to-steadefi","type":"other","url":""},{"credibility":3,"name":"https://pexx.com/chaindebrief/heres-how-steadefi-will-make-yield-farming-simple-yet-effective/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-steadefi-hack-august-2023","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-steadefi-flow-of-funds-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/steadefi-exploit","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/steadefi-exploit-hack-funds-lost/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-steadefi-flow-of-funds-analysis","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/steadefi-exploit-hack-funds-lost/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/hacked-protocol-steadefi-offers-33k-bounty-to-hacker/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/steadefi-relaunch-and-compensation-plan","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/steadefi-v2-secure-relaunch-and-compensation-details","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-steadefi-hack-august-2023","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://docs.steadefi.com/security/audits","type":"other","url":""}]}],"sources_used":[],"summary":"Steadefi is a decentralized leveraged yield farming protocol operating on Arbitrum and Avalanche. On August 7, 2023, an attacker exploited a compromised deployer private key to drain approximately $1.14 million from the protocol's lending vaults across both chains. The protocol subsequently relaunched with enhanced security measures and issued a token-based compensation plan for affected users, though roughly 70% of stolen funds were never recovered.","timeline":[{"date":"2023-06-17","event":"A team member allegedly downloaded a malware-laden file during a Telegram conversation with an entity identifying itself as 'Spirit Blockchain Group', according to Steadefi's post-mortem.","source":""},{"date":"2023-06-28","event":"The deployer wallet's MetaMask seed phrases were compromised, allegedly as a result of the June 17 malware infection.","source":""},{"date":"2023-08-07","event":"Attacker exploited the compromised deployer private key at approximately 4:06 PM UTC to transfer ownership of all lending and strategy vaults on Arbitrum and Avalanche to address 0x9cf71F2ff126B9743319B60d2D873F0E508810dc. Approximately $1.14 million in assets drained and bridged to Ethereum mainnet via Synapse bridge.","source":""},{"date":"2023-08-09","event":"Steadefi publicly disclosed the exploit via Twitter, warning all funds were at risk.","source":""},{"date":"2023-08-10","event":"Deadline passed for Steadefi's bounty offer of 10% of stolen funds in exchange for the return of 90%. Offer was not accepted by the attacker.","source":""},{"date":"2023-08-23","event":"Steadefi published full exploit analysis and reimbursement plan. Recovery portal opened at steadefi.com/claim for proportional USDC distribution to affected wallets.","source":""},{"date":"2023-09-01","event":"Steadefi published relaunch and compensation plan, announcing security upgrades including multisig permissions, timelocks, and Hypernative real-time monitoring.","source":""},{"date":"2023-10-01","event":"On-chain analysis indicated attacker addresses began distributing funds through exchanges after alleged Tornado Cash mixing, per Merkle Science flow-of-funds analysis.","source":""},{"date":"2023-12-01","event":"Protocol relaunched as Steadefi v2 with SDY token (replacing STEADY), enhanced security architecture, and compensation tokenomics targeting affected users.","source":""},{"date":"2024-01-01","event":"Steadefi v3 vault migration announced, adding liquid restaking token (LRT) vault strategies and continued GMX v2 integration.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision e0c84f45-a7d3-4cb4-ada3-06a8361b0379
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.