Audit log

Every state-changing event for Stellar: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-14 06:02:59Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 419,629,042

   sig

   37JQdUqAC2xp…u94MebnXcopyexplorer ↗

   hash

   6nEkEX6LaK86…8CM7MKRrcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (9311 B) ▸

   {"actor":"system:backfill","investigation_id":"bf37a4c8-4dc0-4158-a207-b4f89b78ed95","kind":"publish","page_slug":"stellar-xlm","published_at":"2026-05-14T06:02:59.700Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Stellar","sections":[{"content":"Stellar was founded in 2014 by Jed McCaleb (co-founder of Ripple and Mt. Gox) and Joyce Kim. It uses the Stellar Consensus Protocol (SCP), a federated Byzantine agreement mechanism. Soroban smart contracts launched on mainnet in February 2024 with a $100M adoption fund. The SDF burned 55 billion XLM in November 2019, reducing total supply from 105B to 50B.","heading":"Protocol Overview","severity":"low","sources":[{"credibility":2,"name":"Stellar - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Stellar_(payment_network)"},{"credibility":2,"name":"CoinDesk: Soroban Launch","type":"news_article","url":"https://www.coindesk.com/tech/2024/02/20/stellar-starts-phased-rollout-of-soroban-smart-contracts"},{"credibility":2,"name":"CoinDesk: 55B XLM Burn","type":"news_article","url":"https://www.coindesk.com/markets/2019/11/05/stellars-foundation-just-destroyed-half-the-supply-of-its-lumens-cryptocurrency"}]},{"content":"Jed McCaleb founded eDonkey (settled $30M with RIAA), created Mt. Gox (sold before the hack but his creation became crypto's largest exchange failure), and co-founded Ripple (departed amid disputes, long XRP sell-off agreement). These associations do not represent Stellar protocol failures but are material founder-history flags.","heading":"Founder Background — Jed McCaleb","severity":"medium","sources":[{"credibility":2,"name":"Jed McCaleb - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Jed_McCaleb"}]},{"content":"The Stellar Development Foundation retains approximately 30 billion XLM. The validator set consists of approximately 77 nodes, significantly smaller than Bitcoin or Ethereum. SDF exerts meaningful influence over network governance through its validator and token holdings.","heading":"Token Distribution and Centralization","severity":"medium","sources":[{"credibility":2,"name":"CoinDesk: 55B XLM Burn","type":"news_article","url":"https://www.coindesk.com/markets/2019/11/05/stellars-foundation-just-destroyed-half-the-supply-of-its-lumens-cryptocurrency"}]},{"content":"In January 2018, approximately $400,000 in XLM was stolen from BlackWallet users after attackers hijacked the third-party wallet's DNS records via social engineering of the hosting provider. The Stellar protocol was not compromised.","heading":"BlackWallet DNS Hijack (2018)","severity":"medium","sources":[{"credibility":2,"name":"CoinDesk: BlackWallet Theft","type":"news_article","url":"https://www.coindesk.com/markets/2018/01/15/400k-hacker-makes-off-with-stellar-lumens-in-blackwallet-theft"},{"credibility":2,"name":"BleepingComputer: BlackWallet DNS Hijack","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/hackers-hijack-dns-server-of-blackwallet-to-steal-400-000/"}]},{"content":"A bug in Soroban's state archival system went undetected for 35 days, resulting in 84 ledger entries being permanently corrupted. SDF's own post-mortem faulted insufficient code review processes. No funds were lost but the incident exposed governance and QA weaknesses.","heading":"Soroban Protocol 23 Network Incident (October 2025)","severity":"medium","sources":[{"credibility":1,"name":"Stellar.org: State Archival Post-Mortem","type":"official","url":"https://stellar.org/blog/foundation-news/state-archival-issue-post-mortem"}]},{"content":"No SEC, CFTC, or DOJ enforcement actions against Stellar or SDF. CEO Denelle Dixon testified before the House committee in December 2024. XLM has not been named in any securities enforcement action.","heading":"Regulatory Status","severity":"low","sources":[{"credibility":1,"name":"Congress.gov: Denelle Dixon Testimony","type":"official","url":"https://www.congress.gov/118/meeting/house/117742/witnesses/HHRG-118-BA00-Wstate-DixonD-20241204-SD001.pdf"}]},{"content":"Franklin Templeton's BENJI tokenized money market fund on Stellar has $1.98B in AUM. MoneyGram integrated Stellar for $4.2B in transaction volume. IBM's World Wire partnership was largely discontinued. Stellar remains active in cross-border payments and RWA tokenization.","heading":"Partnerships and Institutional Adoption","severity":"low","sources":[{"credibility":1,"name":"Franklin Templeton: BENJI Five Years","type":"official","url":"https://www.franklintempleton.com/press-releases/news-room/2026/franklin-templeton-stellar-development-foundation-mark-five-years-of-benji-the-first-u.s.-registered-tokenized-money-market-fund"}]},{"content":"The official Stellar X (Twitter) account was briefly hijacked in 2023 and used for a phishing campaign. The issue was resolved within hours with no reported fund losses from the Stellar protocol.","heading":"StellarOrg Social Media Compromise (2023)","severity":"low","sources":[{"credibility":1,"name":"Stellar.org: SDF Security Update","type":"official","url":"https://stellar.org/blog/foundation-news/updates-and-reminders-from-your-sdf-security-team"}]},{"content":"Documented fake hard fork campaigns and phishing sites targeting XLM holders. SDF runs Immunefi and HackerOne bug bounty programs to combat ecosystem-level threats.","heading":"Ecosystem Scams and Phishing","severity":"medium","sources":[{"credibility":2,"name":"Cyberint: Phishing for Lumens","type":"research","url":"https://cyberint.com/blog/research/phishing-for-lumens-a-stellar-stealing-campaign/"}]}],"sources_used":[{"credibility":2,"name":"Stellar - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Stellar_(payment_network)"},{"credibility":2,"name":"Jed McCaleb - Wikipedia","type":"other","url":"https://en.wikipedia.org/wiki/Jed_McCaleb"},{"credibility":2,"name":"CoinDesk: BlackWallet Theft","type":"news_article","url":"https://www.coindesk.com/markets/2018/01/15/400k-hacker-makes-off-with-stellar-lumens-in-blackwallet-theft"},{"credibility":2,"name":"CoinDesk: Soroban Launch","type":"news_article","url":"https://www.coindesk.com/tech/2024/02/20/stellar-starts-phased-rollout-of-soroban-smart-contracts"},{"credibility":2,"name":"CoinDesk: 55B XLM Burn","type":"news_article","url":"https://www.coindesk.com/markets/2019/11/05/stellars-foundation-just-destroyed-half-the-supply-of-its-lumens-cryptocurrency"},{"credibility":1,"name":"Franklin Templeton: BENJI","type":"official","url":"https://www.franklintempleton.com/press-releases/news-room/2026/franklin-templeton-stellar-development-foundation-mark-five-years-of-benji-the-first-u.s.-registered-tokenized-money-market-fund"},{"credibility":1,"name":"Stellar.org: State Archival Post-Mortem","type":"official","url":"https://stellar.org/blog/foundation-news/state-archival-issue-post-mortem"},{"credibility":1,"name":"Congress.gov: Dixon Testimony","type":"official","url":"https://www.congress.gov/118/meeting/house/117742/witnesses/HHRG-118-BA00-Wstate-DixonD-20241204-SD001.pdf"},{"credibility":2,"name":"BleepingComputer: BlackWallet DNS","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/hackers-hijack-dns-server-of-blackwallet-to-steal-400-000/"},{"credibility":2,"name":"Cyberint: Phishing for Lumens","type":"research","url":"https://cyberint.com/blog/research/phishing-for-lumens-a-stellar-stealing-campaign/"}],"summary":"Stellar (XLM) is a payments-focused blockchain co-founded by Jed McCaleb in 2014, ranked #22 by market cap (~$5.4B). The Stellar Development Foundation (SDF) is a non-profit with active institutional adoption including Franklin Templeton's BENJI fund ($1.98B AUM) and MoneyGram integration. No regulatory enforcement actions exist. Key risks include McCaleb's prior associations (Mt. Gox, eDonkey), SDF centralization (~30B XLM retained), a 35-day undetected Soroban Protocol 23 bug in October 2025, and third-party wallet/phishing incidents.","timeline":[{"date":"2014-07-31","event":"Stellar network launched by Jed McCaleb and Joyce Kim","source":"wikipedia.org","source_url":"https://en.wikipedia.org/wiki/Stellar_(payment_network)"},{"date":"2018-01-15","event":"BlackWallet DNS hijack: $400K in XLM stolen","source":"coindesk.com","source_url":"https://www.coindesk.com/markets/2018/01/15/400k-hacker-makes-off-with-stellar-lumens-in-blackwallet-theft"},{"date":"2019-11-05","event":"SDF burns 55 billion XLM, reducing supply from 105B to 50B","source":"coindesk.com","source_url":"https://www.coindesk.com/markets/2019/11/05/stellars-foundation-just-destroyed-half-the-supply-of-its-lumens-cryptocurrency"},{"date":"2024-02-20","event":"Soroban smart contracts launch on Stellar mainnet","source":"coindesk.com","source_url":"https://www.coindesk.com/tech/2024/02/20/stellar-starts-phased-rollout-of-soroban-smart-contracts"},{"date":"2024-12-04","event":"CEO Denelle Dixon testifies before U.S. House committee","source":"congress.gov","source_url":"https://www.congress.gov/118/meeting/house/117742/witnesses/HHRG-118-BA00-Wstate-DixonD-20241204-SD001.pdf"},{"date":"2025-10-01","event":"Soroban Protocol 23 bug discovered after 35 days undetected","source":"stellar.org","source_url":"https://stellar.org/blog/foundation-news/state-archival-issue-post-mortem"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision df5dcf65-4313-47de-9f63-349b82035c44copy
2. #2reviewby reviewerreviewer

   2026-06-08 01:28:30Z
   Score: 62 → 62 (no score change)
   The investigation page is generally well-sourced and accurate on historical events (BlackWallet, XLM burn, Soroban post-mortem, Twitter compromise, Dixon testimony). Key weaknesses are: the market cap/rank is materially outdated, the SDF XLM holdings figure (30B) is stale by approximately 50% relative to current data (~16.66B), the MoneyGram $4.2B transaction volume figure appears to be a misattribution that cannot be confirmed, and the Cyberint phishing source returns a 403 error. The Immunefi bug bounty claim is also newly stale as of May 2026.
   anchoranchored

   chain

   ●mainnet-betaslot 425,011,341

   sig

   74Zjp4LWfzS8…nrFMdjWmcopyexplorer ↗

   hash

   HXarfrDY5Nxi…8FDVcATgcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (899 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-08T01:28:30.355Z","decision":"review","investigation_id":"bf37a4c8-4dc0-4158-a207-b4f89b78ed95","new_score":62,"page_slug":"stellar-xlm","prev_score":62,"reason":"The investigation page is generally well-sourced and accurate on historical events (BlackWallet, XLM burn, Soroban post-mortem, Twitter compromise, Dixon testimony). Key weaknesses are: the market cap/rank is materially outdated, the SDF XLM holdings figure (30B) is stale by approximately 50% relative to current data (~16.66B), the MoneyGram $4.2B transaction volume figure appears to be a misattribution that cannot be confirmed, and the Cyberint phishing source returns a 403 error. The Immunefi bug bounty claim is also newly stale as of May 2026.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 1ff7ec5c-91c1-47ef-a049-b5fc26c7c83ecopy
3. #3review reviseby judgejudge

   2026-06-08 01:28:30Z
   Score: 62 → 50 (-12)
   The reviewer identified 19% of claims as disputed, stale, or unverifiable, placing this page in the minor-issues band. However, two findings carry elevated weight: claim_findings[8] states SDF retains approximately 30 billion XLM when current data (Messari Q1 2026) shows approximately 16.66 billion — a roughly 50% overstatement on a core centralization risk metric. Separately, claim_findings[17] attributes $4.2 billion in transaction volume to MoneyGram's Stellar integration, a figure the reviewer could not confirm and which appears to be a misattribution of broader USDC-on-Stellar volume; this coverage gap was flagged at high priority. Additionally, the Immunefi bug bounty claim (claim_findings[20]) became stale in May 2026 when SDF consolidated to HackerOne only, and one citation (Cyberint) is inaccessible with a 403 error. The 13 of 21 claims that are fully confirmed and the reviewer's 0.82 confidence support a revise rather than deny decision.
   anchoranchored

   chain

   ●mainnet-betaslot 425,011,348

   sig

   j8WkvkmhEtWR…p96VQSsucopyexplorer ↗

   hash

   EQZ63GEwqKZW…PHspR5A8copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1314 B) ▸

   {"actor":"judge","decided_at":"2026-06-08T01:28:30.355Z","decision":"review_revise","investigation_id":"bf37a4c8-4dc0-4158-a207-b4f89b78ed95","new_score":50,"page_slug":"stellar-xlm","prev_score":62,"reason":"The reviewer identified 19% of claims as disputed, stale, or unverifiable, placing this page in the minor-issues band. However, two findings carry elevated weight: claim_findings[8] states SDF retains approximately 30 billion XLM when current data (Messari Q1 2026) shows approximately 16.66 billion — a roughly 50% overstatement on a core centralization risk metric. Separately, claim_findings[17] attributes $4.2 billion in transaction volume to MoneyGram's Stellar integration, a figure the reviewer could not confirm and which appears to be a misattribution of broader USDC-on-Stellar volume; this coverage gap was flagged at high priority. Additionally, the Immunefi bug bounty claim (claim_findings[20]) became stale in May 2026 when SDF consolidated to HackerOne only, and one citation (Cyberint) is inaccessible with a 403 error. The 13 of 21 claims that are fully confirmed and the reviewer's 0.82 confidence support a revise rather than deny decision.","score_delta":-12,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision c78b3ad1-3f17-4e24-aa71-d3ec2c997b2dcopy