← Team Finance1 decision on this page

Audit log

Every state-changing event for Team Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-19 21:12:25Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 420,848,179
sig
5LCWas7GETwb…pGh9Fkgqexplorer ↗
hash
77tcvKWd2r6g…FaaMFyoEsha256 → base58
verifying row…full verify ↗
canonical bytes (5809 B) ▸
{"actor":"system:backfill","investigation_id":"ebd43551-764e-4f75-ab7d-83aba2dc9d0e","kind":"publish","page_slug":"team-finance","published_at":"2026-05-19T21:12:25.752Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Team Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.businesswire.com/news/home/20220429005583/en/TrustSwaps-Team.Finance-Continues-to-Be-the-Industry-Leader-in-Cryptocurrency-Token-Locks-and-Management"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/team-finance"},{"credibility":3,"name":"","type":"other","url":"https://www.crunchbase.com/person/jeff-kirdeikis"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/haechi-audit/team-finance-incident-analysis-537656284ed0"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-team-finance-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://hacken.io/insights/why-team-finance-was-exploited-for-14-5-million-despite-its-audit/"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/180369/hacker-uses-2700-to-drain-15-8-million-from-team-finance"},{"credibility":3,"name":"","type":"other","url":"https://blockworks.co/news/defi-platform-exploited-for-14-5m-despite-security-audits"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/analysis-review-of-team-finance-exploit-f439c2f63e2"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/haechi-audit/team-finance-incident-analysis-537656284ed0"},{"credibility":3,"name":"","type":"other","url":"https://etherscan.io/address/0xe2fe530c047f2d85298b07d9333c05737f1435fb"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2022/10/31/attacker-behind-145m-team-finance-exploit-returns-7m"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/team-finance-hacker-returns-7m-to-associated-projects-after-exploit"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/another-white-hat-hacker-returns-funds-from-platform-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://slowmist.medium.com/analysis-review-of-team-finance-exploit-f439c2f63e2"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptopolitan.com/team-finance-exploited-for-15-million/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://hacken.io/insights/why-team-finance-was-exploited-for-14-5-million-despite-its-audit/"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-team-finance-hack-october-2022"},{"credibility":3,"name":"","type":"other","url":"https://immunebytes.com/blog/team-finance-exploit-oct-27-2022-detailed-analysis/"}]}],"sources_used":[],"summary":"Team Finance is a DeFi token-locking and vesting platform operated by TrustSwap Inc. that suffered a critical $14.5 million exploit on October 27, 2022, when an attacker abused a validation flaw in its Uniswap V2-to-V3 migration function. The attacker ultimately returned approximately $7 million, retaining roughly 10% as a self-declared bug bounty; Team Finance subsequently switched auditors to CertiK and reported full user reimbursement by June 2023.","timeline":[{"date":"2020-01-01","event":"Team Finance founded as part of TrustSwap Inc., offering token locking and vesting smart contracts for DeFi projects.","source":""},{"date":"2022-01-19","event":"Hacken conducts smart contract audit of Team Finance's LockToken.sol and related contracts; migrate() function not yet in scope as it had not been added to the codebase.","source":""},{"date":"2022-04-29","event":"TrustSwap publishes press release stating Team Finance has secured over $6.5 billion in total value and serves more than 21,000 projects.","source":""},{"date":"2022-08-01","event":"Zokyo conducts audit of Team Finance contracts including the migrate() function, flagging two critical vulnerabilities related to arbitrary token address use and reentrancy. Team Finance dismisses findings as 'intended logic.'","source":""},{"date":"2022-10-27","event":"Exploit executed: attacker drains approximately $14.5–15.8 million from four LP pools (FEG, CAW, TSUKA, KNDX) locked on Team Finance via a manipulated Uniswap V2-to-V3 migration call. Team Finance immediately pauses all protocol activity.","source":""},{"date":"2022-10-28","event":"Team Finance publicly appeals to the attacker to return funds in exchange for a bounty. SlowMist, KALOS Security, and other firms publish on-chain analysis of the exploit.","source":""},{"date":"2022-10-29","event":"Attacker begins returning funds to affected projects via on-chain transactions, identifying themselves as a 'whitehat' hacker in embedded transaction messages.","source":""},{"date":"2022-10-31","event":"Approximately $7 million in tokens returned to the four affected project communities (Kondux, Tsuka, FEG, CAW). Attacker retains roughly 10% as a self-declared bug bounty. CoinDesk and CoinTelegraph report on the partial recovery.","source":""},{"date":"2023-06-01","event":"Team Finance representative states that all affected users have received the vast majority of their funds back. Platform reports CertiK engaged as new auditor and multiple security enhancements implemented.","source":""},{"date":"2023-07-01","event":"Jeff Kirdeikis transitions from CEO to Board Chairman of TrustSwap.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision dcb7711d-1c5a-4411-9f5d-9c5d1476024c

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.