Verify a decision

{"actor":"system:backfill","investigation_id":"dca215f1-2293-4a6b-83ee-148d9042eb77","kind":"publish","page_slug":"kinto-bridge","published_at":"2026-05-27T20:21:19.385Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Kinto Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.prnewswire.com/news-releases/kinto-launches-as-a-layer-2-in-arbitrum-ecosystem-301993897.html","type":"other","url":""},{"credibility":3,"name":"https://docs.kinto.xyz/kinto-the-safe-l2/general/litepaper","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/11/15/blockchain-startup-kinto-plans-first-kycd-ethereum-layer-2-blockchain-after-raising-5m","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/kinto-bridge","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/mamori-finance/%EF%B8%8F-post-mortem-k-proxy-hack-our-path-forward-c2c3809882c6","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/blockchains/kinto-token-tanks-90-as-backdoor-disclosure-lets-attacker-mint-110-000-tokens-and-drain","type":"other","url":""},{"credibility":3,"name":"https://www.dedaub.com/blog/the-cpimp-attack-an-insanely-far-reaching-vulnerability-successfully-mitigated/","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/kintotokenhiddenoffnetworkproxyinitializationexploit.php","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/just-bad-luck","type":"other","url":""},{"credibility":3,"name":"https://www.nethermind.io/blog/cpimp-attack-how-uninitialized-proxies-are-exploited-during-deployment","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/mamori-finance/%EF%B8%8F-post-mortem-k-proxy-hack-our-path-forward-c2c3809882c6","type":"other","url":""},{"credibility":3,"name":"https://www.cointeeth.com/news/ethereum-layer-2-project-kinto-folds-following-exploit-and-failed-1","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/kinto-price-slides-shutdown-1-9m-hack-july-2025/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/mamori-finance/kinto-is-shutting-down-fca59862f0e7","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/369731/ethereum-layer-2-kinto-shuts-down-in-wake-of-1-6-million-july-exploit","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/blockchains/ethereum-l2-kinto-shuts-down-months-after-exploit-as-fundraising-options-disappeared","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/kinto-plunges-81-as-eth-l2-is-set-to-wind-down-months-after-hack","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/369879/crypto-lending-protocol-wildcat-says-kinto-default-poses-no-risk-of-contagion-for-outstanding-loans","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/kintos-k-collapsed-before-unlocking/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/babylon-finance/babylon-finance-is-shutting-down-b58abf1bc251","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/babylon-finance-shutters-operations-80m-rari-hack-we-failed-need-accept-it/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/just-bad-luck","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/risks-realities-high-yield-defi-projects-lessons-kinto-collapse-2509/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptorank.io/ico/kinto","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/price/kinto/vesting","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/kinto-bridge","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/kintos-k-collapsed-before-unlocking/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/just-bad-luck","type":"other","url":""},{"credibility":3,"name":"https://x.com/zachxbt","type":"other","url":""}]}],"sources_used":[],"summary":"Kinto was a KYC-enforced Ethereum Layer 2 built on the Arbitrum Nitro stack, marketing itself as a 'safety-first' DeFi protocol with built-in AML and identity verification. On July 10, 2025, an attacker exploited a CPIMP proxy vulnerability in the $K token contract on Arbitrum, minting 110,000 unauthorized tokens and draining approximately $1.55–1.9 million from Uniswap V4 and Morpho Blue liquidity pools. Despite a partial recovery effort dubbed 'Phoenix,' the project announced shutdown effective September 30, 2025, as fundraising options collapsed and the team ran unpaid for months.","timeline":[{"date":"2023-11-15","event":"Kinto raises $3.5–5 million seed round led by SALT with participation from ParaFi Capital, Robot Ventures, SkyBridge Capital, Kraynos Capital, Modular Capital, and The Spartan Group; announces migration to Arbitrum Nitro stack.","source":""},{"date":"2024-05-01","event":"Kinto mainnet launches on the Arbitrum ecosystem as a KYC-enforced Layer 2.","source":""},{"date":"2024-06-30","event":"$K token contract deployed on Arbitrum.","source":""},{"date":"2025-01-01","event":"Final investor token round occurs at $10 per $K token.","source":""},{"date":"2025-03-19","event":"Kinto developers deploy the $K token proxy on Arbitrum without atomic initialization; attacker initializes the proxy with a backdoor hidden implementation two seconds later.","source":""},{"date":"2025-04-01","event":"$K token airdrop and public listing proceeds; token launches at approximately $7.68.","source":""},{"date":"2025-07-09","event":"CPIMP (ERC-1967 proxy) vulnerability publicly disclosed at 20:17 UTC; Venn Network runs a 36-hour remediation war room notifying affected protocols — Kinto is not reached in time.","source":""},{"date":"2025-07-10","event":"Attacker exploits $K token proxy at 08:40 UTC; mints 110,000 unauthorized $K tokens; drains 577 ETH (~$1.55–1.9M) from Uniswap V4 and Morpho Blue pools. Kinto issues first public alert at 09:50 UTC. $K token crashes 90–95%.","source":""},{"date":"2025-07-10","event":"Kinto freezes CEX trading, pulls remaining liquidity, and begins collaboration with ZeroShadow for on-chain investigation.","source":""},{"date":"2025-07-01","event":"Kinto launches Phoenix recovery initiative; raises just over $1 million in debt financing; deploys new hardened $K contract; restores balances to pre-hack block 356170028.","source":""},{"date":"2025-09-07","event":"Kinto announces full shutdown effective September 30, 2025, citing failed fundraising and unsustainable unpaid operations. $K token falls an additional 81–85% on announcement day.","source":""},{"date":"2025-09-30","event":"Kinto L2 operations, bridge, UI, and wallets shut down. Users directed to claim portals active October 1 through November 30, 2025.","source":""},{"date":"2025-10-15","event":"ERA airdrop distribution targeted; Ethereum mainnet claim contract for hack victims launches.","source":""}]},"v":1}