Verify a decision

{"actor":"system:backfill","investigation_id":"3eecc0d3-f580-4e80-90f1-a1e419716f25","kind":"publish","page_slug":"dexible-v2","published_at":"2026-05-28T16:12:52.885Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Dexible V2","sections":[{"content":"","heading":"","severity":"critical","sources":[{"credibility":2,"name":"Dexible - REKT","type":"news_article","url":"https://rekt.news/dexible-rekt"},{"credibility":1,"name":"BlockTower Capital Loses $1.5M in DeFi Market Aggregator Dexible Exploit — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2023/02/17/blocktower-capital-loses-15m-in-defi-market-aggregator-dexible-exploit-blockchain-data"},{"credibility":2,"name":"Dexible Hack Analysis — BlockApex","type":"research","url":"https://blockapex.io/dexible-hack-analysis/"},{"credibility":1,"name":"Dexible aggregator hacked for $2M via 'selfSwap' function — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/dexibleapp-aggregator-hacked-for-2m-via-selfswap-function"}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":2,"name":"Dexible - REKT","type":"news_article","url":"https://rekt.news/dexible-rekt"},{"credibility":2,"name":"Dexible Hack Analysis — Never Blindly Trust Smart Contracts — SolidityScan","type":"research","url":"https://blog.solidityscan.com/dexible-hack-analysis-never-blindly-trust-smart-contracts-c2aee7943c1a"}]},{"content":"","heading":"","severity":"critical","sources":[{"credibility":2,"name":"Dexible - REKT","type":"news_article","url":"https://rekt.news/dexible-rekt"},{"credibility":2,"name":"Feb 2023 - Dexible DEX Aggregator SelfSwap Exploit — Quadriga Initiative","type":"research","url":"https://quadrigainitiative.com/casestudy/dexibledexaggregatorselfswapexploit.php"},{"credibility":1,"name":"U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/jy0916"}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":2,"name":"Dexible - REKT","type":"news_article","url":"https://rekt.news/dexible-rekt"},{"credibility":1,"name":"Dexible aggregator hacked for $2M via 'selfSwap' function — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/dexibleapp-aggregator-hacked-for-2m-via-selfswap-function"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":2,"name":"2023 Dexible Hack: Check If You're Affected — Revoke.cash","type":"research","url":"https://revoke.cash/exploits/dexible"},{"credibility":2,"name":"Dexible — Crunchbase Company Profile","type":"other","url":"https://www.crunchbase.com/organization/dexible"}]},{"content":"","heading":"","severity":"critical","sources":[{"credibility":2,"name":"Dexible Hack Analysis — BlockApex","type":"research","url":"https://blockapex.io/dexible-hack-analysis/"},{"credibility":2,"name":"Dexible Hack Analysis — Never Blindly Trust Smart Contracts — SolidityScan","type":"research","url":"https://blog.solidityscan.com/dexible-hack-analysis-never-blindly-trust-smart-contracts-c2aee7943c1a"},{"credibility":2,"name":"Dexible V2 Hack (2023) — $2.0M Lost — Smart Contract Hacking","type":"research","url":"https://smartcontractshacking.com/hacks/dexible-v2-hack-2023"}]}],"sources_used":[{"credibility":2,"name":"Dexible - REKT","type":"news_article","url":"https://rekt.news/dexible-rekt"},{"credibility":1,"name":"BlockTower Capital Loses $1.5M in DeFi Market Aggregator Dexible Exploit — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2023/02/17/blocktower-capital-loses-15m-in-defi-market-aggregator-dexible-exploit-blockchain-data"},{"credibility":1,"name":"Dexible aggregator hacked for $2M via 'selfSwap' function — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/dexibleapp-aggregator-hacked-for-2m-via-selfswap-function"},{"credibility":2,"name":"Dexible Hack Analysis — BlockApex","type":"research","url":"https://blockapex.io/dexible-hack-analysis/"},{"credibility":2,"name":"Dexible Hack Analysis — Never Blindly Trust Smart Contracts — SolidityScan","type":"research","url":"https://blog.solidityscan.com/dexible-hack-analysis-never-blindly-trust-smart-contracts-c2aee7943c1a"},{"credibility":2,"name":"2023 Dexible Hack: Check If You're Affected — Revoke.cash","type":"research","url":"https://revoke.cash/exploits/dexible"},{"credibility":2,"name":"Feb 2023 - Dexible DEX Aggregator SelfSwap Exploit — Quadriga Initiative","type":"research","url":"https://quadrigainitiative.com/casestudy/dexibledexaggregatorselfswapexploit.php"},{"credibility":2,"name":"Dexible V2 Hack (2023) — $2.0M Lost — Smart Contract Hacking","type":"research","url":"https://smartcontractshacking.com/hacks/dexible-v2-hack-2023"},{"credibility":2,"name":"Dexible — Crunchbase Company Profile","type":"other","url":"https://www.crunchbase.com/organization/dexible"},{"credibility":1,"name":"U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash","type":"regulatory","url":"https://home.treasury.gov/news/press-releases/jy0916"}],"summary":"Dexible V2 is a multichain DEX aggregator that suffered a critical smart contract exploit on February 17, 2023, resulting in approximately $2 million in user funds stolen across Ethereum and Arbitrum. The attack exploited an unvalidated router address in the selfSwap function of the v2 contracts, which had never undergone a formal third-party security audit. Stolen funds were laundered through Tornado Cash and have not been recovered; the protocol has since ceased operations.","timeline":[{"date":"2023-02-17","event":"Attacker (0x684083f312ac50f538cc4b634d85a2feafaab77a) exploits selfSwap vulnerability in Dexible V2 contracts, stealing approximately $2 million across Ethereum and Arbitrum from 17 user accounts.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2023/02/17/blocktower-capital-loses-15m-in-defi-market-aggregator-dexible-exploit-blockchain-data"},{"date":"2023-02-17","event":"PeckShield raises public alarm about the exploit on Twitter, approximately five hours before Dexible's official response.","source":"REKT News","source_url":"https://rekt.news/dexible-rekt"},{"date":"2023-02-17","event":"Dexible issues official announcement more than nine hours after the exploit began; CEO Michael Coon states contracts have been paused.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/dexibleapp-aggregator-hacked-for-2m-via-selfswap-function"},{"date":"2023-02-17","event":"Attacker converts stolen TRU tokens to ETH via SushiSwap and routes approximately $1.5 million through Tornado Cash on Ethereum; $450,000 from Arbitrum is bridged to BSC and also laundered via Tornado Cash.","source":"Quadriga Initiative","source_url":"https://quadrigainitiative.com/casestudy/dexibledexaggregatorselfswapexploit.php"},{"date":"2023-02-20","event":"Dexible team releases post-mortem report acknowledging no formal audit was performed on the v2 contracts and that internal review failed to identify the vulnerability.","source":"REKT News","source_url":"https://rekt.news/dexible-rekt"},{"date":"2023-02-20","event":"Security researchers publish technical analyses of the selfSwap arbitrary external call vulnerability, identifying the lack of router address validation as the root cause.","source":"BlockApex","source_url":"https://blockapex.io/dexible-hack-analysis/"},{"date":"2023-12-31","event":"Dexible listed as permanently closed on Crunchbase; no victim compensation program was ever established and stolen funds were not recovered.","source":"Crunchbase","source_url":"https://www.crunchbase.com/organization/dexible"}]},"v":1}