Verify a decision

{"actor":"system:backfill","investigation_id":"f20cb999-b003-422a-9204-2c341bad4c83","kind":"publish","page_slug":"exactly-protocol","published_at":"2026-05-31T06:59:31.430Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Exactly Protocol","sections":[{"content":"On August 18, 2023, Exactly Protocol was exploited in two sequential attacks. The primary attacker, at address 0x3747DbBCb5C07786a4c59883E473A2e38F571af9, was responsible for approximately 97% of the losses (around 4,330 ETH). A copycat attacker operating under the ENS handle tiffa.eth (address 0x00000000002088951336D7972746a135F2956417) replicated the same technique roughly three hours later and extracted an additional approximately 140 ETH (~3% of total losses). In total, 117 user accounts were drained, with the top 10 victims accounting for approximately 84% of all losses. The largest single-account loss was approximately $1.8 million. The protocol's total value locked fell from approximately $36-37 million to below $11.74 million following the attack. The protocol's native governance token EXA declined more than 12% in the immediate aftermath.","heading":"August 2023 Exploit Overview","severity":"critical","sources":[{"credibility":1,"name":"Exactly Protocol Incident Post-Mortem (Official Medium)","type":"official","url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"credibility":1,"name":"The Block: Exactly Protocol exploited for over $7 million on Optimism","type":"news_article","url":"https://www.theblock.co/post/246196/exactly-protocol-exploited-7-million-optimism-layer-2-network"},{"credibility":1,"name":"Decrypt: DeFi Lender on Optimism Exactly Suffers $7 Million Hack","type":"news_article","url":"https://decrypt.co/152966/defi-lender-optimism-exactly-suffers-7-million-hack"}]},{"content":"The exploit targeted the DebtManager periphery contract (deployed at 0x16748cb753a68329ca2117a7647aa590317ebf41 on Optimism), a contract designed to allow users to leverage and deleverage positions across Exactly Protocol's interest rate markets. The vulnerability resided in the contract's leverage() function, which accepted two unvalidated external parameters: a market contract address and a permit signature. Because the permit check was applied to the market parameter rather than validating the market parameter itself, an attacker could pass a fraudulent, attacker-controlled market contract address that bypassed the permit scheme entirely. This allowed the attacker to act on behalf of victim users rather than the transaction initiator. A second attack vector involved reentrancy: malicious market contracts could reenter the DebtManager's crossDeleverage() function during deposit operations, directing victim funds to attacker-controlled Uniswap V3 pools. A third mechanism involved share value manipulation, where attackers took large fixed-interest loans to reduce victim collateral values to just above liquidation thresholds, then liquidated those accounts at a 5% discount to extract additional value. The DebtManager contract had been introduced on March 30, 2023; the permit scheme that made the exploit possible was added on July 12, 2023.","heading":"Technical Vulnerability: Access Control Bypass in DebtManager","severity":"critical","sources":[{"credibility":1,"name":"Exactly Protocol Incident Post-Mortem (Official Medium)","type":"official","url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"credibility":2,"name":"Halborn: Explained: The Exactly Protocol Hack (August 2023)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-exactly-protocol-hack-august-2023"},{"credibility":2,"name":"Olympix: Exactly Protocol Lost $7.3M — The Code Worked. The Assumptions Didn't.","type":"research","url":"https://olympix.security/blog/exactly-protocol-lost-7-3m-the-code-worked-the-assumptions-didnt"}]},{"content":"Following the exploit, the primary attacker transferred the stolen ETH off the Optimism network using two separate bridging mechanisms. According to blockchain security firm De.Fi, approximately 1,490 ETH was bridged to Ethereum mainnet via Across Protocol, while an additional approximately 2,832.92 ETH was moved to Ethereum mainnet via the native Optimism Bridge. The use of two bridges, one a third-party optimistic bridge and one the canonical rollup bridge, complicated rapid on-chain tracking efforts. Exactly Protocol engaged Chainalysis to assist with tracing the stolen funds. As of the time of published reporting, there is no confirmed public record of the funds being recovered or returned.","heading":"On-Chain Fund Movement: Across Protocol and Optimism Bridge","severity":"high","sources":[{"credibility":1,"name":"Decrypt: DeFi Lender on Optimism Exactly Suffers $7 Million Hack","type":"news_article","url":"https://decrypt.co/152966/defi-lender-optimism-exactly-suffers-7-million-hack"},{"credibility":1,"name":"CoinDesk: Crypto Lender Exactly Hit by $12M Bridge Exploit","type":"news_article","url":"https://www.coindesk.com/business/2023/08/18/crypto-lender-exactly-hit-by-12m-bridge-exploit"}]},{"content":"Exactly Protocol paused all protocol operations except withdrawals at approximately 10:40 UTC on August 18, 2023 — roughly two hours after the first malicious contract was deployed. All market treasury fees were set to 0% as a precautionary measure during the pause. The team published an official incident post-mortem on Medium disclosing technical details of the attack. On approximately August 22, 2023, the protocol announced a $700,000 bounty for information leading to the recovery of all stolen funds and the arrest of the attacker, and also engaged Chainalysis to assist with tracing funds. The protocol team stated it attempted to communicate with the attacker to negotiate possible next steps, though no public confirmation of a successful negotiation or fund return has been identified. Following the incident, Exactly Protocol engaged ABDK Consulting to conduct a new comprehensive audit explicitly covering all periphery contracts, including the DebtManager, which had previously been outside audit scope. The protocol committed to requiring a formal audit of all smart contract features before web application deployment going forward.","heading":"Protocol Response and Recovery Efforts","severity":"high","sources":[{"credibility":1,"name":"Exactly Protocol Incident Post-Mortem (Official Medium)","type":"official","url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"credibility":2,"name":"CryptoNews: Exactly Protocol Announces $700,000 Bounty For Information on Hacker","type":"news_article","url":"https://cryptonews.com/news/exactly-protocol-announces-700000-bounty-for-information-hacker/"}]},{"content":"Prior to the August 2023 exploit, Exactly Protocol's core Market contracts had undergone multiple security audits. Coinspect conducted at least five separate audits between November 2021 and March 2023, covering the Markets, Interest Rate Model, and Rewards Controller. ABDK Consulting performed a general review of smart contract structure in March/April 2023. Additional auditors reported by the protocol include Chainsafe and Cryptecon. However, the DebtManager periphery contract — the direct source of the exploit — was not included in any of these prior audits. The post-mortem published by the protocol confirmed that 'periphery contracts like DebtManager were previously out of scope.' Despite multiple prior audits finding and resolving numerous issues in other contract modules, the unaudited periphery contract introduced the critical vulnerability. This represents a significant audit scope gap in the protocol's security posture prior to the exploit.","heading":"Audit History and Scope Gaps","severity":"high","sources":[{"credibility":1,"name":"Exactly Protocol Incident Post-Mortem (Official Medium)","type":"official","url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"credibility":1,"name":"Exactly Protocol Medium: Insights from Coinspect and ABDK Consulting Audits","type":"official","url":"https://medium.com/@exactly_protocol/insights-from-coinspect-abdk-consulting-audits-a6c7ebea26ea"},{"credibility":2,"name":"Coinspect: Exactly Protocol Smart Contract Audits","type":"research","url":"https://www.coinspect.com/blog/exactly-protocol-audits/"},{"credibility":2,"name":"Halborn: Explained: The Exactly Protocol Hack (August 2023)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-exactly-protocol-hack-august-2023"}]},{"content":"Following the exploit and subsequent remediation work, Exactly Protocol continued operating on the Optimism network. The protocol maintains a bug bounty program on Immunefi. In March 2025, the protocol reportedly received a $2 million investment from Uphold. The protocol has published ongoing updates on its Medium channel through at least early 2025. Current TVL figures vary by source; the protocol's DeFiLlama page tracks live statistics. Exactly Protocol also maintains the Exa App, a consumer-facing application built on the protocol infrastructure. No regulatory actions, criminal charges, or further major exploits have been publicly reported since the August 2023 incident.","heading":"Current Status and Continued Operations","severity":"medium","sources":[{"credibility":2,"name":"DeFiLlama: Exactly TVL Stats and Charts","type":"on_chain","url":"https://defillama.com/protocol/exactly"},{"credibility":1,"name":"Exactly Protocol Official Website","type":"official","url":"https://exact.ly/"},{"credibility":2,"name":"Immunefi: Exactly Bug Bounties","type":"official","url":"https://immunefi.com/bounty/exactly/"}]}],"sources_used":[{"name":"Exactly Protocol Incident Post-Mortem (Official)","type":"official","url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"name":"The Block: Exactly Protocol exploited for over $7 million on Optimism","type":"news_article","url":"https://www.theblock.co/post/246196/exactly-protocol-exploited-7-million-optimism-layer-2-network"},{"name":"Decrypt: DeFi Lender on Optimism Exactly Suffers $7 Million Hack","type":"news_article","url":"https://decrypt.co/152966/defi-lender-optimism-exactly-suffers-7-million-hack"},{"name":"CoinDesk: Crypto Lender Exactly Hit by $12M Bridge Exploit","type":"news_article","url":"https://www.coindesk.com/business/2023/08/18/crypto-lender-exactly-hit-by-12m-bridge-exploit"},{"name":"Halborn: Explained: The Exactly Protocol Hack (August 2023)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-exactly-protocol-hack-august-2023"},{"name":"Olympix: Exactly Protocol Lost $7.3M — The Code Worked. The Assumptions Didn't.","type":"research","url":"https://olympix.security/blog/exactly-protocol-lost-7-3m-the-code-worked-the-assumptions-didnt"},{"name":"CryptoNews: Exactly Protocol Announces $700,000 Bounty For Information on Hacker","type":"news_article","url":"https://cryptonews.com/news/exactly-protocol-announces-700000-bounty-for-information-hacker/"},{"name":"Exactly Protocol Medium: Insights from Coinspect and ABDK Consulting Audits","type":"official","url":"https://medium.com/@exactly_protocol/insights-from-coinspect-abdk-consulting-audits-a6c7ebea26ea"},{"name":"Coinspect: Exactly Protocol Smart Contract Audits","type":"research","url":"https://www.coinspect.com/blog/exactly-protocol-audits/"},{"name":"DeFiLlama: Exactly TVL Stats and Charts","type":"on_chain","url":"https://defillama.com/protocol/exactly"},{"name":"Exactly Protocol Official Website","type":"official","url":"https://exact.ly/"},{"name":"Exactly Protocol Docs","type":"official","url":"https://docs.exact.ly"},{"name":"Exactly Protocol GitHub","type":"official","url":"https://github.com/exactly/protocol"},{"name":"Immunefi: Exactly Bug Bounties","type":"official","url":"https://immunefi.com/bounty/exactly/"},{"name":"BeinCrypto: Exactly Protocol Hackers Steal Over $7M","type":"news_article","url":"https://beincrypto.com/exactly-protocol-hackers-steal-7m/"}],"summary":"Exactly Protocol is a decentralized, non-custodial fixed and variable interest rate lending protocol deployed on the Optimism Layer 2 network. On August 18, 2023, the protocol suffered a critical exploit in its DebtManager periphery contract that drained approximately $7.3 million from 117 user accounts through an access control bypass and reentrancy attack. Despite multiple prior audits of its core contracts, the vulnerable periphery contract was outside the audit scope at the time of the attack; the stolen funds were bridged to Ethereum and have not been publicly confirmed as recovered.","timeline":[{"date":"2021-07-01","event":"Exactly Protocol founded by Gabriel Gruber and team.","source":"Crunchbase / The Org","source_url":"https://www.crunchbase.com/person/gabriel-gruber"},{"date":"2022-11-01","event":"Exactly Protocol launches on Ethereum Mainnet.","source":"Exactly Protocol Official Medium","source_url":"https://medium.com/@exactly_protocol"},{"date":"2023-03-01","event":"Exactly Protocol deploys on Optimism. DebtManager periphery contract deployed around this date.","source":"Exactly Protocol Incident Post-Mortem","source_url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"date":"2023-03-30","event":"DebtManager contract launched on Optimism with input validation gaps present at launch.","source":"Exactly Protocol Incident Post-Mortem","source_url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"date":"2023-07-12","event":"Permit scheme added to DebtManager contract, introducing the specific vulnerability later exploited.","source":"Exactly Protocol Incident Post-Mortem","source_url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"date":"2023-08-18","event":"Primary attacker deploys malicious exploit contract at 08:46 UTC, begins draining user funds from DebtManager via access control bypass and reentrancy. Approximately 4,330 ETH (~$7.3M) stolen from 117 accounts.","source":"Exactly Protocol Incident Post-Mortem / Decrypt","source_url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"date":"2023-08-18","event":"Protocol paused at approximately 10:40 UTC. Copycat attacker (tiffa.eth) exploits same vulnerability for additional ~140 ETH (~3% of losses).","source":"Exactly Protocol Incident Post-Mortem","source_url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"date":"2023-08-18","event":"Attacker bridges approximately 1,490 ETH to Ethereum via Across Protocol and approximately 2,832.92 ETH via the Optimism Bridge.","source":"Decrypt / De.Fi analysis","source_url":"https://decrypt.co/152966/defi-lender-optimism-exactly-suffers-7-million-hack"},{"date":"2023-08-22","event":"Exactly Protocol announces $700,000 bounty for information leading to recovery of stolen funds and arrest of attacker. Protocol engages Chainalysis for on-chain tracing.","source":"CryptoNews","source_url":"https://cryptonews.com/news/exactly-protocol-announces-700000-bounty-for-information-hacker/"},{"date":"2023-09-01","event":"Protocol publishes official incident post-mortem. Re-engages ABDK to conduct expanded audit including periphery contracts previously out of scope.","source":"Exactly Protocol Incident Post-Mortem","source_url":"https://medium.com/@exactly_protocol/exactly-protocol-incident-post-mortem-b4293d97e3ed"},{"date":"2025-03-01","event":"Exactly Protocol reportedly receives $2 million investment from Uphold, indicating continued operations.","source":"DeFiLlama / search aggregates","source_url":"https://defillama.com/protocol/exactly"}]},"v":1}