Verify a decision

{"actor":"system:backfill","investigation_id":"20d96410-203b-456b-b61e-0c61ebd56ac8","kind":"publish","page_slug":"steadefi","published_at":"2026-05-28T15:02:17.893Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Steadefi","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/steadefi","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/intro-to-steadefi","type":"other","url":""},{"credibility":3,"name":"https://pexx.com/chaindebrief/heres-how-steadefi-will-make-yield-farming-simple-yet-effective/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-steadefi-hack-august-2023","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-steadefi-flow-of-funds-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/steadefi-exploit","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/steadefi-exploit-hack-funds-lost/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-steadefi-flow-of-funds-analysis","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/steadefi-exploit-hack-funds-lost/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/hacked-protocol-steadefi-offers-33k-bounty-to-hacker/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.steadefi.com/steadefi-relaunch-and-compensation-plan","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/steadefi-v2-secure-relaunch-and-compensation-details","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-steadefi-hack-august-2023","type":"other","url":""},{"credibility":3,"name":"https://blog.steadefi.com/exploit-analysis-and-reimbursement-plan","type":"other","url":""},{"credibility":3,"name":"https://docs.steadefi.com/security/audits","type":"other","url":""}]}],"sources_used":[],"summary":"Steadefi is a decentralized leveraged yield farming protocol operating on Arbitrum and Avalanche. On August 7, 2023, an attacker exploited a compromised deployer private key to drain approximately $1.14 million from the protocol's lending vaults across both chains. The protocol subsequently relaunched with enhanced security measures and issued a token-based compensation plan for affected users, though roughly 70% of stolen funds were never recovered.","timeline":[{"date":"2023-06-17","event":"A team member allegedly downloaded a malware-laden file during a Telegram conversation with an entity identifying itself as 'Spirit Blockchain Group', according to Steadefi's post-mortem.","source":""},{"date":"2023-06-28","event":"The deployer wallet's MetaMask seed phrases were compromised, allegedly as a result of the June 17 malware infection.","source":""},{"date":"2023-08-07","event":"Attacker exploited the compromised deployer private key at approximately 4:06 PM UTC to transfer ownership of all lending and strategy vaults on Arbitrum and Avalanche to address 0x9cf71F2ff126B9743319B60d2D873F0E508810dc. Approximately $1.14 million in assets drained and bridged to Ethereum mainnet via Synapse bridge.","source":""},{"date":"2023-08-09","event":"Steadefi publicly disclosed the exploit via Twitter, warning all funds were at risk.","source":""},{"date":"2023-08-10","event":"Deadline passed for Steadefi's bounty offer of 10% of stolen funds in exchange for the return of 90%. Offer was not accepted by the attacker.","source":""},{"date":"2023-08-23","event":"Steadefi published full exploit analysis and reimbursement plan. Recovery portal opened at steadefi.com/claim for proportional USDC distribution to affected wallets.","source":""},{"date":"2023-09-01","event":"Steadefi published relaunch and compensation plan, announcing security upgrades including multisig permissions, timelocks, and Hypernative real-time monitoring.","source":""},{"date":"2023-10-01","event":"On-chain analysis indicated attacker addresses began distributing funds through exchanges after alleged Tornado Cash mixing, per Merkle Science flow-of-funds analysis.","source":""},{"date":"2023-12-01","event":"Protocol relaunched as Steadefi v2 with SDY token (replacing STEADY), enhanced security architecture, and compensation tokenomics targeting affected users.","source":""},{"date":"2024-01-01","event":"Steadefi v3 vault migration announced, adding liquid restaking token (LRT) vault strategies and continued GMX v2 integration.","source":""}]},"v":1}