Verify a decision

{"actor":"system:backfill","investigation_id":"d8ae137c-0798-405d-93fa-cbfb6f83f80e","kind":"publish","page_slug":"afi-protocol","published_at":"2026-06-14T23:07:09.840Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"AFI Protocol","sections":[{"content":"On May 30, 2026, AFI Protocol's afiUSD vault on Ethereum Mainnet was exploited for approximately $480,000. The protocol detected the breach and paused the affected vault within hours, rotating operational keys across the platform. The full technical exploit path had not been publicly disclosed as of early June 2026. Following the exploit, the attacker converted approximately $252,000 in DAI to ETH via on-chain swaps. Approximately 150 ETH was subsequently transferred to Tornado Cash after the attacker first tested a secondary wallet with a small amount. AFI stated that remaining vaults and core systems showed no evidence of further compromise, and that over $225 million in total value locked was unaffected. The protocol engaged Quantstamp, Cantina, and SEAL 911 to assist in tracing and recovering stolen funds. Attacker addresses were flagged with centralized exchanges and ecosystem partners through SEAL 911. A public bounty program was launched for information leading to asset recovery. A detailed post-mortem was promised but had not been published as of June 9, 2026.","heading":"Security Incident: $480K afiUSD Vault Exploit (May 2026)","severity":"high","sources":[{"credibility":2,"name":"AFI Protocol Shares Incident Update After $480K Exploit, Begins Recovery","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/afi-protocol-shares-incident-update-after-480k-exploit-begins-recovery/"},{"credibility":2,"name":"afiUSD Vault Exploit Drains $480K As June Hack Run Continues","type":"news_article","url":"https://cryptoadventure.com/afiusd-vault-exploit-drains-480k-as-june-hack-run-continues/"}]},{"content":"AFI Protocol, operating under the brand name Artificial Financial Intelligence, is an Ethereum-based DeFi infrastructure project focused on Proof-of-Reserve (POR) systems for Real-World Assets. Its flagship products include: (1) afiUSD, an ERC-4626 yield-bearing stablecoin backed by market-neutral DeFi strategies, primarily through a partnership with Pendle, offering stated APYs between approximately 8% and 12%; (2) afi-rwaUSDi, an institutional ERC-4626 receipt token for locked rwaUSDi issued by Multipli, backed by claimed $700 million in verified RWA reserves, with a $20 million vault launched in December 2025; and (3) a zero-knowledge-based private verification network built on Symbiotic for continuous reserve attestation. The protocol claims to provide cryptographically verifiable backing for on-chain assets through smart contracts and an independent attestation network. As of mid-2026, the afiUSD POR-USD vault had a stated $30 million TVL with a $150 million minting cap. Access to the institutional afi-rwaUSDi vault is restricted to approved entities only.","heading":"Protocol Overview and Products","severity":"low","sources":[{"credibility":2,"name":"AFI Protocol Official Website","type":"official","url":"https://afiprotocol.xyz/"},{"credibility":2,"name":"AFI Protocol Documentation","type":"official","url":"https://docs.afiprotocol.xyz/"},{"credibility":3,"name":"AFI Protocol rwaUSDi Launches $20M Verified RWA Vault","type":"news_article","url":"https://ourcryptotalk.com/news/afi-protocol-rwausdi-launches-20m-verified-rwa-vault"}]},{"content":"AFI Protocol's smart contracts were audited by two firms prior to the May 2026 exploit. Cantina audited the afiUSD contracts in August 2025 and identified one critical issue along with several medium and low-severity issues; the protocol states all findings were remediated and verified by auditors. Quantstamp audited the POR vault contracts in December 2025 and identified one high-severity and one medium-severity issue; the protocol states both were addressed and verified. An additional independent review of afiUSD contracts was conducted in August 2025 by two researchers (zuhaibmohd and 0xWeb3boy), identifying low-severity issues that were subsequently addressed. Despite these audits, the afiUSD vault was successfully exploited in May 2026 for $480,000. The specific vulnerability exploited had not been publicly disclosed as of June 9, 2026, making it unclear whether it was a previously unidentified flaw or related to a known-but-unmitigated risk. The protocol also operates a bug bounty program covering medium and high severity vulnerabilities, with contact at security@afiprotocol.xyz.","heading":"Smart Contract Audits","severity":"medium","sources":[{"credibility":2,"name":"AFI Protocol Audits and Bug Bounty Documentation","type":"official","url":"https://docs.afiprotocol.xyz/risks/audits-and-bug-bounty"},{"credibility":2,"name":"AFI Protocol Shares Incident Update After $480K Exploit, Begins Recovery","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/afi-protocol-shares-incident-update-after-480k-exploit-begins-recovery/"}]},{"content":"AFI Protocol does not publicly identify its founding team members or executive leadership on its official website or documentation as of June 2026. The protocol describes itself as combining crypto engineering and finance experience but provides no named individuals. Its GitHub organization is listed as Artificial-Financial-Intelligence. The absence of disclosed team identities limits independent verification of the team's credentials and track record. Social channels include @afiprotocol_xyz on X (Twitter) and a Discord server. The project's legal documentation includes AML, KYC, and privacy policy pages, which indicate a degree of operational compliance consideration. KYC is required for jurisdiction-sensitive features and is handled through third-party providers including Sumsub, Veriff, or Jumio.","heading":"Team and Transparency","severity":"medium","sources":[{"credibility":2,"name":"AFI Protocol Documentation - Welcome","type":"official","url":"https://docs.afiprotocol.xyz/"},{"credibility":2,"name":"Artificial Financial Intelligence GitHub Organization","type":"other","url":"https://github.com/Artificial-Financial-Intelligence"},{"credibility":2,"name":"AFI Protocol KYC Policy","type":"official","url":"https://docs.afiprotocol.xyz/legal/know-your-customer-kyc-policy"}]},{"content":"AFI Protocol lists partnerships with a range of DeFi and RWA ecosystem participants, including Multipli (RWA issuer), Pendle (yield), Morpho (lending), Ethena, OpenEden, Midas, Euler, Merkl, QuickNode, Thirdweb, and Terminal. The institutional rwaUSDi vault is co-issued with Multipli, which had reportedly raised $21.5 million and claimed to manage around $700 million in verified reserves as of the time of launch. A post on LinkedIn references an AFI launch of a $50M RWA-backed stablecoin vault, though details of this specific announcement could not be independently verified from primary sources. The protocol is tracked on DefiLlama under its RWA dashboard.","heading":"Partnerships and Ecosystem","severity":"low","sources":[{"credibility":2,"name":"AFI Protocol Official Website","type":"official","url":"https://afiprotocol.xyz/"},{"credibility":2,"name":"Artificial Financial Intelligence rwaUSDi - DefiLlama","type":"on_chain","url":"https://defillama.com/rwa/asset/afi-rwausdi"},{"credibility":2,"name":"What Is Multipli.fi? $21.5M-Funded RWA Yield Protocol","type":"news_article","url":"https://blog.mexc.com/what-is-multipli-fi-21-5m-funded-rwa-yield-protocol-earning-15-25-on-stablecoins/"}]},{"content":"No SEC enforcement actions, CFTC complaints, OFAC designations, or Department of Justice proceedings involving AFI Protocol were identified in public records as of June 2026. The protocol's documentation references compliance with OFAC screening requirements and states that sanctioned or high-risk jurisdiction users may be blocked or required to complete KYC. AFI describes itself as a decentralized, non-custodial protocol, which may affect how securities regulations apply to its products. No formal regulatory filings or registrations were identified. The attacker's use of Tornado Cash — a sanctioned mixing service — does not constitute a violation by AFI Protocol itself, but it is a notable feature of the exploit's aftermath.","heading":"Regulatory Status","severity":"low","sources":[{"credibility":2,"name":"AFI Protocol AML Policy","type":"official","url":"https://docs.afiprotocol.ai/legal/anti-money-laundering-aml-policy"},{"credibility":2,"name":"AFI Protocol KYC Policy","type":"official","url":"https://docs.afiprotocol.xyz/legal/know-your-customer-kyc-policy"}]}],"sources_used":[{"credibility":2,"name":"AFI Protocol Shares Incident Update After $480K Exploit, Begins Recovery","type":"news_article","url":"https://www.cryptotimes.io/2026/06/09/afi-protocol-shares-incident-update-after-480k-exploit-begins-recovery/"},{"credibility":2,"name":"afiUSD Vault Exploit Drains $480K As June Hack Run Continues","type":"news_article","url":"https://cryptoadventure.com/afiusd-vault-exploit-drains-480k-as-june-hack-run-continues/"},{"credibility":2,"name":"AFI Protocol Official Website","type":"official","url":"https://afiprotocol.xyz/"},{"credibility":2,"name":"AFI Protocol Documentation","type":"official","url":"https://docs.afiprotocol.xyz/"},{"credibility":2,"name":"AFI Protocol Audits and Bug Bounty Documentation","type":"official","url":"https://docs.afiprotocol.xyz/risks/audits-and-bug-bounty"},{"credibility":2,"name":"AFI Protocol AML Policy","type":"official","url":"https://docs.afiprotocol.ai/legal/anti-money-laundering-aml-policy"},{"credibility":2,"name":"AFI Protocol KYC Policy","type":"official","url":"https://docs.afiprotocol.xyz/legal/know-your-customer-kyc-policy"},{"credibility":2,"name":"Artificial Financial Intelligence rwaUSDi - DefiLlama RWA Dashboard","type":"on_chain","url":"https://defillama.com/rwa/asset/afi-rwausdi"},{"credibility":3,"name":"AFI Protocol rwaUSDi Launches $20M Verified RWA Vault - Our Crypto Talk","type":"news_article","url":"https://ourcryptotalk.com/news/afi-protocol-rwausdi-launches-20m-verified-rwa-vault"},{"credibility":2,"name":"Artificial Financial Intelligence GitHub Organization","type":"other","url":"https://github.com/Artificial-Financial-Intelligence"},{"credibility":2,"name":"Every Major DeFi Hack in 2026 So Far - Phemex","type":"news_article","url":"https://phemex.com/blogs/defi-hacks-2026-bridge-exploits-explained"}],"summary":"AFI Protocol (Artificial Financial Intelligence) is a DeFi infrastructure project building Proof-of-Reserve systems for Real-World Assets (RWAs) on Ethereum, offering yield-bearing ERC-4626 vaults backed by tokenized off-chain collateral. The protocol reported over $225 million in total value locked as of mid-2026 and maintains institutional partnerships with Multipli, Pendle, Morpho, and others. On May 30, 2026, the protocol suffered a $480,000 exploit targeting its afiUSD vault, with stolen funds partially laundered through Tornado Cash; recovery efforts were ongoing as of June 2026.","timeline":[{"date":"2025-08-01","event":"Cantina completes private audit of afiUSD contracts, identifying one critical, several medium and low issues — all reported as remediated.","source":"AFI Protocol Audits Documentation","source_url":"https://docs.afiprotocol.xyz/risks/audits-and-bug-bounty"},{"date":"2025-08-20","event":"Independent researchers zuhaibmohd and 0xWeb3boy complete additional review of afiUSD, finding low-severity issues reported as resolved.","source":"AFI Protocol Audits Documentation","source_url":"https://docs.afiprotocol.xyz/risks/audits-and-bug-bounty"},{"date":"2025-12-01","event":"Quantstamp completes private audit of POR vault contracts, identifying one high and one medium issue — both reported as remediated.","source":"AFI Protocol Audits Documentation","source_url":"https://docs.afiprotocol.xyz/risks/audits-and-bug-bounty"},{"date":"2025-12-07","event":"AFI Protocol launches $20M rwaUSDi institutional vault in partnership with Multipli, backed by claimed $80 million in verified reserves.","source":"AFI Protocol rwaUSDi Launches $20M Verified RWA Vault - Our Crypto Talk","source_url":"https://ourcryptotalk.com/news/afi-protocol-rwausdi-launches-20m-verified-rwa-vault"},{"date":"2026-05-30","event":"afiUSD vault on Ethereum Mainnet exploited for approximately $480,000. Protocol pauses vault and rotates operational keys within hours of detection.","source":"CryptoTimes - AFI Protocol Shares Incident Update After $480K Exploit","source_url":"https://www.cryptotimes.io/2026/06/09/afi-protocol-shares-incident-update-after-480k-exploit-begins-recovery/"},{"date":"2026-05-30","event":"Attacker converts approximately $252,000 in stolen DAI to ETH via on-chain swaps.","source":"CryptoTimes - AFI Protocol Shares Incident Update After $480K Exploit","source_url":"https://www.cryptotimes.io/2026/06/09/afi-protocol-shares-incident-update-after-480k-exploit-begins-recovery/"},{"date":"2026-05-30","event":"Attacker routes approximately 150 ETH through Tornado Cash following a test transfer to a secondary wallet.","source":"CryptoTimes - AFI Protocol Shares Incident Update After $480K Exploit","source_url":"https://www.cryptotimes.io/2026/06/09/afi-protocol-shares-incident-update-after-480k-exploit-begins-recovery/"},{"date":"2026-06-09","event":"AFI Protocol publishes incident update, confirms engagement of Quantstamp, Cantina, and SEAL 911 for recovery efforts, and announces bounty program.","source":"CryptoTimes - AFI Protocol Shares Incident Update After $480K Exploit","source_url":"https://www.cryptotimes.io/2026/06/09/afi-protocol-shares-incident-update-after-480k-exploit-begins-recovery/"}]},"v":1}