← Zabu Finance3 decisions on this page

Audit log

Every state-changing event for Zabu Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-28 17:49:51Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,768,931
sig
52uadWNmA1DZ…TtCNnGueexplorer ↗
hash
ESj6Ji1tWy5T…C7QysZWBsha256 → base58
verifying row…full verify ↗
canonical bytes (6322 B) ▸
{"actor":"system:backfill","investigation_id":"165277a4-bd68-46b8-92c0-11ffcadf8ec3","kind":"publish","page_slug":"zabu-finance","published_at":"2026-05-28T17:49:51.101Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Zabu Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://slowmist.medium.com/brief-analysis-of-zabu-finance-being-hacked-44243919ea29","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-zabu-finance-hack-september-2021","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2021/09/13/avalanche-based-zabu-finance-exploited-in-32m-hack","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/zabu-finance-exploited-on-avalanche-3-2m/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-zabu-finance-hack-september-2021","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/zabu-finance-exploited-on-avalanche-3-2m/","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/polyyeldfinancexyeldexploit.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/zabu-finance-exploited-on-avalanche-3-2m/","type":"other","url":""},{"credibility":3,"name":"https://ambcrypto.com/avalanche-based-zabu-finance-loses-3-2m-to-defi-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/09/13/avalanche-based-zabu-finance-exploited-in-32m-hack","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/zabu-finance-exploited-on-avalanche-3-2m/","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/hackfraudscam/zabufinancestakingcalculationbug.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/zabu-finance","type":"other","url":""},{"credibility":3,"name":"https://www.coinbase.com/price/zabu-finance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://en.wikipedia.org/wiki/ZachXBT","type":"other","url":""}]}],"sources_used":[{"credibility":1,"name":"Avalanche-Based Zabu Finance Exploited in $3.2M Hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2021/09/13/avalanche-based-zabu-finance-exploited-in-32m-hack"},{"credibility":2,"name":"Brief Analysis of Zabu Finance Being Hacked — SlowMist","type":"research","url":"https://slowmist.medium.com/brief-analysis-of-zabu-finance-being-hacked-44243919ea29"},{"credibility":2,"name":"Explained: The Zabu Finance Hack (September 2021) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-zabu-finance-hack-september-2021"},{"credibility":2,"name":"Zabu Finance Exploited on Avalanche For $3.2M — BeInCrypto","type":"news_article","url":"https://beincrypto.com/zabu-finance-exploited-on-avalanche-3-2m/"},{"credibility":2,"name":"Knowsec Blockchain Lab Zabu Finance Flash Loan Analysis — Medium","type":"research","url":"https://medium.com/@Knownsec_Blockchain_Lab/knowsec-blockchain-lab-zabu-finance-flash-loan-security-incident-analysis-5fe10e7f4849"},{"credibility":3,"name":"Sep 2021 Zabu Finance Staking Calculation Bug — Quadriga Initiative","type":"community_report","url":"https://www.quadrigainitiative.com/hackfraudscam/zabufinancestakingcalculationbug.php"},{"credibility":2,"name":"Avalanche-based Zabu Finance loses $3.2M to DeFi exploit — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/avalanche-based-zabu-finance-loses-3-2m-to-defi-exploit/"},{"credibility":2,"name":"Zabu Finance — DefiLlama Protocol Page","type":"on_chain","url":"https://defillama.com/protocol/zabu-finance"},{"credibility":3,"name":"Jul 2021 PolyYeld Finance xYeld Exploit — Quadriga Initiative","type":"community_report","url":"https://www.quadrigainitiative.com/casestudy/polyyeldfinancexyeldexploit.php"}],"summary":"Zabu Finance was an Avalanche-based yield farming protocol that suffered a $3.2 million flash loan exploit on September 12, 2021, marking what was widely described as the first major DeFi hack on the Avalanche blockchain. The vulnerability — a known deflationary token accounting flaw that had already been exploited on Polygon two months prior — drained the protocol's SPORE staking pool and caused the ZABU token to collapse from approximately $0.004 to near-zero. The protocol attempted a v2 token relaunch but has since gone effectively dormant, with a TVL of approximately $5,000 and a website SSL certificate that expired in August 2022.","timeline":[{"date":"2021-07-01","event":"PolyYeld Finance on Polygon is exploited using the identical deflationary-token accounting flaw; YELD token crashes to zero. The vulnerability is publicly documented but no widespread industry remediation follows.","source":""},{"date":"2021-09-12","event":"Zabu Finance is exploited on Avalanche via flash loan attack targeting SPORE pool's deflationary token accounting flaw. Attacker mints approximately 4.5 billion ZABU tokens and dumps them on Pangolin and Trader Joe DEXes, stealing approximately $3.2 million. ZABU price collapses ~99.5%.","source":""},{"date":"2021-09-13","event":"Zabu Finance team sets all farm rewards to zero and announces a snapshot-based v2 token recovery plan. PeckShield publicly states the bug 'happened many times before.' SlowMist and Knownsec publish technical analyses of the exploit.","source":""},{"date":"2021-09-13","event":"Zabu Finance burns approximately 93.12 million ZABU tokens (valued at ~$360,000 at time of burn) as part of recovery efforts.","source":""},{"date":"2022-08-22","event":"Zabu Finance website SSL certificate expires and is not renewed, indicating active development and maintenance has ceased.","source":""},{"date":"2026-05-01","event":"DefiLlama records Zabu Finance TVL at approximately $5,147. ZABU token is delisted from major exchanges. Protocol is effectively dormant.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision b71528d1-76a6-412f-893f-a850e2904442
#2reviewby reviewerreviewer
2026-06-15 19:50:05Z
Score: 18 → 18 (no score change)
The page's core factual claims about the September 12, 2021 exploit — amount, mechanism, DEXes involved, and 'first Avalanche DeFi hack' characterization — are well-supported by multiple credible sources. Two claims are unverifiable (specific SSL expiry date) and three are partially supported due to a digit transposition in the token burn figure (93.12 vs 93.21 million) and an incorrect date for the PolyYeld exploit (July 1 stated vs July 28 confirmed). No claims are directly disputed by more credible sources. A significant structural issue is that all six section content fields are empty, and the Wikipedia ZachXBT citation has no apparent connection to Zabu Finance. The current trust score of 18 (CRITICAL) is a known miscalibration — the entity suffered a hack rather than committing fraud, placing it in the CAUTIONARY band.
anchoranchored
chain
●mainnet-betaslot 426,700,979
sig
4wSPhi6nGqyj…eRbd58Biexplorer ↗
hash
GPiddwpJ4tSo…MaZLq9HMsha256 → base58
verifying row…full verify ↗
canonical bytes (1184 B) ▸
{"actor":"reviewer","decided_at":"2026-06-15T19:50:04.967Z","decision":"review","investigation_id":"165277a4-bd68-46b8-92c0-11ffcadf8ec3","new_score":18,"page_slug":"zabu-finance","prev_score":18,"reason":"The page's core factual claims about the September 12, 2021 exploit — amount, mechanism, DEXes involved, and 'first Avalanche DeFi hack' characterization — are well-supported by multiple credible sources. Two claims are unverifiable (specific SSL expiry date) and three are partially supported due to a digit transposition in the token burn figure (93.12 vs 93.21 million) and an incorrect date for the PolyYeld exploit (July 1 stated vs July 28 confirmed). No claims are directly disputed by more credible sources. A significant structural issue is that all six section content fields are empty, and the Wikipedia ZachXBT citation has no apparent connection to Zabu Finance. The current trust score of 18 (CRITICAL) is a known miscalibration — the entity suffered a hack rather than committing fraud, placing it in the CAUTIONARY band.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 86605d05-5bfa-49be-a580-4d84b5358336
#3review approveby judgejudge
2026-06-15 19:50:05Z
Score: 18 → 52 (+34)
Zero of 19 claims were disputed by a more credible source. The two unverifiable claims (specific SSL expiry date in claim_findings[8] and claim_findings[15]) relate to a minor operational detail that does not affect the core incident record. Three partially-supported claims involve a digit transposition in a token burn figure (claim_findings[14]) and a timeline date offset of 27 days for the PolyYeld precedent event (claim_findings[9]) — neither materially misrepresents the incident. The page's core factual record — the $3.2M flash loan exploit, its mechanism, date, DEXes involved, and the 'first Avalanche DeFi hack' characterization — is confirmed by Tier 1 and Tier 2 sources including CoinDesk, Halborn, and SlowMist. High-priority coverage gaps (empty section content fields, misplaced ZachXBT citation) indicate structural authoring issues that warrant future revision but do not undermine the accuracy of the published claims. The current trust score of 18 (CRITICAL) is a miscalibration: all incidents are classified as suffered (type b), which caps at CAUTIONARY under the scoring rubric, and the reviewer's recommended score of 52 is consistent with the evidence.
anchoranchored
chain
●mainnet-betaslot 426,700,984
sig
2L4WzeBHyV2s…4JFbzhSpexplorer ↗
hash
BJhzW1or5ePL…UY5wpL3Usha256 → base58
verifying row…full verify ↗
canonical bytes (1534 B) ▸
{"actor":"judge","decided_at":"2026-06-15T19:50:04.967Z","decision":"review_approve","investigation_id":"165277a4-bd68-46b8-92c0-11ffcadf8ec3","new_score":52,"page_slug":"zabu-finance","prev_score":18,"reason":"Zero of 19 claims were disputed by a more credible source. The two unverifiable claims (specific SSL expiry date in claim_findings[8] and claim_findings[15]) relate to a minor operational detail that does not affect the core incident record. Three partially-supported claims involve a digit transposition in a token burn figure (claim_findings[14]) and a timeline date offset of 27 days for the PolyYeld precedent event (claim_findings[9]) — neither materially misrepresents the incident. The page's core factual record — the $3.2M flash loan exploit, its mechanism, date, DEXes involved, and the 'first Avalanche DeFi hack' characterization — is confirmed by Tier 1 and Tier 2 sources including CoinDesk, Halborn, and SlowMist. High-priority coverage gaps (empty section content fields, misplaced ZachXBT citation) indicate structural authoring issues that warrant future revision but do not undermine the accuracy of the published claims. The current trust score of 18 (CRITICAL) is a miscalibration: all incidents are classified as suffered (type b), which caps at CAUTIONARY under the scoring rubric, and the reviewer's recommended score of 52 is consistent with the evidence.","score_delta":34,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 6bb366ae-a80f-4a29-ae93-38eb530a99ac

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.