Post Mortem of the Post Mortem

There is a lot I think I did wrong in the last 72 hours. I wanted to document the thought processes and timeline so that hopefully others can learn from my mistakes; all times recorded are in my local time


05:33 AM alerted to slippage tx 0x8f102 of ~445k to ~25k

05:34 AM contact 0x431 for assistance

05:36 AM 0x431 executes counter trade tx 0xa1f405 of ~89k to 465,242

~ begin tracking down 0x44e

07:09 AM @fiatminimalist tweets;

07:29 AM response;

~ continue tracking down 0x44e, at this point the focus is on finding 0x44e

10:07 AM manage to make contact with 0x44e start discussion on the slippage transactions.

~ begin planning steps to recoup 0x44e for additional losses incurred


01:12 AM tx 0xa1f405 starts circling twitter

03:31~ AM write and release gist of the two known txs; at this point, detailed investigation is still underway, as the focus has been on recovering 0x44e

02:57 PM Still collecting data; multiple transactions across multiple data sources. At this point, only documenting

~ continue debugging, notice there were more slippage transactions (roughly $150k unnaccounted for)

~ continue debugging and notice 0x818 interaction. Withdrawals show their exit position is around $150k

(0x818 deleted all chats, so unsure what time contact was made)

04:40 PM Release results of transaction sequence;

Now at this point, I’ve already made 2 big mistakes;

  1. I was working on other people’s schedules based on social pressure and not my own
  2. I was trying to have my own biases answered by the chain of events I was witnessing, those biases being that 0x44e lost money, and that 0x818 was responsible.

#1 was causing me to make rushed mistakes, something I know I should never do when auditing data. #1 was also allowing me to validate #2.

At this point, I have accepted the sequence of events, however I still don’t understand the reasoning.


11:31 AM Continue my investigation, start noticing more irregularities in both 0x44e and 0x818’s actions.

~ Rest of day documenting txs based on chronology and timing of events instead of per user sequences.

Further results to be released by @kermankohli via


I made assumptions on what occurred based on my own bias. I should have excluded this from my findings.

I rushed work to fit by other peoples timelines. I should have paced myself instead of the urge to “please” and instead have been more thorough.

These analysis’ takes time, and require thorough investigation. While I was happy with my reactive instincts (step 1: make user whole, step 2: try to recover funds), I could have ended up causing more damage if I had continued through with them. It is not always about pleasing the vocal community, sometimes the right decision is the one no one talks about.