Post Mortem of the Post Mortem

There is a lot I think I did wrong in the last 72 hours. I wanted to document the thought processes and timeline so that hopefully others can learn from my mistakes; all times recorded are in my local time


05:33 AM alerted to slippage tx 0x8f102 of ~445k to ~25k

05:34 AM contact 0x431 for assistance

05:36 AM 0x431 executes counter trade tx 0xa1f405 of ~89k to 465,242

~ begin tracking down 0x44e

07:09 AM @fiatminimalist tweets;

Image for post
Image for post

07:29 AM response;

Image for post
Image for post

~ continue tracking down 0x44e, at this point the focus is on finding 0x44e

10:07 AM manage to make contact with 0x44e start discussion on the slippage transactions.

~ begin planning steps to recoup 0x44e for additional losses incurred


01:12 AM tx 0xa1f405 starts circling twitter

Image for post
Image for post

03:31~ AM write and release gist of the two known txs; at this point, detailed investigation is still underway, as the focus has been on recovering 0x44e

Image for post
Image for post

02:57 PM Still collecting data; multiple transactions across multiple data sources. At this point, only documenting

~ continue debugging, notice there were more slippage transactions (roughly $150k unnaccounted for)

~ continue debugging and notice 0x818 interaction. Withdrawals show their exit position is around $150k

(0x818 deleted all chats, so unsure what time contact was made)

Image for post
Image for post

04:40 PM Release results of transaction sequence;

Image for post
Image for post

Now at this point, I’ve already made 2 big mistakes;

#1 was causing me to make rushed mistakes, something I know I should never do when auditing data. #1 was also allowing me to validate #2.

At this point, I have accepted the sequence of events, however I still don’t understand the reasoning.


11:31 AM Continue my investigation, start noticing more irregularities in both 0x44e and 0x818’s actions.

~ Rest of day documenting txs based on chronology and timing of events instead of per user sequences.

Further results to be released by @kermankohli via


I made assumptions on what occurred based on my own bias. I should have excluded this from my findings.

I rushed work to fit by other peoples timelines. I should have paced myself instead of the urge to “please” and instead have been more thorough.

These analysis’ takes time, and require thorough investigation. While I was happy with my reactive instincts (step 1: make user whole, step 2: try to recover funds), I could have ended up causing more damage if I had continued through with them. It is not always about pleasing the vocal community, sometimes the right decision is the one no one talks about.

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store