Every incident in Forensic Ledger is sourced, classified, and cross-referenced using the following procedure.
Primary data source
The skeleton of each incident — protocol name, incident date, exploit class, loss amount, chain, and primary reference URL — is taken from the DeFiHackLabs public research repository, which maintains reproducible Foundry proofs-of-concept for every listed incident. This is the authoritative source for reproducible DeFi exploit research.
Exploit classification
We normalize exploit descriptions from the source into 24 categorical classes: flash loan, reentrancy, oracle manipulation, price manipulation, access control, private-key compromise, business-logic flaw, inflation attack, rug pull, governance attack, bridge exploit, precision loss, integer overflow, storage collision, front-running, signature attack, input validation, arbitrary call, donation attack, slippage abuse, misconfiguration, unsafe math, phishing, and other.
Loss amounts
Loss amounts are reported in USD at the time of the incident, as published in the primary source. When the reported amount is denominated in a non-USD token (ETH, BNB, MATIC), we do not convert — the record shows ‘undisclosed’ rather than a speculative USD figure. Amounts over $10B are flagged as parse errors and excluded.
Chain attribution
Chain is inferred from explorer URLs (etherscan.io → Ethereum, bscscan.com → BNB Chain, etc.) and, when ambiguous, from keywords in the primary reference. Unattributed incidents are shown as ‘chain not specified’ rather than guessed.
Update cadence
The archive is refreshed weekly. New incidents are imported on detection; existing records are updated if the source publishes amended figures or new post-mortem links.
Corrections
If you spot a factual error, email [email protected] with a link to the on-chain evidence. Verified corrections are published within 48 hours.