SIR.trading

2021-01-01

Pseudonymous founder Xatarrer begins developing SIR.trading over approximately four years without venture capital funding, supported by approximately $70,000 from community contributors.

2025-01-01

Egis Security completes security audit of SIR.trading, finding 3 high-severity, 2 medium-severity, and 2 low-severity issues. The transient storage slot collision vulnerability is not identified.

2025-01-30

Attacker deploys malicious ERC-20 tokens and creates a controlled Uniswap V3 liquidity pool, beginning preparation for the exploit at 6:18 UTC.

2025-02-20

SIR.trading launches on Ethereum mainnet, growing to approximately $355,000–$400,000 TVL through organic growth without advertising.

2025-03-30

Attacker exploits transient storage slot collision in the Vault contract's uniswapV3SwapCallback function, draining the entire $355,000 TVL in USDC, wBTC, and wETH. Stolen assets are immediately routed through Railgun. The exploit is detected by TenArmorAlert and Decurity.

2025-03-31

Founder Xatarrer issues on-chain plea to the attacker, offering $100,000 bounty to keep as compensation for the bug discovery and requesting the return of the remaining ~$255,000, pledging no legal action. Describes the event as 'the worst news a protocol can receive.'

2025-04-01

Attacker does not respond to bounty offer. Stolen funds remain in Railgun. SIR team announces intent to relaunch and begins seeking auditors willing to accept token equity in lieu of payment.

2025-01-01

Protocol relaunches at app.sir.trading following completion of four independent security audits. No stolen funds recovered. Relaunch expands to HyperEVM and MegaETH networks in addition to Ethereum.