π¨ Executive Summary
On October 17, 2022, someone executed a sophisticated inflation exploit on the DERO blockchain, creating 2,200,000 DERO (worth $9.17M at the time) from nothing and systematically laundering approximately $8.34M over 21 months through 242 different exchange accounts.
Through comprehensive blockchain forensics enabled by our deanonymization of the DERO chain, we present compelling evidence that "Captain" (CaptainDero) - the anonymous project founder and sole core developer - was the perpetrator of this massive theft.
The evidence shows this wasn't a one-time exploit, but the final phase of a systematic extraction scheme that spans years, ultimately leading to Captain's complete abandonment of the project and its ecosystem.
$8.34M
Total Value Extracted
$9.17M
Value at Exploit Date
781
Laundering Transactions
242
Exchange Accounts Used
π¬ Technical Evidence: The Inflation Exploit
The Smoking Gun Transaction
Date: October 17, 2022, 07:58:09 UTC
Transaction ID: 5bbe1b7eecfe3447cb045b1197a07a214b456968eda8a3d5a90f5fae9ce57e55
Amount: -2200000.00181 DERO
Value at exploit: $9.17M
Transaction Fee: 0.00181 DERO
Critical Finding: This transaction shows a negative transfer amount, meaning the "sender" actually received 2,200,000 DERO while the "recipient" had this amount subtracted from their balance. Both wallets were freshly created and completely empty before this transaction.
π Verify This Yourself: Use proof string
deroproof1qyyj0cgu3htmkumr79sgca75vwsx8kx7zkrjg0nfez46w36qyx4kwq9zvfyyskpqvdpcfhkhk4m7y9d77ehyj7yhnnrv9z0tjr9m5fqe2yx9t27dwtdxy4j4r0llll7vcmaxwjcl8jzfq on the
official DERO explorer to confirm our deanonymization. Note: Official explorer will show a large positive number due to uint64 underflow, not the actual negative amount.
How the exploit worked:
- The DERO protocol failed to properly validate transaction proofs, allowing negative transfer amounts
- This allowed the creation of a transaction that effectively created tokens from nothing
- The negative amount meant the "sender" received 2,200,000 DERO instead of sending it
- The 0.00181 DERO transaction fee was paid from this newly created amount
π΅οΈ Forensic Analysis: The 21-Month Money Laundering Operation
Systematic Fund Distribution
Our blockchain analysis, enabled by the deanonymization of DERO's supposedly private transactions, revealed a sophisticated laundering operation:
- Total laundered: Approximately 2,110,858 DERO (95.9% of stolen funds)
- Transactions: 781 separate transfers over 21 months
- Average deposit size: ~10,000 DERO (below detection thresholds)
- Exchange accounts: 242 different accounts across TradeOgre and Kucoin
- Account reuse pattern: Each account used 1-5 times (mostly 2-3x)
- Timeline: October 17, 2022 β July 26, 2024
Sophisticated Pattern: The attacker used consistent metadata (same fees, comments, destination ports) for internal transfers, proving single-actor control, while varying exchange account usage to avoid detection.
π― The Case Against Captain
Why Only Captain Could Execute This
Exclusive Technical Access: Captain was the sole core developer with deep protocol knowledge. The DERO codebase is undocumented, never audited, and protected by a restrictive custom license that prevents commercial use and forking, giving Captain complete control.
Circumstantial Evidence:
- Perfect Timing: Exploit occurred just 47 days after the AtlantisβStargate swap deadline
- Technical Monopoly: Only Captain had the knowledge to exploit protocol validation flaws
- Behavioral Shift: Development activity declined dramatically after the exploit
- Communication Pattern: Went increasingly silent during the 21-month liquidation period
- Infrastructure Abandonment: Stopped maintaining official servers after completing sales in July 2024
The "Extra 2 Million" Problem
Financial Impossibility: Captain currently holds over 3M DERO in his wallets, despite starting with only 1M dev fund in 2017 and supposedly funding all project expenses for 7+ years.
The Math Doesn't Add Up:
- Started with: 1M DERO dev fund (2017)
- After 7+ years of expenses: Should be near zero
- Actually holds personally: 2M+ DERO
- Plus controls: 1M DERO community fund
- Unexplained excess: ~2M DERO
This suggests the October 2022 exploit was not Captain's first extraction, but part of a broader pattern spanning multiple years. Similar inflation exploits could have occurred on the previous Atlantis chain, but that blockchain data is no longer accessible, and being a privacy coin, it couldn't have been analyzed even if available. Only the current privacy bug discovery enabled this revelation on the Stargate chain.
Development Activity Collapse
Dramatic Development Decline: Captain's commit activity dropped dramatically after the exploit, with most subsequent fixes coming from community contributions rather than Captain's work.
Release Pattern Analysis:
- Pre-exploit (Feb-Oct 2022): 10+ releases in 8 months (hyperactive development)
- Post-exploit (Nov 2022-2023): Only 3 releases in 14 months
- 2023 onwards: Minimal activity, community-driven fixes, 4+ month gaps
- August 2025: First non-Captain release by Foundation member
This pattern shows someone who stopped caring about the project immediately after executing the exploit, consistent with an exit strategy rather than ongoing development commitment.
Behavioral Patterns: The "2" Coincidence
An interesting pattern emerges in Captain's transaction history and the exploit amount:
- Early transactions: 2,000 DERO + 11,000,002 DERO (total: 11,002,002)
- Later transaction: 100,002 DERO
- Exploit amount: 2,200,000 DERO
While Captain made many transactions over the years, it's notable that a random attacker chose exactly 2,200,000 DERO rather than a round number like 10M or the maximum possible amount. This specific choice, combined with Captain's historical preference for amounts ending in "2", presents an interesting coincidence worth noting.
π
Timeline: The Pattern of Extraction and Abandonment
DERO Development History
Dec 5, 2017
Original Launch: 2M premine (1M dev fund, 1M community fund)
Feb 26, 2022
Stargate Launch: Captain controls all coins initially, processes all swaps
Aug 31, 2022
Swap Deadline: Unusually short 6-month window closes
Oct 17, 2022
π¨ THE EXPLOIT: 2.2M DERO inflated at $4 per token
Nov 2022-2023
Cover Phase: Minimal development, Foundation provides false updates about Captain's activity
Jun 25, 2023
False Promise: Captain promises second swap opportunity for missed Atlantis holders
Oct 31, 2023
Nonsensus Conference: Captain absent but makes "We are all Captain" announcement, suggesting project handover (while retaining control of funds)
Jan 1, 2024
Final Message on Discord: "Very Very Happy New year to everyone. Bless you all."
Feb 4, 2024
Broken Promise: Foundation promises coin burn by April 15, 2024 - never happens
Feb 28, 2024
Kucoin Exit: DERO delisted from Kucoin (one of the laundering exchanges), mysterious 435K DERO liquidation
May 17, 2024
Privacy Bug Exposed: Luke Parker reports critical privacy vulnerability enabling chain deanonymization
Jul 26, 2024
Final Sale: Last exploit funds moved to exchanges
Oct 12, 2024
Exposure Threat: Derolytics announces Captain holdings investigation
Oct 13, 2024
Panic Response on Matrix: Captain breaks months of silence within 24 hours, claims "personal issues"
May 2025
Infrastructure Dies: Official servers go offline (likely paid through July 2024, expired naturally)
Jul 14, 2025
Derolytics Explorer Launch: First tool to reveal true state of DERO's blockchain after year of forensic work
Jul 30, 2025
TradeOgre Collapse: Second laundering exchange goes offline (rumored legal seizure)
Aug 13, 2025
Foundation Takes Over: First non-Captain release after 15 months of broken privacy
π The Broader Pattern: Captain's Extraction Cycles
The "Captain Cycle" Strategy
- Build Hype: Major release/innovation drives price up (Stargate: <$1 β $10+)
- Extract Funds: Via exploits during elevated prices (~$4 for 2.2M theft)
- Go Silent: Foundation provides cover with "working on something big" narrative
- Abandon: Complete extraction and infrastructure abandonment
Historical Pattern: Foundation members admitted it wasn't uncommon for Captain to disappear for months, then return with major releases. This suggests the October 2022 exploit may be the final iteration of a repeating cycle.
Pattern of Broken Promises
Captain's behavior shows a consistent pattern of making promises to buy time while executing his exit strategy:
- Coin Burn (Multiple Promises): Repeatedly promised to burn unswapped Atlantis coins, never executed
- Second Swap Opportunity (June 2023): Promised additional swap window for missed holders, never delivered
- Privacy Fix (October 2024): Promised bug fixes "in the coming weeks," never materialized
Buying Time Strategy: These false promises served to maintain community trust while Captain completed his 21-month liquidation operation. Each promise delayed community action and suspicion.
π₯ Ecosystem Destruction
Systematic Sabotage
Captain didn't just steal money - he ensured DERO would die with him:
- Community Fund Hostage: Foundation can't hire new developers (Captain controls 1M community fund)
- No Documentation: Undocumented codebase, restrictive license prevents forks
- Critical Bugs Ignored: Privacy bug unfixed for 15+ months after discovery
- Exchange Ecosystem Collapse: Both laundering exchanges now gone (Kucoin delisted, TradeOgre offline)
- Development Cessation: First non-Captain release only in August 2025
Current State: Market cap $7.14M - less than the $8.34M stolen. Captain extracted more value than the entire project is worth today.
π Derolytics Investigation & Ongoing Concerns
The Tracking Dilemma
Derolytics has been monitoring the DERO blockchain continuously since discovering the deanonymization method. Our investigation suggests this was likely the only executed major inflation exploit, though a few transactions couldn't be deanonymized and showed no subsequent fund movements - possibly additional coin creation that was never used, or just testing the initial Slixe's fix.
The Foundation's Problematic Decision: After
warning publicly about potential consequences, the Foundation proceeded to release the
privacy fix in August 2025, making future transactions private again. This decision has serious implications:
- Lost Oversight: We can no longer monitor for new exploits in real-time
- Unaddressed Vulnerabilities: The Foundation's fix only addressed the privacy bug improperly - numerous other protocol vulnerabilities remain
- Future Exploits Invisible: Any new inflation exploits can now occur completely undetected
- Technical Incompetence: Wallet-level workaround instead of proper protocol hard fork, exchange synchronization failures
β οΈ Why We Didn't Engage Directly: Given the Foundation's history of lies, attacks against our investigation, and clear technical incompetence, we had no confidence in their ability to properly address these issues. Their choice of a delayed, improper fix vindicated this assessment.
Foundation Failures
The DERO Foundation has consistently failed the community:
- 15 Months of Inaction: Ignored critical privacy bug after discovery
- False Claims: Repeatedly lied about Captain's activity and communication
- Refused Dialogue: Blocked Derolytics on X while attacking us, ignoring and downplaying any community concerns on Discord
- No Resources: Cannot access 1M community fund to hire competent developers
- Technical Errors: Made mistakes in latest release due to code misunderstanding
After 15 months of Foundation negligence, it became clear that DERO has no viable future under current leadership. This is why we're releasing this comprehensive investigation now.
π― Conclusion
The Evidence is Overwhelming
The combination of technical proof, forensic analysis, circumstantial evidence, and behavioral patterns creates an irrefutable case:
- Technical Capability: Only Captain could execute this exploit
- Perfect Timing: Right after swap obligations ended
- Sophisticated Execution: 21-month professional laundering operation
- Historical Pattern: Part of years-long extraction scheme
- Behavioral Evidence: Panic response to exposure, infrastructure abandonment
- Systematic Sabotage: Ensured project couldn't survive without him
Captain didn't just steal $8.34M - he systematically extracted value over years while ensuring DERO's ecosystem would collapse upon his departure, leaving investors with worthless tokens and no path forward.
β οΈ Important Note: This analysis is based on blockchain forensics and circumstantial evidence. While the technical evidence of the exploit is irrefutable, the attribution to Captain, though strongly supported by multiple lines of evidence, remains an allegation. Captain abandoned all communication in early 2024 and has not responded to any community concerns or vulnerability reports since then.
π Supporting Data
Complete forensic analysis and supporting data available for download:
Additional Investigation: Extensive analysis and updates throughout 2024-2025 have been shared on our X account: @Derolytics
Investigation by Derolytics Team
Blockchain forensics enabled by the deanonymization of the DERO chain following the Luke Parker's discovery of the privacy bug
Derolytics has been tracking and reporting on DERO's issues throughout 2024-2025, culminating in the launch of Derolytics Explorer - the first tool to reveal the true state of DERO's supposedly private blockchain.
Follow our investigation: @Derolytics on X
For complete forensic data, transaction analysis, and ongoing updates, visit our X account where we've documented this investigation over the past year.
Final Statement: This report concludes the Derolytics chapter on DERO. After more than a year of investigation, forensic analysis, and attempts to bring transparency to this project, we can definitively state: DERO IS DEAD.
Good luck to everyone who believed in this project - we hope this investigation provides the closure you deserve.