Skip to main content
Sign in
Cointelegraph3 decisions on this page

Audit log

Every state-changing event for Cointelegraph: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 15:18:32Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,795,124
    sig
    3hUFLydPxehN…ZXpLysn1explorer ↗
    hash
    BWZjvgQYA6VH…CmBtfZ16sha256 → base58
    verifying row…full verify ↗
    canonical bytes (3625 B) ▸
    {"actor":"system:backfill","investigation_id":"674e90a3-87f1-45b8-a266-ff1084c6dd58","kind":"publish","page_slug":"cointelegraph","published_at":"2026-05-19T15:18:32.340Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cointelegraph","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Cointelegraph is a major legitimate cryptocurrency news outlet that has been a victim of two distinct infrastructure compromises. In January 2024, attackers breached its email service provider MailerLite and sent phishing emails to subscribers using Angel Drainer malware, resulting in estimated losses of $580,000 to over $700,000 across affected platforms. In June 2025, attackers separately compromised Cointelegraph's banner advertising system to serve Inferno Drainer-linked pop-ups promoting a fake CTG token airdrop to site visitors.","timeline":[{"date":"2024-01-23","event":"Attackers use compromised MailerLite access to send phishing emails from Cointelegraph, WalletConnect, Token Terminal, De.Fi, and Decrypt official email addresses. Phishing emails promote fake airdrops and deploy Angel Drainer via malicious dApps. ZachXBT warns on Telegram and identifies attacker wallet address 0xe7D13137923142A0424771E1778865b88752B3c7.","source":"","source_url":"https://crypto.news/cointelegraph-others-sent-phishing-emails-in-presumed-hack/"},{"date":"2024-01-23","event":"ZachXBT reports over $580,000 has been drained from victims across multiple chains within hours of the campaign launch.","source":"","source_url":"https://decrypt.co/214033/hackers-target-crypto-email-lists-send-phishing-attacks-steal-700000"},{"date":"2024-01-24","event":"MailerLite confirms the breach, disclosing that a support team member was socially engineered via a fraudulent Google sign-in page. 117 accounts were initially reported as accessed (later revised to 70), with four used to launch phishing campaigns. MailerLite notified affected customers within 8 hours.","source":"","source_url":"https://www.mailerlite.com/newsroom/securityincidentnotice"},{"date":"2024-01-24","event":"Total losses from the MailerLite phishing campaign estimated at approximately $700,000 in liquid assets (Nansen's $3.3M figure revised downward after accounting for illiquid XBANKING tokens). Blockaid reports it protected an additional $2.7 million in user funds.","source":"","source_url":"https://decrypt.co/214033/hackers-target-crypto-email-lists-send-phishing-attacks-steal-700000"},{"date":"2025-06-21","event":"Cointelegraph's banner publishing system is briefly compromised. A malicious JavaScript payload is injected via a fraudulent ad network domain resembling AdButler, displaying a fake CTG token ICO airdrop pop-up connected to Inferno Drainer infrastructure.","source":"","source_url":"https://cryptoslate.com/cointelegraph-and-coinmarketcap-front-ends-compromised-with-scam-links-over-the-weekend/"},{"date":"2025-06-22","event":"Cointelegraph publicly warns users not to interact with pop-ups promoting CTG tokens or connect wallets to suspicious prompts. The compromised banner system is cleaned. Help Net Security and Scam Sniffer attribute both the Cointelegraph and CoinMarketCap attacks to Inferno Drainer customers.","source":"","source_url":"https://www.helpnetsecurity.com/2025/06/23/coinmarketcap-cointelegraph-compromised-to-serve-pop-ups-to-drain-crypto-wallets/"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 0de39c49-9a88-4fb6-b573-8fd92d7c7f05
  2. #2reviewby reviewerreviewer
    2026-06-14 23:16:02Z
    Score: 4444 (no score change)
    Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Cointelegraph is a legitimate, established cryptocurrency news outlet founded in 2013, and the investigation page itself frames both incidents as external attacks on infrastructure controlled by third parties (MailerLite in January 2024; a fraudulent ad network domain in June 2025). Under AVOID.NET's post-policy band semantics, WARNING (20-49) requires elevated fraud/loss risk or an unresolved severe incident. Neither applies: the MailerLite breach was a vendor-side social engineering attack affecting a shared email service used by multiple crypto companies, and Cointelegraph responded promptly; the June 2025 ad system compromise was an ad supply-chain attack also affecting CoinMarketCap simultaneously. The iGaming/SEO controversy (suspected Google manual penalty, Oct 2025) is a real editorial concern — Cointelegraph appears to have allowed a third party to operate casino/gambling content under its domain, which is an integrity lapse — but it does not represent fraud risk to financial users. A score of 62 in CAUTIONARY band correctly captures: legitimate operator with material caveats (two third-party security incidents demonstrating non-trivial attack-surface exposure, plus the iGaming editorial integrity issue), while not misclassifying a globally recognized news organization alongside fraud schemes.
    anchoranchored
    chain
    mainnet-betaslot 426,514,550
    sig
    4suBHaoHtmn4…G1B1HXVqexplorer ↗
    hash
    GPh8NVDhVLQu…o5iJn7X4sha256 → base58
    verifying row…full verify ↗
    canonical bytes (1814 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-14T23:16:02.133Z","decision":"review","investigation_id":"674e90a3-87f1-45b8-a266-ff1084c6dd58","new_score":44,"page_slug":"cointelegraph","prev_score":44,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Cointelegraph is a legitimate, established cryptocurrency news outlet founded in 2013, and the investigation page itself frames both incidents as external attacks on infrastructure controlled by third parties (MailerLite in January 2024; a fraudulent ad network domain in June 2025). Under AVOID.NET's post-policy band semantics, WARNING (20-49) requires elevated fraud/loss risk or an unresolved severe incident. Neither applies: the MailerLite breach was a vendor-side social engineering attack affecting a shared email service used by multiple crypto companies, and Cointelegraph responded promptly; the June 2025 ad system compromise was an ad supply-chain attack also affecting CoinMarketCap simultaneously. The iGaming/SEO controversy (suspected Google manual penalty, Oct 2025) is a real editorial concern — Cointelegraph appears to have allowed a third party to operate casino/gambling content under its domain, which is an integrity lapse — but it does not represent fraud risk to financial users. A score of 62 in CAUTIONARY band correctly captures: legitimate operator with material caveats (two third-party security incidents demonstrating non-trivial attack-surface exposure, plus the iGaming editorial integrity issue), while not misclassifying a globally recognized news organization alongside fraud schemes.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 6b03cc74-a946-4138-a7f5-a14ce9e40695
  3. #3review approveby judgejudge
    2026-06-14 23:16:02Z
    Score: 4462 (+18)
    This is a severity-calibration review, not a fact-dispute review. All six claim findings (claim_findings[0]–[5]) are supported — no content on the page is disputed. The review establishes that Cointelegraph is a legitimate, established cryptocurrency news outlet and that both documented incidents (January 2024 MailerLite breach; June 2025 ad supply-chain attack) were executed by external threat actors against third-party infrastructure, not Cointelegraph's own systems. The current score of 44 places the entity in WARNING band, which under AVOID.NET's band semantics requires elevated fraud/loss risk or an unresolved severe incident. Neither criterion is met. The iGaming/SEO issue (claim_findings[5]) reflects an editorial integrity lapse but carries no financial fraud risk to users. A score of 62 in CAUTIONARY band — a positive delta of +18 — correctly reflects a legitimate operator with material but external-origin caveats. Page content stands and publish status is unchanged.
    anchoranchored
    chain
    mainnet-betaslot 426,514,554
    sig
    4ZfVbGVZAxXA…AkC1oPotexplorer ↗
    hash
    6NAuLND5kA6o…RFH91Ss4sha256 → base58
    verifying row…full verify ↗
    canonical bytes (1344 B) ▸
    {"actor":"judge","decided_at":"2026-06-14T23:16:02.133Z","decision":"review_approve","investigation_id":"674e90a3-87f1-45b8-a266-ff1084c6dd58","new_score":62,"page_slug":"cointelegraph","prev_score":44,"reason":"This is a severity-calibration review, not a fact-dispute review. All six claim findings (claim_findings[0]–[5]) are supported — no content on the page is disputed. The review establishes that Cointelegraph is a legitimate, established cryptocurrency news outlet and that both documented incidents (January 2024 MailerLite breach; June 2025 ad supply-chain attack) were executed by external threat actors against third-party infrastructure, not Cointelegraph's own systems. The current score of 44 places the entity in WARNING band, which under AVOID.NET's band semantics requires elevated fraud/loss risk or an unresolved severe incident. Neither criterion is met. The iGaming/SEO issue (claim_findings[5]) reflects an editorial integrity lapse but carries no financial fraud risk to users. A score of 62 in CAUTIONARY band — a positive delta of +18 — correctly reflects a legitimate operator with material but external-origin caveats. Page content stands and publish status is unchanged.","score_delta":18,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 4e198e39-901c-4a2b-a2e7-60df5ecf8385
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.