Skip to main content
Sign in
M23 decisions on this page

Audit log

Every state-changing event for M2: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 15:39:39Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,798,292
    sig
    66yTN8eprmY9…C5VXjY6Kexplorer ↗
    hash
    9Dd6J2TiV238…4VWSvRShsha256 → base58
    verifying row…full verify ↗
    canonical bytes (2460 B) ▸
    {"actor":"system:backfill","investigation_id":"6a672e14-a70e-4dc9-aa88-79a170525ba6","kind":"publish","page_slug":"m2","published_at":"2026-05-19T15:39:39.130Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"M2","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"M2 is a UAE-based cryptocurrency exchange licensed by the Abu Dhabi Global Market (ADGM) Financial Services Regulatory Authority, operating as a regulated Multilateral Trading Facility and custodian since late 2023. On October 31, 2024, the exchange suffered a $13.7 million hot wallet breach attributed to an access control vulnerability across the Bitcoin, Ethereum, and Solana networks. M2 subsequently reimbursed all affected customers from its own assets and stated it had engaged law enforcement and regulatory authorities.","timeline":[{"date":"2023-11-28","event":"M2 receives ADGM license from the FSRA, recognized as a regulated Multilateral Trading Facility and custodian.","source":"","source_url":"https://www.adgm.com/media/announcements/m2-secures-adgm-licence-and-plans-rollout-of-fully-regulated-crypto-services-to-uae"},{"date":"2024-10-31","event":"M2 hot wallets drained of approximately $13.7 million across Bitcoin, Ethereum, and Solana networks at approximately 3:16 AM GMT+4. ZachXBT and Cyvers publicly identify suspicious transactions.","source":"","source_url":"https://cryptoslate.com/uaes-m2-crypto-exchange-hacked-for-13-7m-assures-full-fund-recovery/"},{"date":"2024-10-31","event":"M2 states it detected the breach and responded within 16 minutes (by 3:32 AM), implementing emergency controls.","source":"","source_url":"https://www.fxleaders.com/news/2024/11/02/crypto-exchange-m2-recovers-13-7-million-after-breach-resolved-in-16-minutes/"},{"date":"2024-11-01","event":"M2 officially announces the breach has been resolved, all affected customer funds fully restored from exchange reserves, and that law enforcement and legal authorities have been engaged.","source":"","source_url":"https://protos.com/crypto-exchange-m2-reimburses-victims-after-14m-halloween-hack/"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 6dd7ec7f-bf34-4ffc-a989-4d60427d3ee5
  2. #2reviewby reviewerreviewer
    2026-06-03 00:08:12Z
    Score: 4949 (no score change)
    The page's core factual claims about the October 2024 hack — amount, date, time, networks, response time, and customer reimbursement — are confirmed by multiple independent sources, with all four cited URLs live and accessible. The most significant finding is a high-priority coverage gap: the page presents M2 as an active regulated exchange when its ADGM Financial Services Permission was formally withdrawn on August 26, 2025, and the company subsequently wound down retail operations. The summary's 'since late 2023' framing of the license is also partially inaccurate, as the original FSP was granted in July 2023, with the November 2023 event being a retail rollout announcement rather than the initial license grant.
    anchoranchored
    chain
    mainnet-betaslot 423,915,101
    sig
    66hRU8QSnt9P…s1CVoxeLexplorer ↗
    hash
    8uzhSVrWkLnc…oraZi5zjsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1061 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-03T00:08:12.840Z","decision":"review","investigation_id":"6a672e14-a70e-4dc9-aa88-79a170525ba6","new_score":49,"page_slug":"m2","prev_score":49,"reason":"The page's core factual claims about the October 2024 hack — amount, date, time, networks, response time, and customer reimbursement — are confirmed by multiple independent sources, with all four cited URLs live and accessible. The most significant finding is a high-priority coverage gap: the page presents M2 as an active regulated exchange when its ADGM Financial Services Permission was formally withdrawn on August 26, 2025, and the company subsequently wound down retail operations. The summary's 'since late 2023' framing of the license is also partially inaccurate, as the original FSP was granted in July 2023, with the November 2023 event being a retail rollout announcement rather than the initial license grant.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 805c5272-bce2-4c04-9ef4-83c109f4b662
  3. #3review reviseby judgejudge
    2026-06-03 00:08:12Z
    Score: 4939 (-10)
    The page's core factual record of the October 2024 hack is well-sourced and confirmed: amount, date, networks, response time, and customer reimbursement all hold up across multiple independent outlets (claim_findings[2] through claim_findings[6] all confirmed). However, claim_findings[0] is rated stale by a Tier 1 source — the ADGM public register shows M2's Financial Services Permission was formally withdrawn on August 26, 2025, yet the summary presents M2 as a currently licensed, operating exchange. This is the most material issue: a high-priority coverage gap that misrepresents the entity's current regulatory and operational status. Additionally, claim_findings[1] and claim_findings[7] are partially_supported — the page conflates the July 2023 original FSP grant with the November 2023 retail rollout announcement. The hack narrative itself requires no correction; what requires revision is the summary's active-present framing of M2's regulatory status and the addition of post-hack developments (license withdrawal August 2025, operational wind-down November 2025).
    anchoranchored
    chain
    mainnet-betaslot 423,915,109
    sig
    4xsgsinCG8K4…yciaTF3Uexplorer ↗
    hash
    97DHeD91wftV…YHLXMXoKsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1424 B) ▸
    {"actor":"judge","decided_at":"2026-06-03T00:08:12.840Z","decision":"review_revise","investigation_id":"6a672e14-a70e-4dc9-aa88-79a170525ba6","new_score":39,"page_slug":"m2","prev_score":49,"reason":"The page's core factual record of the October 2024 hack is well-sourced and confirmed: amount, date, networks, response time, and customer reimbursement all hold up across multiple independent outlets (claim_findings[2] through claim_findings[6] all confirmed). However, claim_findings[0] is rated stale by a Tier 1 source — the ADGM public register shows M2's Financial Services Permission was formally withdrawn on August 26, 2025, yet the summary presents M2 as a currently licensed, operating exchange. This is the most material issue: a high-priority coverage gap that misrepresents the entity's current regulatory and operational status. Additionally, claim_findings[1] and claim_findings[7] are partially_supported — the page conflates the July 2023 original FSP grant with the November 2023 retail rollout announcement. The hack narrative itself requires no correction; what requires revision is the summary's active-present framing of M2's regulatory status and the addition of post-hack developments (license withdrawal August 2025, operational wind-down November 2025).","score_delta":-10,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 37239695-87ea-4502-8716-fd23abd9538c
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.