← Maestro3 decisions on this page

Audit log

Every state-changing event for Maestro: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-30 05:05:33Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 423,089,287
sig
3MNBk1W3XLaF…4N6qMFPSexplorer ↗
hash
7ah6mZtPcmNP…h5crRXbNsha256 → base58
verifying row…full verify ↗
canonical bytes (6228 B) ▸
{"actor":"system:backfill","investigation_id":"ff789ca3-84dc-4005-a82d-1ceedff98435","kind":"publish","page_slug":"maestro","published_at":"2026-05-30T05:05:33.354Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Maestro","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.maestrobots.com/","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/learn/what-is-maestro-bots-and-how-to-use-it","type":"other","url":""},{"credibility":3,"name":"https://www.gearlay.com/about","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/fees/maestro","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/259338/maestro-telegram-bot-suffers-a-contract-exploit-500000-of-eth-stolen","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/204444/maestro-trading-bot-refunds-610-eth-to-users-following-router-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/1Zh5XbaDstXKteFcRSmOcp-maestro-and-unibot","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/maestro","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/maestro-telegram-bot-hit-by-critical-security-breach/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/maestro-refunds-after-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/204444/maestro-trading-bot-refunds-610-eth-to-users-following-router-exploit","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/telegram-maestro-bot-610-ether-refund","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/maestro-refunds-after-attack/","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/maestro","type":"other","url":""},{"credibility":3,"name":"https://zycrypto.com/maestrobots-refunds-610-eth-to-affected-users-following-attack-on-its-smart-contract/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.maestrobots.com/faq/security","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/1Zh5XbaDstXKteFcRSmOcp-maestro-and-unibot","type":"other","url":""},{"credibility":3,"name":"https://www.maestrobots.com/terms","type":"other","url":""},{"credibility":3,"name":"https://tenarmor.com/blogs/en/published/Sacrificing-Private-Keys-or-Pursuing-Security/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/fees/maestro","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/memecoin-trading-bot-maestro-is-raking-in-millions","type":"other","url":""},{"credibility":3,"name":"https://www.gearlay.com/about","type":"other","url":""},{"credibility":3,"name":"https://wearebctech.com/member-directory-test/name/gearlay-technologies-inc/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.maestrobots.com/terms","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/telegram-maestro-bot-610-ether-refund","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/maestro-refunds-after-attack/","type":"other","url":""},{"credibility":3,"name":"https://bullrank.io/en/telegram-trading-bots/maestro","type":"other","url":""},{"credibility":3,"name":"https://www.gearlay.com/about","type":"other","url":""}]}],"sources_used":[],"summary":"Maestro is a Telegram-based crypto trading bot developed by Gearlay Technologies Inc. (Canada) that enables sniping, copy-trading, and wallet management across 14 blockchains. On October 24, 2023, a critical access-control vulnerability in its MaestroRouter2 smart contract was exploited, draining approximately 280 ETH (~$500,000) from 106 user accounts; the team subsequently refunded all affected users with 610 ETH (~$1.1 million) sourced from its own revenue. The platform operates a partial-custody model in which user private keys are encrypted and stored on Maestro servers, representing a persistent systemic risk.","timeline":[{"date":"2021-01-01","event":"Gearlay Technologies Inc. founded in Canada by Abbas Abou Daya.","source":""},{"date":"2022-07-27","event":"Maestro bot launches as a Telegram-based DeFi trading tool.","source":""},{"date":"2023-05-01","event":"Maestro revenue peaks at approximately $4.8 million in a single month, according to DefiLlama data.","source":""},{"date":"2023-10-13","event":"Maestro deploys updated MaestroRouter2 smart contract containing an unverified access-control vulnerability.","source":""},{"date":"2023-10-24","event":"Attacker exploits the MaestroRouter2 transferFrom() vulnerability, draining approximately 280 ETH (~$500,000) from 106 user accounts across 11 token types.","source":""},{"date":"2023-10-24","event":"Maestro detects the exploit and upgrades the router contract to a benign counter contract within 30 minutes, halting further theft. Trading restored within 2 hours.","source":""},{"date":"2023-10-24","event":"PeckShield identifies stolen funds routed to Railgun cross-chain privacy protocol for obfuscation.","source":""},{"date":"2023-10-25","event":"MaestroBots announces full refund commitment for all 106 affected users.","source":""},{"date":"2023-11-06","event":"Maestro completes refund campaign within 10 hours of announcement, disbursing 610 ETH (~$1.1 million) from its own revenue — 120% of losses for two token types.","source":""},{"date":"2023-11-01","event":"CertiK confirms integrity of patched MaestroRouter2 following exploit resolution.","source":""},{"date":"2025-01-01","event":"Gearlay Technologies about page updated to describe Maestro as a platform the company 'previously built and sold,' suggesting a completed divestiture; no acquisition announcement identified in major media.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision ab84ceb0-8e72-4f3e-b57d-8a4fa348781a
#2reviewby reviewerreviewer
2026-06-09 23:23:03Z
Score: 52 → 52 (no score change)
The investigation page's core factual claims about the October 2023 exploit, refund, company identity, and custody model are well-supported by credible sources. The main weaknesses are: the '14 blockchains' figure contradicts the current official website (10 chains); the November 6 refund completion date conflates the press release date with the actual refund completion; the docs.maestrobots.com/faq/security URL cited for the custody model has link rot (404); and several timeline dates use January 1 or November 1 placeholders that are not supported by any source. No claims are outright disputed by more credible evidence.
anchoranchored
chain
●mainnet-betaslot 425,426,671
sig
2S7sRPdimwVG…8e7AyQqYexplorer ↗
hash
65F4tog7WeP8…JG7thZsrsha256 → base58
verifying row…full verify ↗
canonical bytes (971 B) ▸
{"actor":"reviewer","decided_at":"2026-06-09T23:23:03.286Z","decision":"review","investigation_id":"ff789ca3-84dc-4005-a82d-1ceedff98435","new_score":52,"page_slug":"maestro","prev_score":52,"reason":"The investigation page's core factual claims about the October 2023 exploit, refund, company identity, and custody model are well-supported by credible sources. The main weaknesses are: the '14 blockchains' figure contradicts the current official website (10 chains); the November 6 refund completion date conflates the press release date with the actual refund completion; the docs.maestrobots.com/faq/security URL cited for the custody model has link rot (404); and several timeline dates use January 1 or November 1 placeholders that are not supported by any source. No claims are outright disputed by more credible evidence.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 46cecc41-98e5-46c4-b743-28ad09f9effd
#3review approveby judgejudge
2026-06-09 23:23:03Z
Score: 52 → 47 (-5)
The review found 0 disputed claims out of 16 (disputed_pct 6.25%), placing this page in the approve band. Nine claims are fully confirmed by Tier 1 and Tier 2 sources, including all core exploit facts (claim_findings[2], [3], [4], [10], [11], [12], [13]). Six claims are partially supported but not contradicted: notably, the '14 blockchains' figure in claim_findings[1] is contradicted by the official Maestro website (10 chains), and the refund timeline in claim_findings[14] conflates the November 6 press release date with the actual completion window. One citation has link rot (docs.maestrobots.com/faq/security, claim_findings[5]). A modest score adjustment of -5 reflects these inaccuracies. Two high-priority coverage gaps (on-chain transaction verification, acquisition details) suggest the page warrants expansion but do not justify denial.
anchoranchored
chain
●mainnet-betaslot 425,426,675
sig
fHj9RRSamzeK…Q9QATMk2explorer ↗
hash
7dCpAJzN9pCf…dXkk94yLsha256 → base58
verifying row…full verify ↗
canonical bytes (1200 B) ▸
{"actor":"judge","decided_at":"2026-06-09T23:23:03.286Z","decision":"review_approve","investigation_id":"ff789ca3-84dc-4005-a82d-1ceedff98435","new_score":47,"page_slug":"maestro","prev_score":52,"reason":"The review found 0 disputed claims out of 16 (disputed_pct 6.25%), placing this page in the approve band. Nine claims are fully confirmed by Tier 1 and Tier 2 sources, including all core exploit facts (claim_findings[2], [3], [4], [10], [11], [12], [13]). Six claims are partially supported but not contradicted: notably, the '14 blockchains' figure in claim_findings[1] is contradicted by the official Maestro website (10 chains), and the refund timeline in claim_findings[14] conflates the November 6 press release date with the actual completion window. One citation has link rot (docs.maestrobots.com/faq/security, claim_findings[5]). A modest score adjustment of -5 reflects these inaccuracies. Two high-priority coverage gaps (on-chain transaction verification, acquisition details) suggest the page warrants expansion but do not justify denial.","score_delta":-5,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision de0ae225-62d9-4170-a20c-fed88a11b9d5

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.