Skip to main content
Sign in
MoonHacker1 decision on this page

Audit log

Every state-changing event for MoonHacker: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 04:47:49Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,086,605
    sig
    2AM56yu3kkuA…tA3JRCS5explorer ↗
    hash
    B8VmanFxXULb…XMdaboPasha256 → base58
    verifying row…full verify ↗
    canonical bytes (4478 B) ▸
    {"actor":"system:backfill","investigation_id":"0b5775ae-4d7b-40c9-b388-53a4f8c826e1","kind":"publish","page_slug":"moonhacker","published_at":"2026-05-30T04:47:49.855Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"MoonHacker","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.solidityscan.com/moonhacker-vault-hack-analysis-ab122cb226f6","type":"other","url":""},{"credibility":3,"name":"https://blog.verichains.io/p/moonhacker-vault-hack-analysis","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.solidityscan.com/moonhacker-vault-hack-analysis-ab122cb226f6","type":"other","url":""},{"credibility":3,"name":"https://blog.verichains.io/p/moonhacker-vault-hack-analysis","type":"other","url":""},{"credibility":3,"name":"https://x.com/dedaub/status/1874838342485102852","type":"other","url":""},{"credibility":3,"name":"https://coinedition.com/moonwell-defi-hit-by-320k-flash-loan-exploit-security-risks-highlighted/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.verichains.io/p/moonhacker-vault-hack-analysis","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/moonhacker-vault-hack-analysis-ab122cb226f6","type":"other","url":""},{"credibility":3,"name":"https://www.chaincatcher.com/en/article/2158930","type":"other","url":""},{"credibility":3,"name":"https://bitcoinethereumnews.com/tech/moonwell-defi-exploited-in-320k-flash-loan-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/dedaub/status/1874838342485102852","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/moonhacker-vault-hack-analysis-ab122cb226f6","type":"other","url":""},{"credibility":3,"name":"https://blog.verichains.io/p/moonhacker-vault-hack-analysis","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.solidityscan.com/moonhacker-vault-hack-analysis-ab122cb226f6","type":"other","url":""},{"credibility":3,"name":"https://coinedition.com/moonwell-defi-hit-by-320k-flash-loan-exploit-security-risks-highlighted/","type":"other","url":""},{"credibility":3,"name":"https://bitcoinethereumnews.com/tech/moonwell-defi-exploited-in-320k-flash-loan-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://newsletter.blockthreat.io/p/blockthreat-week-52-2024","type":"other","url":""},{"credibility":3,"name":"https://www.chaincatcher.com/en/article/2158930","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/moonhacker-vault-hack-analysis-ab122cb226f6","type":"other","url":""}]}],"sources_used":[],"summary":"MoonHacker is an independently deployed DeFi vault protocol built on Optimism that was designed to interact with the Moonwell lending protocol. On December 23, 2024, MoonHacker vault contracts suffered a flash loan exploit due to improper input validation and absent access controls in the executeOperation function, resulting in the loss of approximately $320,000 USDC. The Moonwell team confirmed no affiliation with MoonHacker, the vault deployers remain anonymous, and stolen funds were converted to DAI and routed through Tornado Cash, complicating recovery efforts.","timeline":[{"date":"2024-12-23","event":"MoonHacker vault contracts exploited on Optimism via flash loan and unchecked executeOperation callback; approximately $320,000 USDC drained.","source":""},{"date":"2024-12-23","event":"Cyvers Alerts issues real-time alert identifying the attack on Moonwell's USDC lending contract on Optimism involving MoonHacker vault contracts.","source":""},{"date":"2024-12-23","event":"Stolen USDC swapped to DAI and retained in attacker wallet; attacker wallet had been pre-funded via Tornado Cash on Ethereum.","source":""},{"date":"2024-12-24","event":"Moonwell DeFi publicly disavows any affiliation with MoonHacker, confirming core Moonwell lending pools are unaffected.","source":""},{"date":"2025-01-02","event":"Dedaub discloses on X that its monitoring tools had flagged the unchecked flashloan callback and unrestricted approve proxy vulnerabilities in MoonHacker with high confidence prior to the exploit.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 3397555a-db16-4640-8b87-756e5fe6e09a
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.