Skip to main content
Sign in
Paraluni Masterchef1 decision on this page

Audit log

Every state-changing event for Paraluni Masterchef: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 15:51:51Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,751,069
    sig
    4nrNnTspnNf1…vsXreFLrexplorer ↗
    hash
    DBnnCHsB6LAX…AVjqWw9ysha256 → base58
    verifying row…full verify ↗
    canonical bytes (7655 B) ▸
    {"actor":"system:backfill","investigation_id":"e8582ce5-3559-4b14-a2e5-ff98dd7f8e65","kind":"publish","page_slug":"paraluni-masterchef","published_at":"2026-05-28T15:51:51.621Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Paraluni Masterchef","sections":[{"content":"","heading":"","severity":"low","sources":[{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"}]},{"content":"","heading":"","severity":"critical","sources":[{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Hackers exploited reentrancy vulnerability to attack Paraluni — Lunaray / Coinmonks / Medium","type":"research","url":"https://medium.com/coinmonks/hackers-exploited-reentrancy-vulnerability-to-attack-paraluni-and-made-more-than-1-7-b748843c6487"},{"credibility":1,"name":"Attack transaction — BscScan","type":"on_chain","url":"https://bscscan.com/tx/0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54"},{"credibility":1,"name":"Attacker address — BscScan","type":"on_chain","url":"https://bscscan.com/address/0x94bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f"}]},{"content":"","heading":"","severity":"critical","sources":[{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"PeckShield alert tweet — March 13, 2022","type":"social_media","url":"https://twitter.com/peckshield/status/1502817503877074947"}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Metaverse Project Paraluni Hacked: Reportedly $1.7M Lost — CoinCodeCap","type":"news_article","url":"https://coincodecap.com/paraluni-hacked-reportedly-1-7m-lost"}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"crypto-rekts PARALUNI entry — GitHub","type":"community_report","url":"https://github.com/liqtags/crypto-rekts/blob/main/rekts/PARALUNI.md"},{"credibility":2,"name":"List of Crypto Hacks in the Month of March — ImmuneBytes","type":"research","url":"https://immunebytes.com/blog/list-of-crypto-hacks-in-the-month-of-march/"}]}],"sources_used":[{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Hackers exploited reentrancy vulnerability to attack Paraluni — Lunaray / Coinmonks / Medium","type":"research","url":"https://medium.com/coinmonks/hackers-exploited-reentrancy-vulnerability-to-attack-paraluni-and-made-more-than-1-7-b748843c6487"},{"credibility":2,"name":"Metaverse Project Paraluni Hacked: Reportedly $1.7M Lost — CoinCodeCap","type":"news_article","url":"https://coincodecap.com/paraluni-hacked-reportedly-1-7m-lost"},{"credibility":2,"name":"Metaverse Project Paraluni Was Hacked and Lost about $1.7M — Footprint Network","type":"news_article","url":"https://www.footprint.network/daily-news/Metaverse-Project-Paraluni-Was-Hacked-and-Lost-about-$1.7M,-According-to-PeckShield-fp-622d56b4-ee0a1400-17913de9"},{"credibility":1,"name":"Attack transaction — BscScan","type":"on_chain","url":"https://bscscan.com/tx/0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54"},{"credibility":1,"name":"Attacker address — BscScan","type":"on_chain","url":"https://bscscan.com/address/0x94bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f"},{"credibility":2,"name":"PeckShield alert tweet — March 13, 2022","type":"social_media","url":"https://twitter.com/peckshield/status/1502817503877074947"},{"credibility":2,"name":"List of Crypto Hacks in the Month of March — ImmuneBytes","type":"research","url":"https://immunebytes.com/blog/list-of-crypto-hacks-in-the-month-of-march/"},{"credibility":3,"name":"crypto-rekts PARALUNI entry — GitHub","type":"community_report","url":"https://github.com/liqtags/crypto-rekts/blob/main/rekts/PARALUNI.md"}],"summary":"Paraluni is a metaverse DeFi yield-farming protocol deployed on Binance Smart Chain (BSC). On March 13, 2022, its MasterChef smart contract was exploited via a reentrancy vulnerability in the depositByAddLiquidity function, resulting in approximately $1.7 million in losses. The attacker laundered the proceeds through Tornado Cash and never returned funds despite a public appeal from the Paraluni team.","timeline":[{"date":"2022-03-13","event":"Paraluni MasterChef contract exploited via reentrancy attack. Approximately $1.7 million stolen using PancakeSwap flash loans and malicious ERC-20 tokens (UBT/UGT). Attack transaction: 0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54.","source":"CertiK, SlowMist, Halborn","source_url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"date":"2022-03-13","event":"PeckShield publicly identifies the exploit and attacker address (0x94bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f) via Twitter alert.","source":"PeckShield Twitter","source_url":"https://twitter.com/peckshield/status/1502817503877074947"},{"date":"2022-03-13","event":"Attacker converts stolen USDT/BUSD to BNB, cross-chains approximately 235 ETH to Ethereum via cBridge, then deposits 660 ETH into Tornado Cash across 12 transactions.","source":"SlowMist Incident Analysis","source_url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"date":"2022-03-14","event":"Paraluni team publicly offers to treat the exploit as a white-hat disclosure and proposes a reward in exchange for return of funds. Attacker does not respond.","source":"Halborn / CoinCodeCap","source_url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 3fcd1fbd-e26d-4780-8e94-8aaa1b752c50
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.