Skip to main content
Sign in
Solareum1 decision on this page

Audit log

Every state-changing event for Solareum: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-27 17:32:26Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,548,193
    sig
    2BiwwAHWxByq…X784QCycexplorer ↗
    hash
    2sniDep4rngr…1nQXoRuNsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6143 B) ▸
    {"actor":"system:backfill","investigation_id":"171a9442-503b-453f-9130-1e075fc267dc","kind":"publish","page_slug":"solareum","published_at":"2026-05-27T17:32:25.914Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Solareum","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/224371/solana-telegram-trading-bot-shut-down-users-drained-523k","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/telegram-trading-bot-solareum-shutters-after-520k-exploit","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/academy/article/solareum-telegram-trading-app-shuts-down-following-dollar523k-exploit-bonkbot-users-affected","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/224371/solana-telegram-trading-bot-shut-down-users-drained-523k","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/academy/article/solareum-telegram-trading-app-shuts-down-following-dollar523k-exploit-bonkbot-users-affected","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/regulation/how-a-dprk-developer-tricked-solareum-and-stole-14m/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=solana-drain-attacks","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.dlnews.com/articles/regulation/how-a-dprk-developer-tricked-solareum-and-stole-14m/","type":"other","url":""},{"credibility":3,"name":"https://www.justice.gov/usao-ndga/pr/four-north-koreans-charged-nearly-1-million-cryptocurrency-theft-scheme","type":"other","url":""},{"credibility":3,"name":"https://cyberscoop.com/doj-north-korea-it-worker-scheme-cases-crypto-seized/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/224371/solana-telegram-trading-bot-shut-down-users-drained-523k","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2024/04/02/solareum-shuts-down-following-520000-exploit-on-telegram/","type":"other","url":""},{"credibility":3,"name":"https://amlcrypto.io/blog/telegram_trading_bot_on_solana_network_stopped_working","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/regulation/how-a-dprk-developer-tricked-solareum-and-stole-14m/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=solana-drain-attacks","type":"other","url":""},{"credibility":3,"name":"https://amlcrypto.io/blog/telegram_trading_bot_on_solana_network_stopped_working","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/regulation/how-a-dprk-developer-tricked-solareum-and-stole-14m/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.justice.gov/usao-ndga/pr/four-north-koreans-charged-nearly-1-million-cryptocurrency-theft-scheme","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/regulation/how-a-dprk-developer-tricked-solareum-and-stole-14m/","type":"other","url":""},{"credibility":3,"name":"https://cyberscoop.com/doj-north-korea-it-worker-scheme-cases-crypto-seized/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.fbi.gov/wanted/cyber/dprk-it-workers","type":"other","url":""},{"credibility":3,"name":"https://www.banklesstimes.com/articles/2026/04/07/zachxbt-solana-defi-app-elementaldefi-hired-dprk-it-worker-for-years/","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/regulation/how-a-dprk-developer-tricked-solareum-and-stole-14m/","type":"other","url":""}]}],"sources_used":[],"summary":"Solareum was a Solana-based Telegram trading bot that shut down on March 30, 2024 following a security exploit that drained approximately $523,000 (2,800+ SOL) from over 300 user wallets. Prosecutors later revealed in a January 2025 court filing that the Solareum team had unknowingly hired a North Korean (DPRK) developer in December 2023, who subsequently facilitated the theft of 6,045 SOL worth roughly $1.4 million; the FBI seized approximately $950,000 in USDT two months after the hack. The project offered no compensation to victims, deleted its website and community channels, and is no longer operational.","timeline":[{"date":"2023-12","event":"Solareum team publicly announces in its Telegram support channel that it is 'onboarding a new dev' — later identified by prosecutors as a North Korean (DPRK) national operating under a false identity.","source":""},{"date":"2024-03-29","event":"Exploit begins: over 300 Solana users report their wallets have been drained. Approximately 2,800 SOL (~$523,000) is stolen. Solareum acknowledges a possible security breach. BONKbot analysis identifies private key importation into Solareum as the common factor among victims.","source":""},{"date":"2024-03-30","event":"Security researcher Taylor Monahan is brought in to investigate; identifies DPRK IT worker fingerprints in the onchain activity. Tether freezes stolen funds after researchers provide evidence. Solareum announces project shutdown via Telegram, citing 'insufficient funds, evolving market trends, and a recent security breach.' Website is deleted and community channels are closed. No compensation plan is announced for affected users.","source":""},{"date":"2024-05","event":"Approximately two months after the March hack, the FBI seizes approximately $950,000 in USDT connected to the laundered Solareum exploit proceeds.","source":""},{"date":"2025-01-21","event":"Prosecutors file a court filing in the Northern District of Georgia detailing how a DPRK developer infiltrated Solareum and stole 6,045 SOL (~$1.4 million) as part of a broader action charging four North Koreans with cryptocurrency theft schemes.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 36d1dd54-1205-43f4-8a0c-00bd21c68ef7
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.