← SurgeBNB1 decision on this page

Audit log

Every state-changing event for SurgeBNB: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-28 17:49:59Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,768,951
sig
372Dj4Q9kL6C…cVLZAyngexplorer ↗
hash
6EsabKDFPcnr…XrzX7zy7sha256 → base58
verifying row…full verify ↗
canonical bytes (5499 B) ▸
{"actor":"system:backfill","investigation_id":"c6a533a8-b2be-4f92-859b-476d5eb6edfd","kind":"publish","page_slug":"surgebnb","published_at":"2026-05-28T17:49:59.409Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"SurgeBNB","sections":[{"content":"","heading":"","severity":"critical","sources":[{"credibility":3,"name":"https://beosin.medium.com/a-sweet-blow-fb0a5e08657d","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@Knownsec_Blockchain_Lab/knowsec-blockchain-lab-xsurge-flash-loan-attack-analysis-b57b75ce6a30","type":"other","url":""},{"credibility":3,"name":"https://binancechain.news/xsurge-faces-5000000-exploit-despite-promises-of-security/2021/08/16/","type":"other","url":""}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":3,"name":"https://binancechain.news/xsurge-faces-5000000-exploit-despite-promises-of-security/2021/08/16/","type":"other","url":""},{"credibility":3,"name":"https://x.com/xsurgedefi/status/1427347715915190274","type":"other","url":""}]},{"content":"","heading":"","severity":"critical","sources":[{"credibility":3,"name":"https://beosin.medium.com/a-sweet-blow-fb0a5e08657d","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@Knownsec_Blockchain_Lab/knowsec-blockchain-lab-xsurge-flash-loan-attack-analysis-b57b75ce6a30","type":"other","url":""}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":3,"name":"https://rumble.com/v100a06-defimark-discord-ama-livestream-addressing-the-surgebnb-hack.html","type":"other","url":""},{"credibility":3,"name":"https://binancechain.news/xsurge-faces-5000000-exploit-despite-promises-of-security/2021/08/16/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://xsurge.net/surgefund","type":"other","url":""},{"credibility":3,"name":"https://desk.lsr.finance/asset/sfr-surgefund-repayment/","type":"other","url":""}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/zachxbt-rug-pull-unpaid-work","type":"other","url":""}]}],"sources_used":[{"credibility":2,"name":"BEOSIN: XSURGE Flash Loan Attack Full Analysis","type":"research","url":"https://beosin.medium.com/a-sweet-blow-fb0a5e08657d"},{"credibility":2,"name":"Knownsec Blockchain Lab: XSURGE Flash Loan Attack Analysis","type":"research","url":"https://medium.com/@Knownsec_Blockchain_Lab/knowsec-blockchain-lab-xsurge-flash-loan-attack-analysis-b57b75ce6a30"},{"credibility":2,"name":"Binance Chain News: XSurge Faces $5,000,000 Exploit Despite Promises of Security","type":"news_article","url":"https://binancechain.news/xsurge-faces-5000000-exploit-despite-promises-of-security/2021/08/16/"},{"credibility":3,"name":"XSURGE Official Twitter — Hack Announcement","type":"social_media","url":"https://x.com/xsurgedefi/status/1427347715915190274"},{"credibility":3,"name":"XSURGE Trendsmap — Hack Address Tweet","type":"social_media","url":"https://www.trendsmap.com/twitter/tweet/1427359459102404609"},{"credibility":2,"name":"XSurge SurgeFund Official Page","type":"official","url":"https://xsurge.net/surgefund"},{"credibility":3,"name":"DefiMark Discord AMA Livestream — Addressing the SurgeBNB Hack","type":"other","url":"https://rumble.com/v100a06-defimark-discord-ama-livestream-addressing-the-surgebnb-hack.html"},{"credibility":2,"name":"SurgeFund Repayment (SFR) Token Info — lsr.finance","type":"on_chain","url":"https://desk.lsr.finance/asset/sfr-surgefund-repayment/"},{"credibility":3,"name":"YouTube: SurgeBnb Has Been Hacked — Over $4 Million Dollars Worth of BNB Stolen","type":"other","url":"https://www.youtube.com/watch?v=UGmbjjGoh8M"}],"summary":"SurgeBNB was a BEP-20 yield token on Binance Smart Chain operated by the XSurge DeFi project. On August 16–17, 2021, an attacker exploited a reentrancy vulnerability in the contract's sell() function via a flash loan, draining approximately 13,111 BNB (~$5 million USD) from the protocol. The project had publicly claimed to be 'rug-proof' prior to the exploit; post-hack, the team launched a 'SurgeFund' compensation scheme, though the extent and completion of repayment to victims remains unclear.","timeline":[{"date":"2021-07-30","event":"Developer 'SafemoonMark' (DefiMark) publicly touts SurgeBNB as safe from rug pulls via Twitter.","source":""},{"date":"2021-08-16","event":"XSurge team publicly warns community of an unpatched vulnerability in the SurgeBNB contract and urges users to migrate funds immediately.","source":""},{"date":"2021-08-16","event":"SurgeBNB contract is exploited via a flash loan reentrancy attack; over 13,111 BNB (~$5 million USD) drained from the protocol.","source":""},{"date":"2021-08-17","event":"Official XSurge Twitter account (@XSURGEDEFI) confirms the hack and posts attacker wallet details.","source":""},{"date":"2021-08-17","event":"BEOSIN publishes full technical post-mortem identifying the reentrancy vulnerability in the sell() function.","source":""},{"date":"2021-08-17","event":"Knownsec Blockchain Lab publishes independent flash loan attack analysis corroborating BEOSIN findings.","source":""},{"date":"2021-08-17","event":"DefiMark hosts Discord AMA livestream to address community concerns about the SurgeBNB hack.","source":""},{"date":"2021-09-01","event":"XSurge launches SurgeFund compensation mechanism; SurgeFund Repayment (SFR) token issued to track victim claims.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 269e3420-aeaa-4153-9742-84a500d8d82a

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.