Skip to main content
Sign in
Thorchain DEX5 decisions on this page

Audit log

Every state-changing event for Thorchain DEX: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 17:55:14Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,769,737
    sig
    3FYpHrpwDZp8…KJ5QWeU4explorer ↗
    hash
    HCvxaUSrbkCD…7eDPYdA9sha256 → base58
    verifying row…full verify ↗
    canonical bytes (14696 B) ▸
    {"actor":"system:backfill","investigation_id":"05cd7768-ea55-47f0-a1ae-da562e54f3a7","kind":"publish","page_slug":"thorchain-dex","published_at":"2026-05-28T17:55:14.895Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Thorchain DEX","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/magazine/thorchain-founder-jp-thor-vampire-attack-defi/","type":"other","url":""},{"credibility":3,"name":"https://www.technologyreview.com/2026/02/18/1132587/jean-paul-thorbjornsen-dark-side-crypto-permissionless-dream/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/markets/2021/07/23/blockchain-protocol-thorchain-suffers-8m-hack","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/111660/thorchain-suffers-5-million-exploit-developers-have-put-out-a-fix","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/112308/thorchain-suffers-8-million-loss-by-hacker-wanting-to-teach-lesson","type":"other","url":""},{"credibility":3,"name":"https://medium.com/thorchain/post-mortem-eth-router-exploits-1-2-and-premature-return-to-trading-incident-2908928c5fb","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-thorchain-hack-july-2021","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/slowmist-analysis-of-three-consecutive-attacks-on-thorchain-6223f1c691be","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/302688/defi-network-thorchain-200-million-debt-whats-going-on","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/thorchain-in-massive-200m-debt-pauses-network-for-restructuring-votes/","type":"other","url":""},{"credibility":3,"name":"https://www.ccn.com/news/crypto/thorchain-bitcoin-ether-insolvency/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://chainwire.org/2025/05/19/thorchain-faces-legal-action-over-200m-collapse-amid-alleged-mismanagement-and-insolvency/","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/press-releases/thorchain-faces-legal-action-over-200m-collapse-amid-alleged-mismanagement-and-insolvency/","type":"other","url":""},{"credibility":3,"name":"https://www.thorchainlawsuit.com/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2025/04/07/the-blockchain-fueling-north-korea-s-massive-crypto-laundering-operation","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/defi/thorchain-role-in-lazarus-laundering-is-big-defi-problem/","type":"other","url":""},{"credibility":3,"name":"https://www.dlnews.com/articles/defi/lazarus-laundering-spree-threatens-chainflip-and-thorchain/","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/lazarus-group-exploits-thorchain-for-292m-rseth-laundering-operation/","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/bybit-hacker-launders-270k-eth-via-thorchain-still-holds-514m/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.trmlabs.com/resources/blog/thorchain-exploit-drains-usd-11m-across-at-least-nine-chains-what-trm-knows-now","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/05/17/10-8-million-drained-inside-the-thorchain-exploit-that-froze-cross-chain-defi-for-13-hours/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/05/21/thorchain-shares-exploit-report-revealing-10-7m-vault-breach-by-new-node/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/thorchain-halts-trading-zachxbt-flags-10m-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2026/05/15/thorchain-halts-trading-after-usd10-million-cross-chain-exploit-rune-token-drops-12","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/thorchain-offers-hacker-bounty-as-restart-vote-opens/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.com/news/thorchain-co-founders-wallet-drained-1-35m-in-dprk-telegram-scam/","type":"other","url":""},{"credibility":3,"name":"https://coinnews.com/news/north-korean-hackers-stole-1-3m-from-thorchain-co-founders-wallet-zachxbt-says-its-poetic/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/north-korea-hack-thorchain-founder-1-3-million/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.thecryptoupdates.com/thorchain-faces-insolvency-claims-amid-26-price-drop-a-lesson/","type":"other","url":""},{"credibility":3,"name":"https://www.tronweekly.com/thorchain-hack-drains-10m-as-rune-drops-10/","type":"other","url":""}]}],"sources_used":[{"credibility":1,"name":"CoinDesk: Blockchain Protocol Thorchain Suffers $8M Hack","type":"news_article","url":"https://www.coindesk.com/markets/2021/07/23/blockchain-protocol-thorchain-suffers-8m-hack"},{"credibility":1,"name":"The Block: Thorchain suffers $5 million exploit","type":"news_article","url":"https://www.theblock.co/post/111660/thorchain-suffers-5-million-exploit-developers-have-put-out-a-fix"},{"credibility":1,"name":"The Block: Thorchain suffers another $8 million loss","type":"news_article","url":"https://www.theblock.co/post/112308/thorchain-suffers-8-million-loss-by-hacker-wanting-to-teach-lesson"},{"credibility":2,"name":"THORChain Medium: Post-mortem ETH Router Exploits 1 & 2","type":"official","url":"https://medium.com/thorchain/post-mortem-eth-router-exploits-1-2-and-premature-return-to-trading-incident-2908928c5fb"},{"credibility":2,"name":"Halborn: Explained: The THORChain Hack (July 2021)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-thorchain-hack-july-2021"},{"credibility":2,"name":"SlowMist: Analysis of Three Consecutive Attacks on THORChain","type":"research","url":"https://slowmist.medium.com/slowmist-analysis-of-three-consecutive-attacks-on-thorchain-6223f1c691be"},{"credibility":2,"name":"Decrypt: DeFi Network Thorchain Faces $200 Million in Toxic Debt","type":"news_article","url":"https://decrypt.co/302688/defi-network-thorchain-200-million-debt-whats-going-on"},{"credibility":1,"name":"Blockworks: THORChain halts withdrawals amid $200M insolvency","type":"news_article","url":"https://blockworks.co/news/thorchain-halts-withdrawals-insolvency"},{"credibility":1,"name":"CoinDesk: Inside North Korea's Favorite Crypto Laundering Tool: THORChain","type":"news_article","url":"https://www.coindesk.com/tech/2025/04/07/the-blockchain-fueling-north-korea-s-massive-crypto-laundering-operation"},{"credibility":2,"name":"DL News: Thorchain watched Lazarus launder $900m in stolen crypto","type":"news_article","url":"https://www.dlnews.com/articles/defi/thorchain-role-in-lazarus-laundering-is-big-defi-problem/"},{"credibility":2,"name":"CryptoSlate: THORChain Faces Legal Action Over $200M Collapse","type":"news_article","url":"https://cryptoslate.com/press-releases/thorchain-faces-legal-action-over-200m-collapse-amid-alleged-mismanagement-and-insolvency/"},{"credibility":2,"name":"Chainwire: THORChain Faces Legal Action Over $200M Collapse","type":"news_article","url":"https://chainwire.org/2025/05/19/thorchain-faces-legal-action-over-200m-collapse-amid-alleged-mismanagement-and-insolvency/"},{"credibility":1,"name":"TRM Labs: THORChain Exploit Drains USD 11M+ Across at Least Nine Chains","type":"research","url":"https://www.trmlabs.com/resources/blog/thorchain-exploit-drains-usd-11m-across-at-least-nine-chains-what-trm-knows-now"},{"credibility":1,"name":"CoinDesk: Thorchain halts trading after $10 million cross-chain exploit","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/15/thorchain-halts-trading-after-usd10-million-cross-chain-exploit-rune-token-drops-12"},{"credibility":1,"name":"CoinTelegraph: THORChain Halts Trading After ZachXBT Flags $10M Exploit","type":"news_article","url":"https://cointelegraph.com/news/thorchain-halts-trading-zachxbt-flags-10m-exploit"},{"credibility":2,"name":"CryptoTimes: $10.8 Million Drained: Inside the THORChain Exploit","type":"news_article","url":"https://www.cryptotimes.io/2026/05/17/10-8-million-drained-inside-the-thorchain-exploit-that-froze-cross-chain-defi-for-13-hours/"},{"credibility":2,"name":"CryptoTimes: THORChain Shares Exploit Report Revealing $10.7M Vault Breach","type":"news_article","url":"https://www.cryptotimes.io/2026/05/21/thorchain-shares-exploit-report-revealing-10-7m-vault-breach-by-new-node/"},{"credibility":2,"name":"CryptoNews: THORChain Co-Founder's Wallet Drained $1.35M in DPRK Telegram Scam","type":"news_article","url":"https://cryptonews.com/news/thorchain-co-founders-wallet-drained-1-35m-in-dprk-telegram-scam/"},{"credibility":1,"name":"CoinTelegraph Magazine: THORChain founder JP Thor vampire attack DeFi","type":"news_article","url":"https://cointelegraph.com/magazine/thorchain-founder-jp-thor-vampire-attack-defi/"},{"credibility":1,"name":"MIT Technology Review: Welcome to the dark side of crypto's permissionless dream","type":"news_article","url":"https://www.technologyreview.com/2026/02/18/1132587/jean-paul-thorbjornsen-dark-side-crypto-permissionless-dream/"},{"credibility":2,"name":"CryptoBriefing: Lazarus Group exploits ThorChain for $292M rsETH laundering","type":"news_article","url":"https://cryptobriefing.com/lazarus-group-exploits-thorchain-for-292m-rseth-laundering-operation/"},{"credibility":3,"name":"THORChain Lawsuit (creditor recovery site)","type":"other","url":"https://www.thorchainlawsuit.com/"}],"summary":"THORChain is a decentralized cross-chain liquidity protocol that enables native asset swaps across blockchains without wrapped tokens, using its RUNE token as settlement collateral. Since its mainnet launch, the protocol has suffered three significant exploit events totaling over $25 million in losses, became the primary laundering conduit for North Korea's Lazarus Group following the 2025 Bybit hack ($1.2 billion routed through the network), and its THORFi lending product collapsed in January 2025 with approximately $200 million in user funds frozen. The protocol faces ongoing legal action from creditors, has lost key developers over ethical disputes about blocking illicit transactions, and experienced a further $10.8 million vault breach in May 2026.","timeline":[{"date":"2018-01-01","event":"THORChain founded by John-Paul Thorbjornsen (JP Thor) and a team of five engineers; founder operates pseudonymously.","source":""},{"date":"2021-07-16","event":"First ETH Router exploit: approximately $5 million drained via Bifrost msg.value manipulation. THORChain treasury commits to compensate LPs.","source":"","source_url":"https://www.theblock.co/post/111660/thorchain-suffers-5-million-exploit-developers-have-put-out-a-fix"},{"date":"2021-07-23","event":"Second ETH Router exploit: approximately $8 million in ERC-20 tokens (ALCX, ETH, SUSHI, XRUNE, USDC, USDT, YFI) drained via the same Bifrost vulnerability class.","source":"","source_url":"https://www.coindesk.com/markets/2021/07/23/blockchain-protocol-thorchain-suffers-8m-hack"},{"date":"2022-06-01","event":"THORChain mainnet goes live after approximately four years of development.","source":"","source_url":"https://thorchain.org/"},{"date":"2024-01-01","event":"Founder John-Paul Thorbjornsen publicly reveals his identity after operating under a pseudonymous female persona ('Leena') since the project's inception.","source":"","source_url":"https://cointelegraph.com/magazine/thorchain-founder-jp-thor-vampire-attack-defi/"},{"date":"2025-01-23","event":"THORChain halts all THORFi savers and lending withdrawals, freezing approximately $209 million. Core contributor TCB publicly states the protocol is insolvent. RUNE falls 29%.","source":"","source_url":"https://decrypt.co/302688/defi-network-thorchain-200-million-debt-whats-going-on"},{"date":"2025-02-21","event":"Lazarus Group (DPRK) steals $1.4 billion from Bybit exchange and begins routing funds through THORChain. Approximately $1.2 billion (85% of stolen funds) ultimately transits the protocol.","source":"","source_url":"https://www.coindesk.com/tech/2025/04/07/the-blockchain-fueling-north-korea-s-massive-crypto-laundering-operation"},{"date":"2025-02-01","event":"Lead developer 'Pluto' resigns from THORChain after a community vote reverses a brief pause on ETH swaps linked to Lazarus Group transactions.","source":"","source_url":"https://www.ainvest.com/news/thorchain-developer-quits-north-korea-crypto-laundering-row-2502/"},{"date":"2025-04-07","event":"CoinDesk publishes in-depth investigation: 'Inside North Korea's Favorite Crypto Laundering Tool: THORChain.' Node operators earned at least $12 million in fees from Lazarus-linked transactions.","source":"","source_url":"https://www.coindesk.com/tech/2025/04/07/the-blockchain-fueling-north-korea-s-massive-crypto-laundering-operation"},{"date":"2025-05-19","event":"THORFi Recovery Group, represented by McDermott Will & Emery, announces potential legal action against THORChain and its principals over the $200M collapse.","source":"","source_url":"https://chainwire.org/2025/05/19/thorchain-faces-legal-action-over-200m-collapse-amid-alleged-mismanagement-and-insolvency/"},{"date":"2025-12-01","event":"RUNE token reaches five-year low of approximately $0.574, having declined over 80% during 2025.","source":"","source_url":"https://www.thecryptoupdates.com/thorchain-faces-insolvency-claims-amid-26-price-drop-a-lesson/"},{"date":"2026-05-15","event":"Multi-chain vault exploit drains $10.8 million across nine blockchains via malicious validator node exploiting GG20 TSS key reconstruction. ZachXBT flags the exploit in real time. Network halted for 13 hours. RUNE drops 10-12%.","source":"","source_url":"https://www.trmlabs.com/resources/blog/thorchain-exploit-drains-usd-11m-across-at-least-nine-chains-what-trm-knows-now"},{"date":"2026-05-21","event":"THORChain publishes post-incident exploit report identifying the malicious validator node address and reconstruction attack method.","source":"","source_url":"https://www.cryptotimes.io/2026/05/21/thorchain-shares-exploit-report-revealing-10-7m-vault-breach-by-new-node/"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision d6625d7c-f3ca-4bf0-84f1-10933acd6f40
  2. #2reviewby reviewerreviewer
    2026-05-29 16:10:48Z
    Score: 2222 (no score change)
    The investigation page is substantially accurate on the most serious allegations — the Lazarus Group laundering operation ($1.2B, 85% of Bybit hack), the THORFi insolvency and halt ($209M frozen January 23, 2025), the May 2026 vault exploit ($10.7-11M via GG20 TSS), and the developer resignations over ethics. The primary inaccuracy is the claim that three exploit events totaled 'over $25 million': credible sources including THORChain's own post-mortem put the 2021 exploit total at approximately $16 million, not $25 million. Several timeline dates are also imprecise placeholders (June 1 for mainnet, February 1 for Pluto resignation, January 1 for identity reveal) rather than actual event dates. The sections structure is empty of content body, which limits section-level claim verification to sources only.
    anchoranchored
    chain
    mainnet-betaslot 422,972,029
    sig
    4vHo2y3hu8C6…kwba4Rykexplorer ↗
    hash
    39GPjHUDhGxz…jq8cEMnqsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1163 B) ▸
    {"actor":"reviewer","decided_at":"2026-05-29T16:10:48.165Z","decision":"review","investigation_id":"05cd7768-ea55-47f0-a1ae-da562e54f3a7","new_score":22,"page_slug":"thorchain-dex","prev_score":22,"reason":"The investigation page is substantially accurate on the most serious allegations — the Lazarus Group laundering operation ($1.2B, 85% of Bybit hack), the THORFi insolvency and halt ($209M frozen January 23, 2025), the May 2026 vault exploit ($10.7-11M via GG20 TSS), and the developer resignations over ethics. The primary inaccuracy is the claim that three exploit events totaled 'over $25 million': credible sources including THORChain's own post-mortem put the 2021 exploit total at approximately $16 million, not $25 million. Several timeline dates are also imprecise placeholders (June 1 for mainnet, February 1 for Pluto resignation, January 1 for identity reveal) rather than actual event dates. The sections structure is empty of content body, which limits section-level claim verification to sources only.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 6c07ba31-2620-4724-af36-31edd1d6dd18
  3. #3review reviseby judgejudge
    2026-05-29 16:10:48Z
    Score: 2214 (-8)
    The page is substantially accurate on its most serious allegations — the Lazarus Group laundering operation, the THORFi insolvency, and the May 2026 vault exploit are all confirmed by Tier 1 sources. However, claim_findings[1] identifies a meaningful overstatement: the summary claims three exploit events totaled 'over $25 million,' while THORChain's own post-mortem and SlowMist both place the 2021 exploit total at approximately $16 million. Additionally, claim_findings[9], [11], and [15] flag imprecise placeholder dates in the timeline (mainnet launch listed as June 1 rather than the confirmed June 22-24; identity reveal listed as January 2024 rather than March 2024; Pluto resignation listed as February 1 rather than February 27). These inaccuracies are factual errors requiring correction, though they do not undermine the core investigative findings. Two high-priority coverage gaps — OFAC/sanctions exposure and on-chain transaction evidence — should be addressed to strengthen the investigation's evidentiary weight.
    anchoranchored
    chain
    mainnet-betaslot 422,972,032
    sig
    29UY15UcgqFq…8WBHFvnmexplorer ↗
    hash
    HMFdy5tfsZuA…oGyuvkFSsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1384 B) ▸
    {"actor":"judge","decided_at":"2026-05-29T16:10:48.165Z","decision":"review_revise","investigation_id":"05cd7768-ea55-47f0-a1ae-da562e54f3a7","new_score":14,"page_slug":"thorchain-dex","prev_score":22,"reason":"The page is substantially accurate on its most serious allegations — the Lazarus Group laundering operation, the THORFi insolvency, and the May 2026 vault exploit are all confirmed by Tier 1 sources. However, claim_findings[1] identifies a meaningful overstatement: the summary claims three exploit events totaled 'over $25 million,' while THORChain's own post-mortem and SlowMist both place the 2021 exploit total at approximately $16 million. Additionally, claim_findings[9], [11], and [15] flag imprecise placeholder dates in the timeline (mainnet launch listed as June 1 rather than the confirmed June 22-24; identity reveal listed as January 2024 rather than March 2024; Pluto resignation listed as February 1 rather than February 27). These inaccuracies are factual errors requiring correction, though they do not undermine the core investigative findings. Two high-priority coverage gaps — OFAC/sanctions exposure and on-chain transaction evidence — should be addressed to strengthen the investigation's evidentiary weight.","score_delta":-8,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 97ba2c30-3afe-4055-97bc-3c2c717914e2
  4. #4reviewby reviewerreviewer
    2026-06-14 23:16:16Z
    Score: 1414 (no score change)
    Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. THORChain DEX is a legitimate, still-operating decentralized cross-chain liquidity protocol with real infrastructure, $68M+ TVL, and $118B in cumulative trading volume. A CRITICAL band score of 14 requires evidence of fraud, scam, or Ponzi mechanics under the platform's own band semantics; no such evidence exists in the page or in independent sources. The incidents driving the score are of three types: (a) external security exploits the protocol suffered (2021 hacks, May 2026 vault breach); (b) third-party abuse by Lazarus Group using the protocol as a laundering conduit — with a genuine negligence component in that governance voted against blocking the transactions and node operators profited; and (c) the THORFi lending collapse, which reflects serious design negligence and mismanagement but is characterized even by Dragonfly Capital as 'the first on-chain restructuring,' not an exit scam. The correct band is WARNING (20-49), reflecting elevated loss risk, unresolved legal action, and documented governance failures, while acknowledging the protocol continues to operate and is not itself a fraud. A score of 28 reflects serious but non-fraudulent risk: the THORFi insolvency is a material mismanagement event, the Lazarus facilitation creates genuine OFAC/legal exposure, and the recurring security exploits raise long-term viability questions — but none of these individually or collectively constitute the fraud/scam evidence required for CRITICAL.
    anchoranchored
    chain
    mainnet-betaslot 426,514,837
    sig
    2fYMWhirNzyU…bmydZ61Sexplorer ↗
    hash
    9fABs1sbsHRo…Qbiv2B8Xsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1958 B) ▸
    {"actor":"reviewer","decided_at":"2026-06-14T23:16:16.640Z","decision":"review","investigation_id":"05cd7768-ea55-47f0-a1ae-da562e54f3a7","new_score":14,"page_slug":"thorchain-dex","prev_score":14,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. THORChain DEX is a legitimate, still-operating decentralized cross-chain liquidity protocol with real infrastructure, $68M+ TVL, and $118B in cumulative trading volume. A CRITICAL band score of 14 requires evidence of fraud, scam, or Ponzi mechanics under the platform's own band semantics; no such evidence exists in the page or in independent sources. The incidents driving the score are of three types: (a) external security exploits the protocol suffered (2021 hacks, May 2026 vault breach); (b) third-party abuse by Lazarus Group using the protocol as a laundering conduit — with a genuine negligence component in that governance voted against blocking the transactions and node operators profited; and (c) the THORFi lending collapse, which reflects serious design negligence and mismanagement but is characterized even by Dragonfly Capital as 'the first on-chain restructuring,' not an exit scam. The correct band is WARNING (20-49), reflecting elevated loss risk, unresolved legal action, and documented governance failures, while acknowledging the protocol continues to operate and is not itself a fraud. A score of 28 reflects serious but non-fraudulent risk: the THORFi insolvency is a material mismanagement event, the Lazarus facilitation creates genuine OFAC/legal exposure, and the recurring security exploits raise long-term viability questions — but none of these individually or collectively constitute the fraud/scam evidence required for CRITICAL.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 73a225c6-4855-446b-b77d-1004783621c1
  5. #5review approveby judgejudge
    2026-06-14 23:16:16Z
    Score: 1428 (+14)
    All six claim findings in the review are supported with zero disputed claims (claim_findings[0]–[5]). The review establishes that THORChain is a legitimately operating DeFi protocol with $68M+ TVL and $118B in cumulative volume, and that the current CRITICAL band score of 14 is miscalibrated: the 2021 ETH Router exploits were external attacks suffered by the protocol (claim_findings[1]); the $1.2B Lazarus laundering was third-party criminal abuse of an open permissionless system, albeit with a governance negligence component (claim_findings[2]); the THORFi $200M insolvency reflects design-flaw mismanagement characterized even by sophisticated observers as a restructuring rather than an exit scam (claim_findings[3]); and the May 2026 $10.8M vault breach was caused by a malicious external validator (claim_findings[4]). The CRITICAL band requires evidence of fraud or scam mechanics by the entity itself (claim_findings[5]), which is absent here. The page content is accurate and must remain published. A score of 28 (WARNING band) correctly reflects elevated risk from recurring security incidents, governance failures, ongoing legal action, and OFAC exposure — without conflating suffered incidents and third-party abuse with first-party fraud.
    anchoranchored
    chain
    mainnet-betaslot 426,514,840
    sig
    2WSyG5T1WdMA…XLmYBD3fexplorer ↗
    hash
    AvHVjo3h2FdD…UzTHZFzYsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1610 B) ▸
    {"actor":"judge","decided_at":"2026-06-14T23:16:16.640Z","decision":"review_approve","investigation_id":"05cd7768-ea55-47f0-a1ae-da562e54f3a7","new_score":28,"page_slug":"thorchain-dex","prev_score":14,"reason":"All six claim findings in the review are supported with zero disputed claims (claim_findings[0]–[5]). The review establishes that THORChain is a legitimately operating DeFi protocol with $68M+ TVL and $118B in cumulative volume, and that the current CRITICAL band score of 14 is miscalibrated: the 2021 ETH Router exploits were external attacks suffered by the protocol (claim_findings[1]); the $1.2B Lazarus laundering was third-party criminal abuse of an open permissionless system, albeit with a governance negligence component (claim_findings[2]); the THORFi $200M insolvency reflects design-flaw mismanagement characterized even by sophisticated observers as a restructuring rather than an exit scam (claim_findings[3]); and the May 2026 $10.8M vault breach was caused by a malicious external validator (claim_findings[4]). The CRITICAL band requires evidence of fraud or scam mechanics by the entity itself (claim_findings[5]), which is absent here. The page content is accurate and must remain published. A score of 28 (WARNING band) correctly reflects elevated risk from recurring security incidents, governance failures, ongoing legal action, and OFAC exposure — without conflating suffered incidents and third-party abuse with first-party fraud.","score_delta":14,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision fc7363be-88af-44ba-a024-8172498aeae2
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.