Skip to main content
Sign in
Truflation1 decision on this page

Audit log

Every state-changing event for Truflation: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-18 23:18:09Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,650,938
    sig
    3kx2rhV9DWRh…DasdvfWVexplorer ↗
    hash
    Ds5s8PamECNr…fCubiGrMsha256 → base58
    verifying row…full verify ↗
    canonical bytes (4141 B) ▸
    {"actor":"system:backfill","investigation_id":"1cd7ec6a-2729-488a-934a-33a233b41933","kind":"publish","page_slug":"truflation","published_at":"2026-05-18T23:18:09.575Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Truflation","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Truflation is a blockchain-based inflation data oracle protocol that provides real-time economic indices to DeFi applications via its Truflation Stream Network (TSN) and TRUF token. In September 2024, the project suffered a confirmed malware attack that compromised private keys across its treasury multisig and personal wallets, resulting in losses estimated between $4.6 million and $5.2 million — predominantly in TRUF tokens, ETH, and DAI. On-chain investigator ZachXBT was among the first to publicly identify and report the incident; the project subsequently initiated a full TRUF token migration as a remediation measure.","timeline":[{"date":"2021-01-01","event":"Truflation founded by Stefan Rust with the goal of providing a censorship-resistant, blockchain-native inflation index.","source":"","source_url":"https://www.bitstamp.net/en-gb/learn/cryptocurrency-guide/what-is-truflation-truf/"},{"date":"2022-05-17","event":"Truflation publicly launches, announcing Chainlink integration and censorship-resistant economic data infrastructure.","source":"","source_url":"https://www.globenewswire.com/news-release/2022/05/17/2445300/0/en/Truflation-Pioneers-Censorship-Resistant-Economic-Data.html"},{"date":"2024-01-01","event":"Truflation raises $6 million in a Series A funding round. Investors include Coinbase Ventures and G20 Ventures.","source":"","source_url":"https://canvasbusinessmodel.com/blogs/owners/truflation-who-owns"},{"date":"2024-09-25","event":"Truflation detects abnormal wallet activity. A malware attack, allegedly introduced during Token2049 in Singapore, compromises private keys for the treasury multisig and personal team wallets across Ethereum and seven other blockchains.","source":"","source_url":"https://www.halborn.com/blog/post/explained-the-truflation-hack-september-2024"},{"date":"2024-09-25","event":"ZachXBT publicly identifies and reports the Truflation hack, estimating losses of approximately $5 million from treasury multisig and personal wallets on multiple chains.","source":"","source_url":"https://www.theblock.co/post/318209/coinbase-ventures-backed-truflation-hacked-for-about-5-million-says-zachxbt"},{"date":"2024-09-26","event":"Truflation publicly confirms the malware attack. CEO Stefan Rust states the malware likely entered systems during Token2049. Truflation disables staking and limits DEX liquidity. An on-chain message offering a $500,000 bounty is sent to the attacker.","source":"","source_url":"https://www.cryptotimes.io/2024/09/26/truflation-confirms-malware-attack-losing-up-to-5-2-million/"},{"date":"2024-09-26","event":"Blockchain analytics estimate losses of $3.89M in TRUF, $1.07M in ETH, and $236,700 in DAI on Ethereum; total losses estimated at $4.6M–$5.2M. Attacker declines bounty negotiation offer.","source":"","source_url":"https://www.bankinfosecurity.com/cryptohack-roundup-bingx-truflation-exploits-a-26385"},{"date":"2024-10-28","event":"Truflation announces TRUF token redistribution plan to render stolen tokens unusable. New token contract deployed at 0x243c9be13fAbA09F945ccc565547293337Da0Ad7.","source":"","source_url":"https://chainwire.org/2024/10/28/truflation-initiates-truf-token-redistribution-to-strengthen-ecosystem-security-and-pave-the-way-for-growth/"},{"date":"2024-10-29","event":"TRUF token migration executes at 11:00 UTC. Snapshot taken; only whitelisted wallets eligible for new token claims. Legacy TRUF token effectively deprecated.","source":"","source_url":"https://truflation.com/blog/truf-token-migration"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 33448137-fa3b-42da-a726-6346817da841
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.