Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Garden
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
420904985
Off-chain at
2026-05-20T03:30:48.974Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
2VeoMfD44GqU4MMqwqTBWrvcoNyzC2rG2U51YAgBzvPh
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (6588 chars)
{"actor":"system:backfill","investigation_id":"af469430-2d96-4ad7-80a1-b893bf5d3479","kind":"publish","page_slug":"garden","published_at":"2026-05-20T03:30:48.923Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Garden","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theregister.com/2025/10/31/attackers_dig_up_11m_in/"},{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/25-garden-finance-funds-linked-175501426.html"},{"credibility":3,"name":"","type":"other","url":"https://forum.arbitrum.foundation/t/garden-finance-ltipp-application-final/21926"},{"credibility":3,"name":"","type":"other","url":"https://docs.garden.finance/home/governance/tokenomics"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://garden.finance/blog/what-are-htlcs"},{"credibility":3,"name":"","type":"other","url":"https://www.garden.finance/"},{"credibility":3,"name":"","type":"other","url":"https://docs.garden.finance/home/governance/tokenomics"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://github.com/gardenfi/audits"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/356301/garden-finance-shares-forensic-findings-security-breach-limited-to-solver-layer"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/press-releases/387636/garden-finance-shares-forensic-findings-security-breach-limited-to-solver-layer"},{"credibility":3,"name":"","type":"other","url":"https://www.theregister.com/2025/10/31/attackers_dig_up_11m_in/"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/month-in-review-top-defi-hacks-of-october-2025"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theregister.com/2025/10/31/attackers_dig_up_11m_in/"},{"credibility":3,"name":"","type":"other","url":"https://find-and-update.company-information.service.gov.uk/company/09763192/officers"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/garden-finance-exploit-drains-over-10m-across-multiple-chains/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theregister.com/2025/10/31/attackers_dig_up_11m_in/"},{"credibility":3,"name":"","type":"other","url":"https://finance.yahoo.com/news/25-garden-finance-funds-linked-175501426.html"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/356301/garden-finance-shares-forensic-findings-security-breach-limited-to-solver-layer"},{"credibility":3,"name":"","type":"other","url":"https://cybernews.com/crypto/btc-bridge-flagged-laundering-money-hacked/"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/garden-finance-exploit-drains-over-10m-across-multiple-chains/"},{"credibility":3,"name":"","type":"other","url":"https://www.xt.com/en/blog/post/zachxbt-accuses-garden-finance-of-laundering-funds-from-bybit-hack"}]}],"sources_used":[],"summary":"Garden Finance (garden.finance) is a Bitcoin cross-chain bridge and swap protocol launched in December 2023 by former Ren Protocol core team members, using Hashed Timelock Contracts (HTLCs) and an intents-based solver network to enable non-custodial Bitcoin swaps across chains. In October 2025, a compromised solver operator lost approximately $11.4 million in a security incident attributed by forensic investigators to a North Korea-linked threat actor. Prior to the exploit, blockchain investigator ZachXBT alleged that a substantial portion of Garden's volume — with estimates ranging from 25% to over 75% — originated from illicit sources including funds stolen in the $1.46 billion Bybit hack by Lazarus Group, allegations the team disputed but did not fully refute.","timeline":[{"date":"2017-01-01","event":"Republic Protocol (later Ren Protocol), predecessor project to Garden Finance, founded in Australia by Taiyang Zhang, Loong Wang, and Jaz Gulati.","source":""},{"date":"2022-11-01","event":"FTX, which had acquired Ren Labs, files for bankruptcy. Ren Protocol collapses, prompting Gulati and Nadimpalli to begin work on Garden Finance.","source":""},{"date":"2023-12-01","event":"Garden Finance publicly launches as a Bitcoin cross-chain bridge using HTLC atomic swaps and an intents-based solver network.","source":""},{"date":"2024-01-18","event":"SEED governance token launches with a total supply of 147 million tokens. Team and investor allocations subject to 24-month cliff from TGE.","source":""},{"date":"2025-02-21","event":"Bybit exchange suffers a $1.46 billion hack attributed to North Korea's Lazarus Group. ZachXBT later alleges $160 million of these stolen funds transited Garden within 48 hours.","source":""},{"date":"2025-06-21","event":"ZachXBT publicly alleges that more than 80% of Garden Finance's recent fee income was generated from facilitating movement of Lazarus Group-linked Bybit stolen funds. Garden co-founder Jaz Gulati disputes the characterization.","source":""},{"date":"2025-07-01","event":"ZachXBT publishes a broader analysis alleging 25% or more of Garden's total historical volume is linked to stolen assets, with six-figure profits from illicit flows between April and July 2025.","source":""},{"date":"2025-10-30","event":"Security breach: an attacker gains unauthorized access to the private key infrastructure of a major Garden solver operator and drains approximately $11.4 million in WBTC, USDC, USDT, and ETH across multiple chains. Garden temporarily shuts down its app.","source":""},{"date":"2025-10-31","event":"Garden co-founder Jaz Gulati states user funds are safe and the protocol remains unaffected. Garden offers a 10% whitehat bounty (~$1.1M) for fund return and exploit disclosure. ZachXBT alleges the compromised solver was operated by a Garden team member based on on-chain evidence from a deployer address.","source":""},{"date":"2026-01-29","event":"Garden publishes forensic findings from Ernst and Young and zeroShadow, confirming unauthorized server access from IP addresses located in Japan and China on October 30, 2025, with the compromise attributed to a leaked private key on a compromised device. The attacker is linked to North Korea-affiliated threat actor DangerousPassword (also known as CryptoCore / Sapphire Sleet / UNC1069). No funds recovered.","source":""}]},"v":1}