Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Zunami Protocol
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
422560446
Off-chain at
2026-05-27T18:53:40.570Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
HWnMRzo82LLDxthnr8vjaC5RkB9yEGSpBgePDJhuPMDk
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (7173 chars)
{"actor":"system:backfill","investigation_id":"189de4b9-b6ff-4bfa-a98b-f5b074d364a4","kind":"publish","page_slug":"zunami-protocol","published_at":"2026-05-27T18:53:40.484Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Zunami Protocol","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/152366/zunami-protocol-curve-finance-hack","type":"other","url":""},{"credibility":3,"name":"https://hashex.org/audits/zunami-protocol/","type":"other","url":""},{"credibility":3,"name":"https://ackeeblockchain.com/blog/ackee-blockchain-audited-zunami-protocol/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/zunami-protocol","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt2","type":"other","url":""},{"credibility":3,"name":"https://medium.com/neptune-mutual/how-was-the-zunami-protocol-exploited-ea69a7a6a665","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/zunami-protocol-confirms-stablecoin-pools-attacked-in-exploit","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/152366/zunami-protocol-curve-finance-hack","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/3iea5hcDLs77TkOMQvoaSK-zunami-protocol-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-zunami-protocol-hack-august-2023","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt","type":"other","url":""},{"credibility":3,"name":"https://neptunemutual.com/blog/how-was-the-zunami-protocol-exploited/","type":"other","url":""},{"credibility":3,"name":"https://ackee.xyz/blog/zunami-hack-post-mortem/","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/zunami-protocol-hack-aug-13-2023-detailed-analysis-report/","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/zunami-protocol-exploited-for-over-2-million-native-stablecoin-uzd-plunges-99/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/hackers-stole-zunami-protocol/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt2","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/zunami-protocol","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/neptune-mutual/how-was-the-zunami-protocol-exploited-ea69a7a6a665","type":"other","url":""},{"credibility":3,"name":"https://neptunemutual.com/blog/how-was-the-zunami-protocol-exploited/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt","type":"other","url":""},{"credibility":3,"name":"https://hashex.org/audits/zunami-protocol/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt2","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/zunami-protocol-exploited-for-over-2-million-native-stablecoin-uzd-plunges-99/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://hashex.org/audits/zunami-protocol/","type":"other","url":""},{"credibility":3,"name":"https://hashex.org/audits/zunami-protocol-uzd/","type":"other","url":""},{"credibility":3,"name":"https://ackeeblockchain.com/blog/ackee-blockchain-audited-zunami-protocol/","type":"other","url":""},{"credibility":3,"name":"https://ackeeblockchain.com/blog/zunami-uzd-audit-summary/","type":"other","url":""},{"credibility":3,"name":"https://oxor-io.github.io/public_audits/Zunami/Zunami%20Protocol%20v2%20Reaudit%202%20Report.pdf","type":"other","url":""},{"credibility":3,"name":"https://zunamilab.gitbook.io/product-docs/risks-and-security/audits","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt2","type":"other","url":""},{"credibility":3,"name":"https://www.linkedin.com/company/zunami-protocol","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/zunami-protocol","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/zunami-protocol-rekt2","type":"other","url":""}]}],"sources_used":[],"summary":"Zunami Protocol is an Ethereum-based DeFi yield aggregator and stablecoin issuer (UZD, zETH) that suffered at least four separate security incidents between January 2023 and May 2025, losing a combined estimated $2.86 million or more in user funds. The protocol is notable for ignoring a prior warning from SlowMist before its largest smart contract exploit, and for a May 2025 incident in which an admin key compromise allegedly drained $500,000, with the team subsequently going silent for weeks and development activity having ceased months prior.","timeline":[{"date":"2023-01-26","event":"Zunami Protocol's fund transfer is sandwich-attacked in the mempool; approximately $49,000 is lost.","source":""},{"date":"2023-02","event":"A series of 13 flash loan transactions exploit price gaps between Zunami liquidity pools; combined losses from January and February 2023 incidents totals approximately $260,000 per Zunami's own disclosure.","source":""},{"date":"2023-06","event":"SlowMist privately notifies Zunami Protocol of the price manipulation vulnerability that would later be exploited; team response is described as 'unpleasant' and no fix is applied.","source":""},{"date":"2023-08-13","event":"Zunami Protocol is exploited via a flash loan price manipulation attack targeting the MIMCurveStakeDao strategy; approximately $2.1 million (1,184 ETH) is drained from zETH and UZD pools on Curve Finance. UZD falls over 99% and zETH falls over 88%.","source":""},{"date":"2023-08-14","event":"Zunami confirms the exploit on social media; stolen funds are laundered via Tornado Cash. PeckShield, CertiK, Halborn, and Ackee Blockchain publish post-mortem analyses.","source":""},{"date":"2023-09","event":"Zunami Protocol completes an angel funding round and announces development of a V2 update.","source":""},{"date":"2025-05-14","event":"An admin key compromise results in the theft of approximately $500,000 in zunUSD and zunETH collateral. An admin role is granted 7 minutes before 296,456 LP tokens are transferred to an attacker wallet. Funds are laundered via Tornado Cash.","source":""},{"date":"2025-05","event":"Zunami team CEO and CTO make public statements; CTO alleges Russian police involvement and possible laptop cloning. Team subsequently goes silent for approximately three weeks. GitHub shows no commits for at least three months prior.","source":""}]},"v":1}