Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Wintermute
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
Off-chain at
2026-05-20T18:58:59.497Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
2dBNSyGvxMJTvMrQgAgzRNs6d1gr9AsU9sBd6czMwZtp
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (6317 chars)
{"actor":"system:backfill","investigation_id":"c0832d18-9663-491d-8289-727146536eaf","kind":"publish","page_slug":"wintermute","published_at":"2026-05-20T18:58:59.439Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Wintermute","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2022/09/20/crypto-market-maker-wintermute-hacked-for-160m-says-ceo"},{"credibility":3,"name":"","type":"other","url":"https://www.wintermute.com/insights/market-color/reports/wintermute-otc-2024-in-review-2025-outlook"},{"credibility":3,"name":"","type":"other","url":"https://www.tradersmagazine.com/featured_articles/wintermute-expands-into-u-s-makes-new-policy-hire/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://blog.1inch.com/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool/"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-wintermute-hack-september-2022"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/uGiY0j3hwOzQOMcDPGoz9-wintermute-hack"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/cyber-sleuth-alleges-160m-wintermute-hack-was-an-inside-job"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2022/09/20/crypto-market-maker-wintermute-hacked-for-160m-says-ceo"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/1inch-severe-vulnerability-ethereum-vanity-address-tool-risks-millions-dollars/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.numencyber.com/an-analysis-of-wintermutes-usd160-million-hacking/"},{"credibility":3,"name":"","type":"other","url":"https://www.merklescience.com/blog/hack-track-analysis-of-wintermute-attack"},{"credibility":3,"name":"","type":"other","url":"https://immunebytes.com/blog/wintermute-crypto-exchange-hack-sep-20-2022-detailed-analysis/"},{"credibility":3,"name":"","type":"other","url":"https://quillaudits.medium.com/wintermutes-160m-exploit-analysis-quillaudits-f1dbd217b9f9"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2022/10/14/crypto-market-maker-wintermute-pays-off-96m-truefi-debt-weeks-after-being-hacked"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/wintermute-repays-92m-truefi-loan-on-time-despite-suffering-160m-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2022/09/20/hacked-crypto-market-maker-wintermute-has-200m-in-outstanding-defi-debt"},{"credibility":3,"name":"","type":"other","url":"https://www.sec.gov/files/ctf-written-wintermute-11172025.pdf"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-wintermute-hack-september-2022"},{"credibility":3,"name":"","type":"other","url":"https://safeheron.com/blog/how-profanity-caused-wintermute-to-lose-160m/"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/170359/1inch-claims-potential-exploit-on-profanity-generated-ethereum-addresses"},{"credibility":3,"name":"","type":"other","url":"https://blockbytes.com/2023/02/13/crypto-casefiles-wintermute-hack/"}]}],"sources_used":[],"summary":"Wintermute is a London-headquartered algorithmic trading firm and cryptocurrency market maker founded in 2017 by Evgeny Gaevoy. On September 20, 2022, the firm's DeFi operations were exploited for approximately $160 million after an attacker leveraged a known cryptographic vulnerability in the Profanity vanity address tool to compromise Wintermute's admin private key. The stolen funds were never recovered, though the firm remained solvent, repaid its outstanding DeFi loans, and has continued operating and expanding into U.S. markets.","timeline":[{"date":"2017-01-01","event":"Wintermute founded in London by Evgeny Gaevoy, formerly of Optiver's European ETF desk.","source":""},{"date":"2022-09-15","event":"1inch Network publicly discloses a severe cryptographic vulnerability in Profanity, the Ethereum vanity address generator, recommending all users immediately transfer funds away from Profanity-generated addresses.","source":""},{"date":"2022-09-15","event":"Profanity vulnerability exploited by separate actors draining approximately $3.3 million from other wallets, establishing proof of exploitability before the Wintermute attack.","source":""},{"date":"2022-09-20","event":"Attacker uses a reconstructed private key from a Profanity-generated Wintermute admin wallet to drain approximately $160 million from Wintermute's DeFi vault across roughly 90 ERC-20 token types.","source":""},{"date":"2022-09-20","event":"CEO Evgeny Gaevoy publicly discloses the hack via Twitter, confirms solvency, and characterizes the incident as a potential white-hat event, offering the attacker a 10% bounty to return funds.","source":""},{"date":"2022-09-20","event":"Attacker routes approximately $114 million in stablecoins through Curve Finance 3pool to complicate asset freezes.","source":""},{"date":"2022-09-27","event":"Researcher 'Librehash' alleges via social media that the hack was an inside job based on alleged anomalous pre-hack transactions; Wintermute denies the allegation. BlockSec assesses the inside-job theory as unsubstantiated.","source":""},{"date":"2022-10-14","event":"Wintermute repays its $96 million TrueFi DeFi loan one day before deadline, demonstrating continued solvency following the hack.","source":""},{"date":"2023-01-01","event":"Stolen $160 million remains unrecovered; attacker's 10% white-hat bounty offer unclaimed. Wintermute resumes normal operations.","source":""},{"date":"2025-02-01","event":"Wintermute opens U.S. headquarters in New York City, expanding OTC and derivatives offerings.","source":""},{"date":"2025-09-03","event":"Wintermute submits formal feedback to the SEC Crypto Task Force, arguing network tokens should not be classified as securities.","source":""}]},"v":1}