Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Radiant V2
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
420848175
Off-chain at
2026-05-19T21:12:24.617Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
BBbf816uKC6jCkXMQW8B5FdyEjogoa3q2hQQL8kXevP4
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (6214 chars)
{"actor":"system:backfill","investigation_id":"7d00d907-ddca-4513-9bdc-f3e52a5766e5","kind":"publish","page_slug":"radiant-v2","published_at":"2026-05-19T21:12:24.558Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Radiant V2","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.nansen.ai/post/what-is-radiant-capital-cross-chain-defi-explained"},{"credibility":3,"name":"","type":"other","url":"https://www.datawallet.com/crypto/radiant-capital-explained"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-radiant-capital-hack-october-2024"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2024/10/16/radiant-capital-loses-50m-to-blockchain-exploit"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/287162/radiant-capitals-50m-breach-among-most-sophisticated-hacks-in-defi-history"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@RadiantCapital/radiant-post-mortem-fecd6cd38081"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/radiant-capital-lending-protocol-flash-loan-attack-arbitrum"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptopolitan.com/radiant-capital-repayment-flash-loan-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://blog.quillaudits.com/trending/radiant-capital-hack-analysis/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://coincentral.com/radiant-capital-hacker-launders-10-8m-through-tornado-cash-mixer/"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/radiant-capital-hack-funds-shift-as-13m-in-eth-swapped-for-dai/"},{"credibility":3,"name":"","type":"other","url":"https://news.shib.io/2024/10/24/radiant-capital-hacker-transfers-52m-in-stolen-funds-to-ethereum/"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/radiant-capital-hacker-doubles-funds-eth-trading-2025/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2024/12/09/radiant-capital-says-north-korean-hackers-behind-50-million-attack-in-october"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/"},{"credibility":3,"name":"","type":"other","url":"https://www.securityweek.com/radiant-capital-50-million-heist-blamed-on-north-korean-hackers/"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/north-korea-radiant-capital-hack/"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-radiant-capital-hack-october-2024"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/radiant-capital-teams-with-us-law-enforcement-after-50m-defi-hack/"},{"credibility":3,"name":"","type":"other","url":"https://coincentral.com/radiant-capital-hacker-launders-10-8m-through-tornado-cash-mixer/"}]}],"sources_used":[],"summary":"Radiant Capital is a decentralized cross-chain lending protocol built on LayerZero that suffered two significant security incidents in 2024: a $4.5 million flash loan exploit in January 2024 and a far more devastating $50 million multisig compromise in October 2024. The October hack, attributed by Mandiant with high confidence to North Korean state-sponsored group UNC4736 (Citrine Sleet / AppleJeus), involved a months-long social engineering campaign, macOS malware deployment on developer devices, and manipulation of hardware wallet signing interfaces to drain funds across BNB Chain and Arbitrum.","timeline":[{"date":"2022-07-01","event":"Radiant Capital launches RDNT token on Arbitrum via Sushiswap fair launch.","source":""},{"date":"2024-01-02","event":"Flash loan exploit drains $4.5 million ETH from newly activated USDC market on Arbitrum via rounding error in liquidityIndex calculation.","source":""},{"date":"2024-01-03","event":"Radiant pauses Arbitrum lending and borrowing markets; promises post-mortem and user repayment.","source":""},{"date":"2024-09-11","event":"North Korean UNC4736 attacker sends malicious Telegram message to Radiant developer, impersonating a former contractor; INLETDRIFT macOS malware deployed via ZIP file.","source":""},{"date":"2024-10-16","event":"Attackers exploit compromised hardware wallets of at least 3 of 11 multisig signers to execute transferOwnership() on LendingPoolAddressesProvider; approximately $50–53 million drained from BSC and Arbitrum markets. Backdoor removed within 3 minutes of theft.","source":""},{"date":"2024-10-17","event":"Radiant publishes initial post-mortem; engages Mandiant, zeroShadow, Hypernative, and SEAL 911.","source":""},{"date":"2024-10-24","event":"On-chain tracking confirms hacker bridges $52M in stolen funds to Ethereum.","source":""},{"date":"2024-12-06","event":"Radiant Capital publishes updated incident report attributing attack to UNC4736 (North Korea) based on Mandiant forensic analysis.","source":""},{"date":"2024-12-09","event":"Public attribution of attack to DPRK-linked UNC4736 / Citrine Sleet / AppleJeus group reported by major media.","source":""},{"date":"2025-08-01","event":"On-chain monitors observe hacker actively trading stolen ETH and DAI; stolen portfolio value reportedly grows from $53M to over $94M through ETH appreciation and active arbitrage.","source":""},{"date":"2025-10-01","event":"Hacker deposits 2,834.6 ETH (approximately $10.8M) into sanctioned mixer Tornado Cash, substantially reducing recovery prospects.","source":""}]},"v":1}