Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Maestro
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
423089287
Off-chain at
2026-05-30T05:05:33.435Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
7ah6mZtPcmNPVB4EWXUuYYpLvrQob1gKZZ2Gh5crRXbN
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (6228 chars)
{"actor":"system:backfill","investigation_id":"ff789ca3-84dc-4005-a82d-1ceedff98435","kind":"publish","page_slug":"maestro","published_at":"2026-05-30T05:05:33.354Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Maestro","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.maestrobots.com/","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/learn/what-is-maestro-bots-and-how-to-use-it","type":"other","url":""},{"credibility":3,"name":"https://www.gearlay.com/about","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/fees/maestro","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/259338/maestro-telegram-bot-suffers-a-contract-exploit-500000-of-eth-stolen","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/204444/maestro-trading-bot-refunds-610-eth-to-users-following-router-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/1Zh5XbaDstXKteFcRSmOcp-maestro-and-unibot","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/maestro","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/maestro-telegram-bot-hit-by-critical-security-breach/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/maestro-refunds-after-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/204444/maestro-trading-bot-refunds-610-eth-to-users-following-router-exploit","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/telegram-maestro-bot-610-ether-refund","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/maestro-refunds-after-attack/","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/maestro","type":"other","url":""},{"credibility":3,"name":"https://zycrypto.com/maestrobots-refunds-610-eth-to-affected-users-following-attack-on-its-smart-contract/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.maestrobots.com/faq/security","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/1Zh5XbaDstXKteFcRSmOcp-maestro-and-unibot","type":"other","url":""},{"credibility":3,"name":"https://www.maestrobots.com/terms","type":"other","url":""},{"credibility":3,"name":"https://tenarmor.com/blogs/en/published/Sacrificing-Private-Keys-or-Pursuing-Security/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/fees/maestro","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/memecoin-trading-bot-maestro-is-raking-in-millions","type":"other","url":""},{"credibility":3,"name":"https://www.gearlay.com/about","type":"other","url":""},{"credibility":3,"name":"https://wearebctech.com/member-directory-test/name/gearlay-technologies-inc/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.maestrobots.com/terms","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/telegram-maestro-bot-610-ether-refund","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/maestro-refunds-after-attack/","type":"other","url":""},{"credibility":3,"name":"https://bullrank.io/en/telegram-trading-bots/maestro","type":"other","url":""},{"credibility":3,"name":"https://www.gearlay.com/about","type":"other","url":""}]}],"sources_used":[],"summary":"Maestro is a Telegram-based crypto trading bot developed by Gearlay Technologies Inc. (Canada) that enables sniping, copy-trading, and wallet management across 14 blockchains. On October 24, 2023, a critical access-control vulnerability in its MaestroRouter2 smart contract was exploited, draining approximately 280 ETH (~$500,000) from 106 user accounts; the team subsequently refunded all affected users with 610 ETH (~$1.1 million) sourced from its own revenue. The platform operates a partial-custody model in which user private keys are encrypted and stored on Maestro servers, representing a persistent systemic risk.","timeline":[{"date":"2021-01-01","event":"Gearlay Technologies Inc. founded in Canada by Abbas Abou Daya.","source":""},{"date":"2022-07-27","event":"Maestro bot launches as a Telegram-based DeFi trading tool.","source":""},{"date":"2023-05-01","event":"Maestro revenue peaks at approximately $4.8 million in a single month, according to DefiLlama data.","source":""},{"date":"2023-10-13","event":"Maestro deploys updated MaestroRouter2 smart contract containing an unverified access-control vulnerability.","source":""},{"date":"2023-10-24","event":"Attacker exploits the MaestroRouter2 transferFrom() vulnerability, draining approximately 280 ETH (~$500,000) from 106 user accounts across 11 token types.","source":""},{"date":"2023-10-24","event":"Maestro detects the exploit and upgrades the router contract to a benign counter contract within 30 minutes, halting further theft. Trading restored within 2 hours.","source":""},{"date":"2023-10-24","event":"PeckShield identifies stolen funds routed to Railgun cross-chain privacy protocol for obfuscation.","source":""},{"date":"2023-10-25","event":"MaestroBots announces full refund commitment for all 106 affected users.","source":""},{"date":"2023-11-06","event":"Maestro completes refund campaign within 10 hours of announcement, disbursing 610 ETH (~$1.1 million) from its own revenue — 120% of losses for two token types.","source":""},{"date":"2023-11-01","event":"CertiK confirms integrity of patched MaestroRouter2 following exploit resolution.","source":""},{"date":"2025-01-01","event":"Gearlay Technologies about page updated to describe Maestro as a platform the company 'previously built and sold,' suggesting a completed divestiture; no acquisition announcement identified in major media.","source":""}]},"v":1}