Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
publish · Purrlend
- Sequence
- #1
- Score
- →
- Cluster
- mainnet-beta
- Slot
- 422339820
- Off-chain at
- 2026-05-26T18:37:04.166Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- DCqhBViQXnypSvv1sUxoYJXQHeN8pgsCCs1AM7kiuXg4
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (4641 chars)
{"actor":"system:backfill","investigation_id":"39910c40-bf09-4d18-b078-4b9b70b813a6","kind":"publish","page_slug":"purrlend","published_at":"2026-05-26T18:37:04.069Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Purrlend","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://ourcryptotalk.com/news/purrlend-defi-protocol-loses-1-5m-multisig-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/news/1053473","type":"other","url":""},{"credibility":3,"name":"https://www.livebitcoinnews.com/purrlend-exploit-steals-1-5m-on-hyperevm-and-megaeth/","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/defi-attack-impact-purrlend-drained/","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/news/1053509","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://ourcryptotalk.com/news/purrlend-defi-protocol-loses-1-5m-multisig-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/purrlend-exploit-1-5m-drain-l2s-part-800m-april-defi-bloodbath-2604/","type":"other","url":""},{"credibility":3,"name":"https://purrlends.gitbook.io/purrlend","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://ourcryptotalk.com/news/purrlend-defi-protocol-loses-1-5m-multisig-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/news/1053473","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/defi-attack-impact-purrlend-drained/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://purrlends.gitbook.io/purrlend","type":"other","url":""},{"credibility":3,"name":"https://intellectia.ai/news/crypto/purrlend-pauses-protocol-amid-152m-hack-investigation","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/markets/crypto/articles/another-defi-platform-just-got-122925586.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://startupfortune.com/purrlends-15-million-exploit-is-a-small-number-in-april-2026s-catastrophic-defi-security-ledger/","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/purrlend-exploit-1-5m-drain-l2s-part-800m-april-defi-bloodbath-2604/","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605385020","type":"other","url":""}]}],"sources_used":[],"summary":"Purrlend is a non-custodial DeFi lending and borrowing protocol deployed on HyperEVM and MegaETH, operating as an Aave-style fork designed for leveraged yield farming. On April 25, 2026, the protocol suffered a multisig permission exploit that drained approximately $1.52 million across both networks, collapsing its TVL by roughly 70%. As of late May 2026, the protocol remains paused with no published post-mortem, recovery plan, or user compensation details.","timeline":[{"date":"2025-02-01","event":"HyperEVM mainnet launches, enabling new DeFi deployments on Hyperliquid's EVM layer.","source":""},{"date":"2026-04-25","event":"At approximately 1:20 a.m. UTC, Purrlend's 2-of-3 admin multisig executes a suspicious transaction granting an unknown address the 'bridge' role with elevated permissions inherited from the underlying Aave-style implementation.","source":""},{"date":"2026-04-25","event":"Hours after the suspicious role assignment, the attacker uses the granted bridge privileges to mint unbacked tokens and drain liquidity pools across HyperEVM and MegaETH, stealing approximately $1.52 million.","source":""},{"date":"2026-04-25","event":"At approximately 9:10 a.m. UTC, Purrlend pauses all protocol operations and posts a brief statement on X: 'We have detected irregular activity on the protocol and are actively investigating.'","source":""},{"date":"2026-04-25","event":"Kirby Ong, founder of HypurrCollective, first publicly flags the exploit and documents attacker wallet addresses on both HyperEVM and MegaETH block explorers.","source":""},{"date":"2026-04-25","event":"Protocol TVL collapses from approximately $1.5 million to $444,000 as depositor flight follows news of the exploit.","source":""},{"date":"2026-05-26","event":"As of this investigation date, the Purrlend protocol remains paused. No post-mortem, user compensation plan, or recovery details have been published. The exploiting address has not been publicly attributed.","source":""}]},"v":1}