Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Cardex
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
423086628
Off-chain at
2026-05-30T04:47:55.911Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
5T64jqShZyRYYwsdU7xeVmAXaKAJAfejsGQuKWcQM63w
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (6390 chars)
{"actor":"system:backfill","investigation_id":"6088941a-1f2a-47fd-8d64-857ac5e703a1","kind":"publish","page_slug":"cardex","published_at":"2026-05-30T04:47:55.830Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cardex","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/306608/cardex-game-exploit-drains-abstract-wallets","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/users-report-six-figure-losses-in-cardex-exploit-on-abstract-chain/","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/ethereum-layer-2-platform-abstract-reports-400k-crypto-breach-in-cardex-incident/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/341472/abstract-chain-wallet-drains-cardex","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://bitnewsbot.com/cardex-trading-card-game-loses-470k-in-eth-after-private-key-breach/","type":"other","url":""},{"credibility":3,"name":"https://playtoearn.com/news/cardex-exploit-drains-400k-from-abstract-users-heres-what-happened","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/ethereum-layer-2-platform-abstract-reports-400k-crypto-breach-in-cardex-incident/","type":"other","url":""},{"credibility":3,"name":"https://abscan.org/address/0xee580828b426b6cc33817bce419daf65a516aa7e","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptopotato.com/ethereum-layer-2-platform-abstract-reports-400k-crypto-breach-in-cardex-incident/","type":"other","url":""},{"credibility":3,"name":"https://bitnewsbot.com/cardex-trading-card-game-loses-470k-in-eth-after-private-key-breach/","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/306608/cardex-game-exploit-drains-abstract-wallets","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/news/feed/6cc87-ethereum-layer-2-platform-abstract-reports-400k-crypto-breach-in-cardex-incident","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto.news/users-report-six-figure-losses-in-cardex-exploit-on-abstract-chain/","type":"other","url":""},{"credibility":3,"name":"https://www.chaincatcher.com/en/article/2168538","type":"other","url":""},{"credibility":3,"name":"https://en.cryptonomist.ch/2025/02/18/ethereum-l2-abstract-under-accusation-wallets-emptied-and-suspected-ties-with-cardex/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/abstract-chain-users-compromised/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptopotato.com/ethereum-layer-2-platform-abstract-reports-400k-crypto-breach-in-cardex-incident/","type":"other","url":""},{"credibility":3,"name":"https://playtoearn.com/news/cardex-exploit-drains-400k-from-abstract-users-heres-what-happened","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/abstract-releases-post-mortem-on-cardex-security-breach-affecting-9000-wallets/","type":"other","url":""},{"credibility":3,"name":"https://nftinsider.io/abstract-tcg-cardex-suffers-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chaincatcher.com/en/article/2168538","type":"other","url":""},{"credibility":3,"name":"https://abscan.org/address/0xee580828b426b6cc33817bce419daf65a516aa7e","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/306608/cardex-game-exploit-drains-abstract-wallets","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/users-report-six-figure-losses-in-cardex-exploit-on-abstract-chain/","type":"other","url":""}]}],"sources_used":[],"summary":"Cardex is an on-chain fantasy trading card game that launched on the Ethereum layer-2 network Abstract in February 2025, offering tokenized digital versions of collectible trading cards for competition in online tournaments. Within one week of launch, a critical operational security failure — the inadvertent exposure of a shared session signer private key on the application's frontend — allowed an attacker to drain approximately $400,000–$470,000 in ETH from roughly 9,000 user wallets over a seven-hour period. The project has been flagged by ZachXBT; user accusations of a rug pull circulated on Telegram, though Abstract core contributors attributed the incident to mishandled credentials rather than intentional fraud. No confirmed restitution fund or formal accountability measure had been publicly disclosed as of the most recent reporting.","timeline":[{"date":"2025-02-12","event":"Cardex launches on Abstract layer-2 network, appearing on Abstract's official Discover/Portal page and conducting a 24-hour card presale for early access users.","source":""},{"date":"2025-02-18","event":"At approximately 6:07 AM EST, first suspicious activity is flagged on Abstract as wallet drains are reported. Abstract contributor 0xBeans posts on X identifying Cardex as the likely source and urges users not to interact with the app.","source":""},{"date":"2025-02-18","event":"Within 30 minutes of initial flagging, Cardex is confirmed as the source of the exploit. The attack continues for approximately seven hours, draining over 180 ETH (~$400,000–$470,000) from roughly 9,000 wallets.","source":""},{"date":"2025-02-18","event":"Cardex's vulnerable contract is upgraded to halt further exploit transactions. Abstract deploys revoke.abs.xyz to allow users to cancel active session approvals. Abstract contributor Cygaar confirms the attack vector: a shared session signer private key exposed in Cardex's frontend code.","source":""},{"date":"2025-02-18","event":"Users flood Cardex's Telegram channel and Abstract's Discord with rug pull accusations and refund demands. Cardex confirms the attack and states cooperation with Abstract to trace stolen funds.","source":""},{"date":"2025-02-19","event":"Abstract releases a post-mortem confirming ~$400,000 stolen from ~9,000 wallets and announces new Portal security requirements: mandatory frontend audits, per-user session signers, encrypted key storage, and Blockaid integration.","source":""}]},"v":1}