Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Nomad
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
421044890
Off-chain at
2026-05-20T18:59:01.999Z
Anchored at
2026-05-20T19:02:25.000Z
Block time
2026-05-20T19:02:25.000Z

Independent verification

1. Database (off-chain)
zgXww9yWKjEovY5MJqH4B6UPqgovpn7KuxhS6SfGJnL
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (8448 chars)
{"actor":"system:backfill","investigation_id":"f9e685c5-2870-4b10-914f-b599ddbdbd9c","kind":"publish","page_slug":"nomad","published_at":"2026-05-20T18:59:01.928Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Nomad","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.classaction.org/news/nomad-crypto-bridge-class-action-says-simple-programmer-mistake-allowed-186m-hack-in-2022"},{"credibility":3,"name":"","type":"other","url":"https://www.zellic.io/blog/audit-drift/"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/nomad-xyz-blog/nomad-bridge-hack-root-cause-analysis-875ad2e5aacd"},{"credibility":3,"name":"","type":"other","url":"https://www.crunchbase.com/organization/illusory-systems-inc"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/160851/nomads-190-million-bridge-exploit-drew-hacking-feeding-frenzy-of-300-addresses"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2022/08/11/copycats-stole-88m-during-nomad-exploit-by-copying-attackers-code-coinbase"},{"credibility":3,"name":"","type":"other","url":"https://techcrunch.com/2022/08/02/nomad-chaotic-exploit-crypto/"},{"credibility":3,"name":"","type":"other","url":"https://edition.cnn.com/2022/08/03/tech/crypto-bridge-hack-nomad"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-nomad-hack-august-2022"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cloud.google.com/blog/topics/threat-intelligence/dissecting-nomad-bridge-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.trmlabs.com/resources/blog/key-suspect-in-190m-nomad-bridge-exploit-extradited-to-the-united-states"},{"credibility":3,"name":"","type":"other","url":"https://www.coinbase.com/es-es/blog/nomad-bridge-incident-analysis"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.cnbc.com/2022/08/05/crypto-startup-nomad-offers-10percent-bounty-after-190-million-hack.html"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/over-usd-36m-returned-nomad-bridges-fund-recovery-address.htm"},{"credibility":3,"name":"","type":"other","url":"https://blockchain.bakermckenzie.com/2024/04/08/u-s-court-dismisses-rico-lawsuit-brought-in-connection-with-nomad-bridge-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.theregister.com/2025/12/17/nomad_ftc_settlement/"},{"credibility":3,"name":"","type":"other","url":"https://www.insideprivacy.com/united-states/federal-trade-commission/ftc-announces-10-year-information-security-consent-orders-with-illuminate-education-and-illusory-systems/"},{"credibility":3,"name":"","type":"other","url":"https://www.federalregister.gov/documents/2025/12/19/2025-23407/illusory-systems-inc-analysis-of-proposed-consent-order-to-aid-public-comment"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/legal/israel-arrests-new-suspect-behind-nomad-bridge-190m-crypto-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/hacker-behind-190m-nomad-bridge-exploit-arrested-in-israel/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.ftc.gov/news-events/news/press-releases/2025/12/ftc-will-require-illusory-systems-return-money-stolen-hackers-implement-information-security-program"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/coinmonks/nomad-bridge-two-years-after-hack-dead-in-the-water-7235bb2d68ba"},{"credibility":3,"name":"","type":"other","url":"https://caselaw.findlaw.com/court/us-dis-crt-d-del/116009637.html"},{"credibility":3,"name":"","type":"other","url":"https://www.zellic.io/blog/audit-drift/"}]}],"sources_used":[],"summary":"Nomad was a cross-chain messaging bridge operated by Illusory Systems, Inc. that suffered one of the largest DeFi exploits in history on August 1–2, 2022, when a smart contract initialization bug allowed approximately $190 million in user funds to be drained in a chaotic free-for-all involving over 300 wallet addresses. The protocol never recovered meaningful user adoption after a December 2022 relaunch, faced a class action lawsuit and an FTC enforcement action, and in December 2025 agreed to a settlement requiring repayment of $37.5 million to affected users.","timeline":[{"date":"2021-11-10","event":"Illusory Systems, Inc. incorporated in Delaware by Pranay Mohan, James Prestwich, and Austin Liau.","source":""},{"date":"2022-05-01","event":"Quantstamp begins security audit of Nomad's smart contract system.","source":""},{"date":"2022-06-09","event":"Quantstamp delivers final audit report identifying 40 issues, including input validation edge cases. Audit team notes the Nomad team misunderstood at least one flagged issue.","source":""},{"date":"2022-06-21","event":"Nomad deploys a routine upgrade to its Replica smart contract that initializes the trusted Merkle root to 0x00, introducing the critical vulnerability. The deployed code differs from the audited version.","source":""},{"date":"2022-08-01","event":"An initial attacker discovers the zero-root initialization bug and begins draining funds from the Nomad bridge by calling the process() function with a zero root and modified recipient addresses.","source":""},{"date":"2022-08-02","event":"Over 300 wallet addresses join the exploit after the initial attacker's transaction calldata becomes visible on-chain. Approximately $190 million in user funds are drained in a chaotic free-for-all. CNN Business, TechCrunch, and CoinDesk report the event contemporaneously.","source":""},{"date":"2022-08-05","event":"Nomad announces a 10 percent bounty program, offering legal immunity and fund retention for any attacker returning at least 90 percent of drained assets.","source":""},{"date":"2022-08-11","event":"Coinbase publishes incident analysis estimating 88 percent of participating addresses were copycats; copycats collectively stole approximately $88 million.","source":""},{"date":"2022-08-20","event":"Over $36 million returned to Nomad's recovery address by more than 40 participating wallets — approximately 19 percent of total stolen funds.","source":""},{"date":"2022-12-01","event":"Nomad relaunches bridge to allow users to withdraw remaining bridged assets. The relaunch attracts negligible user activity and TVL.","source":""},{"date":"2023-01-01","event":"Class action lawsuit Singh v. Illusory Systems, Inc. et al. (1:23-cv-00183, D. Del.) filed by affected users asserting RICO and negligence claims.","source":""},{"date":"2023-08-16","event":"Federal grand jury in the Northern District of California issues an eight-count indictment against Alexander Gurevich for his alleged role in the exploit, including wire fraud, conspiracy, and money laundering.","source":""},{"date":"2024-04-08","event":"Federal district court dismisses RICO claims and most negligence claims in Singh v. Illusory Systems; fraud claim allowed to proceed.","source":""},{"date":"2024-12-01","event":"United States formally requests extradition of Alexander Gurevich from Israel.","source":""},{"date":"2025-04-19","event":"Gurevich re-enters Israel during the Passover holiday. Israeli authorities order him to appear for an extradition hearing, which he ignores.","source":""},{"date":"2025-04-30","event":"Gurevich legally changes his name to 'Alexander Block' in the Israeli Population Registry in an alleged attempt to conceal his identity.","source":""},{"date":"2025-05-01","event":"Israeli police arrest Alexander Gurevich at Ben-Gurion Airport while he is attempting to board a flight to Russia. Israeli authorities approve extradition to the United States.","source":""},{"date":"2025-12-17","event":"FTC announces proposed consent order requiring Illusory Systems to repay approximately $37.5 million to affected users and implement a 10-year information security program. Federal Register notice published December 19, 2025.","source":""}]},"v":1}