Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
publish · Stake DAO
- Sequence
- #1
- Score
- →
- Cluster
- mainnet-beta
- Slot
- 422848455
- Off-chain at
- 2026-05-29T02:35:00.053Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- ESZXryXwjtoCADpwDGfqBSbtf49dvFPV78q7J9SKGajd
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (6713 chars)
{"actor":"system:backfill","investigation_id":"22690c77-993d-44f5-aa47-0b2304ade6c1","kind":"publish","page_slug":"stake-dao","published_at":"2026-05-29T02:34:59.971Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Stake DAO","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.stakedao.org/","type":"other","url":""},{"credibility":3,"name":"https://docs.stakedao.org/sdt","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/stake-dao","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/stake-dao","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/stake-dao","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoslate.com/people/julien-bouteloup/","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/julien-bouteloup","type":"other","url":""},{"credibility":3,"name":"https://www.quicknode.com/builders-guide/tools/stake-dao-julien-bouteloup?category=defi-tools","type":"other","url":""},{"credibility":3,"name":"https://members.delphidigital.io/reports/building-defi-disneyland-julien-bouteloup-covering-stakedao-blackpool-rekt-and-curve/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptotimes.io/2026/05/27/stake-dao-exploited-as-hacker-mints-5-4-trillion-fake-vsdcrv/","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/stake-dao-exploit-vsdcrv-arbitrum/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/stake-dao-exploit-deployer-key-vsdcrv/","type":"other","url":""},{"credibility":3,"name":"https://invezz.com/news/2026/05/27/arbitrum-based-stakedao-contract-hit-by-5-4t-vsdcrv-exploit/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/defi-exploit-hits-stake-dao-as-attacker-swaps-vsdcrv-for-eth/","type":"other","url":""},{"credibility":3,"name":"https://protos.com/stake-dao-hit-by-hack-as-defi-security-confidence-hits-new-low/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/05/28/stake-dao-assures-users-after-vsdcrv-exploit-and-bridge-shutdown/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/StakeDAOHQ/status/2032489716629578004","type":"other","url":""},{"credibility":3,"name":"https://gov.stakedao.org/t/sdgp-65-allow-the-refund-of-affected-users-from-the-march-12-2026-incident-from-the-treasury/1117","type":"other","url":""},{"credibility":3,"name":"https://gov.stakedao.org/t/stake-dao-association-march-2026-report/1124","type":"other","url":""},{"credibility":3,"name":"https://protos.com/stake-dao-hit-by-hack-as-defi-security-confidence-hits-new-low/","type":"other","url":""},{"credibility":3,"name":"https://smartcontractshacking.com/hacks/stake-dao-hack-2026","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/stake-dao/stake-dao-security/blob/main/disclosures/29-11-2023.md","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/stake-dao/audits","type":"other","url":""},{"credibility":3,"name":"https://docs.stakedao.org/audits","type":"other","url":""},{"credibility":3,"name":"https://www.chainsecurity.com/security-audit/stakedao-liquidlockers","type":"other","url":""},{"credibility":3,"name":"https://skynet.certik.com/projects/stake-dao","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/stake-dao-exploit-deployer-key-vsdcrv/","type":"other","url":""},{"credibility":3,"name":"https://protos.com/stake-dao-hit-by-hack-as-defi-security-confidence-hits-new-low/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.stakedao.org/sdt","type":"other","url":""},{"credibility":3,"name":"https://docs.stakedao.org/vesdt_governance","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x73968b9a57c6e53d41345fd57a6e6ae27d6cdb2f","type":"other","url":""},{"credibility":3,"name":"https://www.mexc.com/en-GB/price/stake-dao/info","type":"other","url":""}]}],"sources_used":[],"summary":"Stake DAO is a non-custodial DeFi protocol built around liquid staking, yield aggregation, and governance participation via veToken mechanics. The protocol has suffered three documented security incidents since 2023, the most severe of which — a May 2026 deployer private key compromise — enabled the minting of 5.4 trillion fraudulent vsdCRV tokens on Arbitrum, resulting in roughly $91,000 in realized losses despite a nominally catastrophic exposure. Repeated operational security failures across a two-year span, including a March 2026 oracle exploit draining $176,000 from its Votemarket product, indicate a pattern of infrastructure risk that audited smart contracts alone have not resolved.","timeline":[{"date":"2021-01-20","event":"Stake DAO and SDT token launched on Ethereum mainnet; initial airdrop distributed.","source":""},{"date":"2021-02-04","event":"SDT reaches all-time high price of $16.63.","source":""},{"date":"2022-01-01","event":"Stake DAO adopts veTokenomic model; SDT lockable for veSDT governance rights.","source":""},{"date":"2022-06-15","event":"SDT reaches all-time low of $0.1750 amid broader crypto bear market.","source":""},{"date":"2023-01-01","event":"Two-year linear vesting for initial contributors and angel investors concludes.","source":""},{"date":"2023-11-29","event":"Stake DAO discloses LiquidityGauge deployment error on BNB Chain; approximately $4,011 in CAKE tokens stolen; affected users compensated via airdrop.","source":""},{"date":"2026-03-12","event":"Votemarket oracle contract exploited on Arbitrum and Base; approximately $176,000 drained across 54 reward campaigns. Governance proposal SDGP-65 introduced to reimburse affected users from treasury.","source":""},{"date":"2026-05-27","event":"Deployer private key compromised; attacker mints 5.4 trillion vsdCRV on Arbitrum via forged LayerZero v2 cross-chain message. Attacker realizes approximately $91,000 before DEX liquidity exhausted. Stake DAO shuts down vsdCRV bridge and urges users not to interact with vsdCRV.","source":""},{"date":"2026-05-28","event":"Stake DAO publishes follow-up statement assuring users that core products (Liquid Lockers, Boosted Yields, Votemarket, Morpho lending) are unaffected; vsdCRV backing on Ethereum mainnet confirmed secured.","source":""}]},"v":1}