Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Yearn Finance
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
422113848
Off-chain at
2026-05-25T17:34:26.885Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
59ENnPHEHgyv5JkjmDSNdoXi3cNRmUsWnde8UsV4MLdc
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (8334 chars)
{"actor":"system:backfill","investigation_id":"4d531127-e978-430c-8f36-6eac186ef860","kind":"publish","page_slug":"yearn-finance","published_at":"2026-05-25T17:34:26.834Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Yearn Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.gemini.com/cryptopedia/what-is-yearn-finance-yfi-coin-yearnfinance","type":"other","url":""},{"credibility":3,"name":"https://messari.io/asset/yearn-finance/profile/governance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/02/04/yearn-finance-dai-vault-has-suffered-an-exploit-11m-drained","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-yearn-v1-ydai-hack-feb-2021","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/yearn-finance-puts-expanded-treasury-to-use-by-repaying-victims-of-11m-hack","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/yearn-finance-iearn-vault-hacked","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://therecord.media/hackers-steal-130-million-from-cream-finance-the-companys-3rd-hack-this-year","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/84840/behind-defi-war-words-aave-yearn","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.dlnews.com/articles/defi/defi-partners-clash-over-32m-bad-debt-iron-bank-alpha-homora/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/216536/iron-bank-freezes-alpha-homora-lending-accounts-over-bad-debt-dispute","type":"other","url":""},{"credibility":3,"name":"https://www.benzinga.com/markets/cryptocurrency/23/03/31193198/iron-bank-calls-on-alpha-homora-to-take-responsibility-for-bad-debt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=yearn-treasury-swap","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/267483/yearn-finance-says-faulty-script-wiped-out-63-of-treasury","type":"other","url":""},{"credibility":3,"name":"https://unchainedcrypto.com/1-4-million-wiped-out-from-yearn-finance-treasury/","type":"other","url":""},{"credibility":3,"name":"https://github.com/yearn/yearn-security/blob/master/disclosures/2023-12-11.md","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.dlnews.com/articles/defi/yearn-finance-looted-for-9m-after-attacker-minted-trillions/","type":"other","url":""},{"credibility":3,"name":"https://research.checkpoint.com/2025/16-wei/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/381740/yearn-finance-9-million-yeth-exploit-confirms-partial-recovery-outlines-remediation","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-hit-by-fourth-exploit-as-attacker-drains-legacy-v1-vault/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/yearn-finance-tusd-vault-hacked/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptoslate.com/how-sec-scrutiny-pushed-defi-innovator-andre-cronje-to-quit-in-2022/","type":"other","url":""},{"credibility":3,"name":"https://blockonomi.com/andre-cronje-reveals-sec-investigation-behind-2022-defi-departure/","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/people/andre-cronje-yearn-finance-quits-defi-fantom","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2021/02/02/yearn-finance-votes-to-inflate-yfi-token-supply-by-20","type":"other","url":""},{"credibility":3,"name":"https://medium.com/coinmonks/new-yearn-governance-structure-9090329838ea","type":"other","url":""},{"credibility":3,"name":"https://docs.yearn.finance/contributing/governance/governance-and-operations","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.onesafe.io/blog/yearn-finance-exploit-security-breach-defi","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/yearn-finance-hit-by-fourth-exploit-as-attacker-drains-legacy-v1-vault/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-yearn-v1-ydai-hack-feb-2021","type":"other","url":""}]}],"sources_used":[],"summary":"Yearn Finance is a decentralized yield aggregator on Ethereum that routes user deposits into lending protocols to maximize returns. Founded by Andre Cronje in 2020, the protocol has suffered at least four documented security exploits between 2021 and 2025, with aggregate losses exceeding $20 million, and its founder departed in 2022 citing sustained pressure from an SEC investigation. Governance concerns, an interconnected web of affiliated DeFi protocols implicated in their own major hacks, and repeated failures to deprecate vulnerable legacy code compound the protocol's risk profile.","timeline":[{"date":"2020-07-17","event":"Andre Cronje launches Yearn Finance and distributes the YFI governance token via a fair launch with no pre-mine or founder allocation.","source":""},{"date":"2020-11-01","event":"Yearn enters strategic partnership with Cream Finance, forming broad DeFi ecosystem alliances; Iron Bank uncollateralized lending to whitelisted protocols introduced.","source":""},{"date":"2021-02-02","event":"Governance vote passes to mint 6,666 additional YFI tokens (approximately 20% supply inflation), sparking community debate about token dilution.","source":""},{"date":"2021-02-04","event":"Yearn v1 yDAI vault exploited via flash-loan-based Curve 3pool price manipulation; approximately $11 million in losses, with $2.8 million extracted by the attacker. Yearn responds within 11 minutes.","source":""},{"date":"2021-02-13","event":"A second exploit targets the legacy Yearn iearn vault within the same month, compounding concerns over undecommissioned legacy contracts.","source":""},{"date":"2021-02-27","event":"Alpha Homora exploited via Iron Bank; over $37 million drained; Alpha Homora agrees to repay Iron Bank via fee-sharing and ALPHA token collateral.","source":""},{"date":"2021-03-01","event":"Yearn uses YFI from treasury to open a MakerDAO vault and mint 9.7 million DAI, making yDAI vault depositors whole following the February exploit.","source":""},{"date":"2021-10-27","event":"Cream Finance suffers its third hack of the year; approximately $130 million stolen via flash loan exploit that technically involved Yearn's yUSD oracle, prompting a public dispute between Yearn, Cream, and Aave communities.","source":""},{"date":"2022-03-06","event":"Andre Cronje and Anton Nell announce their departure from DeFi and Yearn Finance; YFI falls approximately 13-14%. Cronje later attributes the decision to an SEC investigation begun in 2021.","source":""},{"date":"2023-03-01","event":"Iron Bank unilaterally modifies smart contracts to freeze Alpha Homora's lending accounts over approximately $32 million in unresolved bad debt, citing protection of depositors including Yearn Finance.","source":""},{"date":"2023-12-11","event":"A faulty multisig script causes Yearn's treasury to swap its entire lp-yCRVv2 balance rather than only earned fees, incurring a 63% slippage loss worth approximately $1.4 million.","source":""},{"date":"2025-11-30","event":"Yearn Finance yETH weighted stableswap pool exploited; attacker mints 235 septillion yETH tokens by depositing 16 wei, draining approximately $9 million. Stolen funds laundered through Tornado Cash within hours.","source":""},{"date":"2025-12-17","event":"Fourth exploit in weeks: Yearn v1 legacy TUSD vault drained via donation attack against a misconfigured Fulcrum sUSD strategy; approximately $300,000 lost.","source":""}]},"v":1}