Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
publish · BSC TMM/USDT
- Sequence
- #1
- Score
- →
- Cluster
- mainnet-beta
- Slot
- 422339815
- Off-chain at
- 2026-05-26T18:37:00.784Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- BPCdNCMNqiqLWU4E9nn2ChQsUhCRHcwedpTB297ow7wf
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (4397 chars)
{"actor":"system:backfill","investigation_id":"5f480e69-b133-4d57-928d-8600861f0cbc","kind":"publish","page_slug":"bsc-tmmusdt","published_at":"2026-05-26T18:37:00.703Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BSC TMM/USDT","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-tmm-hack-april-2026","type":"other","url":""},{"credibility":3,"name":"https://phemex.com/news/article/bsc-network-hit-by-tmmusdt-reserve-manipulation-attack-1665-million-lost-71016","type":"other","url":""},{"credibility":3,"name":"https://x.com/exvulsec/status/2040649377803546859","type":"other","url":""},{"credibility":3,"name":"https://hacked.slowmist.io/?c=BSC&page=1","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-tmm-hack-april-2026","type":"other","url":""},{"credibility":3,"name":"https://bscscan.com/token/0x1d6f03b0b20b2ec05b37bf60f56af442ced66666","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/exvulsec/status/2040649377803546859","type":"other","url":""},{"credibility":3,"name":"https://bscscan.com/token/0x1d6f03b0b20b2ec05b37bf60f56af442ced66666","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-tmm-hack-april-2026","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/tmm-token","type":"other","url":""},{"credibility":3,"name":"https://bscscan.com/token/0x1d6f03b0b20b2ec05b37bf60f56af442ced66666","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-tmm-hack-april-2026","type":"other","url":""},{"credibility":3,"name":"https://bscscan.com/token/0x1d6f03b0b20b2ec05b37bf60f56af442ced66666","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/month-in-review-top-defi-hacks-of-april-2026","type":"other","url":""},{"credibility":3,"name":"https://hacked.slowmist.io/?c=BSC&page=1","type":"other","url":""},{"credibility":3,"name":"https://bscscan.com/token/0x1d6f03b0b20b2ec05b37bf60f56af442ced66666","type":"other","url":""},{"credibility":3,"name":"https://phemex.com/news/article/bsc-network-hit-by-tmmusdt-reserve-manipulation-attack-1665-million-lost-71016","type":"other","url":""}]}],"sources_used":[],"summary":"BSC TMM/USDT is a Binance Smart Chain token pair that was exploited on April 4, 2026, via a flash loan-based reserve manipulation attack, resulting in an estimated loss of $1.665 million USDT. The attacker burned TMM tokens to a dead address to artificially skew pool reserves, then extracted USDT through a Constant Product Market Maker (CPMM) pricing imbalance. The TMM token contract lacked reserve synchronization on burn operations and had no verified third-party security audit on file.","timeline":[{"date":"2021-02-01","event":"TMM Group token reportedly launched on BSC, targeting DeFi and multi-utility use cases in Asian and African markets.","source":""},{"date":"2026-04-04","event":"Reserve manipulation attack executed against BSC TMM/USDT pool. Attacker burns TMM to dead address, reducing pool reserves to 1 TMM, then swaps 850 million TMM for ~272 million USDT via flash loans from five DeFi protocols. Net profit of $1,665,255 USDT extracted.","source":""},{"date":"2026-04-05","event":"ExVul security account posts alert on X identifying attacker contract (0x1c5e8d3501bbcae900e14d8720774d9ff6ec7203), target token address, and profit recipient wallet. Phemex publishes news article on the attack.","source":""},{"date":"2026-04-05","event":"SlowMist logs the TMM BSC exploit in its hacked database with a $1,665,000 loss figure.","source":""},{"date":"2026-04-01","event":"Halborn publishes detailed post-mortem: 'Explained: The TMM Hack (April 2026)', confirming root cause as missing reserve sync on burn operations.","source":""},{"date":"2026-04-30","event":"Halborn includes TMM in its 'Month in Review: Top DeFi Hacks of April 2026' roundup, listing it among the month's significant losses.","source":""}]},"v":1}