Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
publish · 402bridge
- Sequence
- #1
- Score
- →
- Cluster
- mainnet-beta
- Slot
- 422981707
- Off-chain at
- 2026-05-29T17:14:48.780Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- 524scmXY5ztVYpKgYjkmMGtMf5trVHnC4mUzFzUDymiH
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (6714 chars)
{"actor":"system:backfill","investigation_id":"5c8e3d41-3849-4e8a-9e6b-ea72d0befc93","kind":"publish","page_slug":"402bridge","published_at":"2026-05-29T17:14:48.675Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"402bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://superex.medium.com/the-explosion-of-the-x402-protocol-and-the-402bridge-security-incident-an-in-depth-analysis-of-12c909bed5f1","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/402bridge-hack-leads-to-over-200-users-drained-of-usdc/","type":"other","url":""},{"credibility":3,"name":"https://protos.com/402bridge-private-key-leaks-227-wallets-drained-in-minutes/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/402bridge-private-key-leaks-227-wallets-drained-in-minutes/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/402bridge-hack-leads-to-over-200-users-drained-of-usdc/","type":"other","url":""},{"credibility":3,"name":"https://coinstats.app/news/d964dfbe80e937c47aba3ad4414ba4d7cf122e11433fc343e0748f466697e8aa_Over-200-users-lose-USDC-in-x402bridge-hack-as-GoPlus-flags-privatekey-breach/","type":"other","url":""},{"credibility":3,"name":"https://www.kucoin.com/news/flash/402bridge-hack-drains-over-200-users-of-17-693-in-usdc","type":"other","url":""},{"credibility":3,"name":"https://getfailsafe.com/402bridge-exploit-security-alert/","type":"other","url":""},{"credibility":3,"name":"https://x.com/402bridge/status/1983042581190853022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.panewslab.com/en/articles/17ffaa3c-2beb-4cd3-b95c-33e26af7567c","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605034172","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605034218","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605057036","type":"other","url":""},{"credibility":3,"name":"https://superex.medium.com/the-explosion-of-the-x402-protocol-and-the-402bridge-security-incident-an-in-depth-analysis-of-12c909bed5f1","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2025/11/17/goplus-security-highlights-key-risks-in-x402-crypto-projects/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/402bridge-private-key-leaks-227-wallets-drained-in-minutes/","type":"other","url":""},{"credibility":3,"name":"https://www.panewslab.com/en/articles/17ffaa3c-2beb-4cd3-b95c-33e26af7567c","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560605034172","type":"other","url":""},{"credibility":3,"name":"https://getfailsafe.com/402bridge-exploit-security-alert/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptotimes.io/2025/11/17/goplus-security-highlights-key-risks-in-x402-crypto-projects/","type":"other","url":""},{"credibility":3,"name":"https://coinpedia.org/news/goplus-issues-urgent-warning-on-x402-tokens-as-exploits-hit-hundreds-of-users/","type":"other","url":""},{"credibility":3,"name":"https://coinfomania.com/x402%E2%80%90ecosystem%E2%80%90goplus%E2%80%90risk/","type":"other","url":""},{"credibility":3,"name":"https://superex.medium.com/the-explosion-of-the-x402-protocol-and-the-402bridge-security-incident-an-in-depth-analysis-of-12c909bed5f1","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/402bridge/status/1983042581190853022","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/amp/news/detail/12560605034383","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/402bridge-hack-leads-to-over-200-users-drained-of-usdc/","type":"other","url":""},{"credibility":3,"name":"https://forklog.com/en/402bridge-loses-over-17000-usdc/amp/","type":"other","url":""}]}],"sources_used":[],"summary":"402bridge (also written x402bridge) was a short-lived cross-chain bridge protocol built on the x402 HTTP payment standard, operating at 402bridge.fun. On October 28, 2025, approximately 13 hours after deployment, an attacker exploited a leaked admin private key to drain $17,693 in USDC from 227 user wallets in under 30 minutes; the protocol ceased operations immediately afterward and no user compensation has been announced. Security firm SlowMist noted that while the incident appeared consistent with a private key leak, the possibility of insider involvement could not be ruled out.","timeline":[{"date":"2025-10-26","event":"402bridge.fun domain registered, approximately two days before the protocol ceased service.","source":""},{"date":"2025-10-28","event":"402bridge protocol deployed on-chain; users began granting USDC allowances to contract 0xed1AFc4DCfb39b9ab9d67f3f7f7d02803cEA9FC5 in preparation for minting.","source":""},{"date":"2025-10-28","event":"Approximately 13 hours after deployment, admin private key compromised. Contract ownership transferred to attacker address 0x2b8F95560b5f1d1a439dd4d150b28FAE2B6B361F.","source":""},{"date":"2025-10-28","event":"Attacker calls transferUserToken function, draining 17,693 USDC from 227 user wallets within 28 minutes. Stolen USDC converted to ETH and bridged to Arbitrum.","source":""},{"date":"2025-10-28","event":"GoPlus Security Chinese community issues first public alert about abnormal asset transfers from x402bridge.","source":""},{"date":"2025-10-28","event":"PeckShield issues advisory urging users to revoke USDC allowances to the compromised contract.","source":""},{"date":"2025-10-28","event":"402bridge team publishes statement on X confirming private key leak, reporting to law enforcement, and acknowledging team wallets were also compromised.","source":""},{"date":"2025-10-28","event":"SlowMist's Yu Xian (Cosine) states the attack was caused by private key leakage and notes insider involvement cannot be ruled out; characterizes this as the first publicly known theft linked to x402 protocol services.","source":""},{"date":"2025-10-28","event":"402bridge.fun website taken offline. Protocol ceases operations.","source":""},{"date":"2025-11-17","event":"GoPlus Security publishes audit findings covering 30+ x402 ecosystem projects, finding the majority had at least one high-risk vulnerability; references 402bridge as the catalyst for the broader ecosystem security review.","source":""}]},"v":1}