This entire claim rests on
ONE thing: that DERO minted ~2.2M coins in October 2022. Every downstream number — the "$8.34M," the laundering totals, the attribution to Captain — derives from that single claim. If it falls, they all fall with it. It falls. Everything below is verifiable by you, from source and from your own node.
1. The "proof" is a forgeable display object, not chain data.The deroproof1qyyj0cgu3htmkumr79sgca75vwsx8kx7zkrjg0nfez46w36qyx4kwq9zvfyyskpqvdpcf
hkhk4m7y9d77ehyj7yhnnrv9z0tjr9m5fqe2yx9t27dwtdxy4j4r0llll7vcmaxwjcl8jzfq string is a PAYLOAD PROOF — a wallet-side display helper DERO's own code describes as a tool "to detect and decode output amount." It is not a consensus record. Its check (proof/proof.go) is simply: does amount*G + P equal the public commitment C[slot]? Since C[slot] is public (it's in the transaction), anyone can pick ANY amount, set P = C[slot] - amount*G, and produce a string that "verifies" for any number — with no private key. This has been demonstrated publicly (a proof showing 184 trillion DERO was forged from public data alone). To be clear, that string does decode to exactly the −2,200,000 they claim — that is not a flaw in the proof, it is the whole point. A forgeable object that decodes to a chosen number is evidence of nothing; the same math hands you one for any amount you like. The "-220000000181 / large positive uint64" they cite is a uint64->int64 wraparound in the explorer's DISPLAY code, not a real transfer. "Verified" in an explorer means the display math is self-consistent — it does NOT mean the chain accepted that amount.
2. The mechanism they describe is cryptographically impossible at consensus.Their claim is a "negative transfer." Every DERO transaction carries a Bulletproof range proof binding both the amount sent AND the sender's remaining balance to a non-negative 64-bit range. A negative/wraparound amount cannot produce a verifying range proof, so consensus never accepted one — and every node re-verifies this independently. Their own challenge — "verify the tx with today's verifier" — confirms it: the tx verifies, which means its range proof passed, which means the amount was non-negative. That is the exact check that disproves them.
3. The decisive test — supply — refutes it directly.Inflation means the coin supply increased, and in DERO that cannot hide, because conservation is built into consensus rather than audited after the fact. Coins enter through exactly two paths: the premine (once, at genesis) and the block reward (computed by every node from block height, so a miner cannot inflate it) — and there is no other mint path. Every transaction is bound by balance proofs (inputs = outputs) and range proofs (amounts non-negative), so cumulative supply at any height is exactly premine + scheduled block rewards, by construction. A 2.2M mint would therefore require the exploit block itself to emit millions. It didn't: block 1,081,893 recorded the normal 0.615 DERO reward, identical to every block around it. The report never shows a supply jump on-chain, because there isn't one.
4. "Freshly created, empty wallet" proves nothing.In DERO, a ring member's encrypted balance changes whenever it's included in a transaction — including decoys who sent nothing. A dormant, "empty" address is in fact the ideal decoy; the ring-member selector specifically prefers addresses with unchanged balances. So "the wallet was freshly registered and empty" is not evidence it was the sender; appearing in a ring is not the same as sending. Ring signatures exist precisely to make that ambiguous — that's the feature, not a bug.
5. The one real bug was a PRIVACY bug — and it was fixed.The deanonymization these reports rely on is real, and it came from a genuine flaw: a wallet-layer randomness-reuse vulnerability disclosed in May 2024 and fixed in Release 142 (which replaced the deterministic payload key with a per-payload ephemeral key). Two things follow. First, it was a READING bug — it let outside observers decrypt payloads; it never let anyone WRITE value into the chain, and reading is not minting. Second, applied honestly it refutes the claim: deanonymizing recovers the value actually committed in the transaction, and the range proof (point 2) already guarantees that value was non-negative and that the sender held it, so a faithful read of this transaction returns an ordinary transfer of coins that already existed, not a mint. The "2.2M" is not a deanonymization output at all — it's the forgeable proof string. Their own technique, used faithfully, describes a normal transfer.
6. The laundering is downstream — and it's the same forgeable decode."781 transactions, 242 exchange accounts" is fund MOVEMENT, not creation — and moving pre-existing coins is not minting. DERO hides receivers and amounts by protocol, so "Receiver = Kucoin, Amount = 10,000" is a decode assertion, not something the chain states. It's the payload-proof problem repeated hundreds of times. None of it shows supply increasing — the only thing that would matter. With no minted 2.2M, there is nothing to launder.
7. "Don't trust, verify" — so verify.Everything offered as evidence is "trust me": a forgeable proof string, an alleged confession, a claim about "2023 binaries." The two things you can actually verify both refute the claim: the range proof on that tx passes, so the amount was non-negative and no negative-transfer mint occurred; and the exploit block emitted 0.615 DERO of normal scheduled emission, so no millions were minted. Reproduce it yourself with a synced node or the public daemon (mcp.derod.org): query block 1,081,893's reward and you get 0.615 DERO; forge your own "proof" for any amount and you'll see that "Verified" is meaningless. The one genuine display-layer issue — unpatched explorers rendering these forged proofs as "Verified" — is itself being fixed: patched explorers (DEROFDN community-dev, PR #14) reject them. Full point-by-point technical rebuttal, with runnable commands:
https://derod.org/integrity/inflation-claim8. The actual story — and where DERO stands.Strip away the false minting claim and here is what actually happened: an external researcher found a real wallet-privacy bug — randomness reuse enabling deanonymization — and disclosed it publicly in May 2024. DERO fixed it in Release 142 with a per-payload ephemeral key. And note precisely what that disclosure was about: PRIVACY, the ability to READ transactions. The researcher's own writeup says nothing about inflation, minting, or coin creation. Derolytics took that privacy tool, pointed it at a 2022 transaction, and manufactured a minting story the original discovery never made. Meanwhile DERO's consensus foundations — homomorphic-encrypted balances, Bulletproof range proofs, no chain splits, no orphan blocks — were never in question, and the privacy hole is now closed. The inflation claim does not survive contact with the chain.
Bottom line: the burden of proof is on the party claiming inflation, and that claim is settled by one number — total supply. It did not increase. A wallet moving coins is not proof of minting; a supply surplus would be, and there isn't one. Show the block where supply went up, or the "smoking gun" is a screenshot of a forgeable display string.