Partner Booklet — May 2026

CryptaVeritas

Cryptographic verification protocol for trading signals. Every signal is hash-committed before reveal — verify it yourself, no trust required.

Token $VERAX (Solana)

License GPL v3.0

Phase 1 Complete

Tests 14/14

Telegram t.me/cryptaveritas

01 — Problem and solution

The signal market runs on trust.
We replace trust with math.

Problem

Fabricated track records

Signal sources delete losing forecasts, change entry points retroactively, and publish different signals to different groups. Users have no tool for independent verification.

Solution

Commit-Reveal protocol

Before publishing a signal, its SHA-256 hash with salt is recorded. After reveal, anyone can recompute the hash and confirm it was not altered. Mathematical proof, not reputational.

"Every signal. Cryptographically proven."

B2B slogan

02 — How it works

Three steps. Zero trust.

Commit

Signal source publishes SHA-256 hash with domain prefix and random salt. Signal content is unknown.

cryptasignals:v1|signal|{data}|{salt}

Reveal

Worker decrypts AES-256-GCM, verifies hash, publishes signal with status to channel.

VERIFIED / INVALID_HASH / NO_SECRET

Verify

Anyone recomputes the hash independently in browser or via CLI. No server trust required.

cryptaveritas.github.io/cryptaveritas-verify

03 — Technical stack

Production-ready. Node.js 20 LTS.

Component	Technology
Runtime	Node.js 20 LTS
Language	TypeScript 5
Database	SQLite WAL (better-sqlite3)
Cryptography	AES-256-GCM + SHA-256 (Node.js crypto)
Validation	Zod .strict() + .refine() (SignalSchema)
Bot	grammY (Telegram) — primary + backup
Testing	Jest + ts-jest — 14/14 passing
Token	Solana SPL — $VERAX
Multisig	Squads v4 (treasury + OTC vault)

04 — Security

10 attack vectors. 10 closed.

Replay attacks

Domain prefix cryptasignals:v1|signal|

Timing attacks

crypto.timingSafeEqual

IV reuse in AES

Random IV per encryption

Prompt Injection

Zod .strict() + Depth Guard (20 levels)

Time-Jacking (NTP)

process.hrtime.bigint() monitoring

SQLITE_BUSY

busy_timeout = 5000ms

WAL data loss

wal_checkpoint(TRUNCATE) on shutdown

Key memory leak

clearMasterKey() — key zeroed on shutdown

Overlapping worker

isProcessing flag in setInterval

DoS via nesting

LIMIT 100 in getPendingCommits

05 — Tests

14 tests. 3 suites. All green.

Test Suites: 3 passed | Tests: 14 passed | Node.js 20 LTS

crypto.test.ts — 4 tests

toStrictString is deterministic

domainHash is stable and unique

verifyCommitment correct (true/false)

createCommitment generates compatible data

revealWorker.test.ts — 5 tests

Skip before deadline

FORCED REVEAL — TARGET_HIT on valid commit

NO_SECRET when encrypted_secret missing

INVALID_HASH on hash mismatch

DECRYPT_FAILED on invalid secret

database.test.ts — 5 tests

saveCommitment + getPendingCommits

getCommitmentByHash

markAsRevealed + idempotency

updateLastForceAttempt

LIMIT 100 under high load

06 — Roadmap

From MVP to protocol.

01May 2026

Complete

CryptaSignals MVP

Commit-Reveal core, AES-256-GCM, SQLite WAL, Telegram bot (primary + backup), HTTP API, public verifier, 14/14 tests, GitHub Pages.

02Weeks 3-8

Growth and monetization

Token-gated access via $VERAX, B2B Pro/Enterprise with commercial license, Drip Reveal, multi-oracle (Birdeye + Pyth), OTC pre-launch via Squads v4.

03Months 3-6

Planned

Infrastructure migration

Onchain pre-commit hashes on Solana, agent reputation ERC-8004 on Base, staking contract, verified signal source marketplace, Soulbound NFTs, KMS/HSM.

04Months 6-12+

Planned

Full CryptaVeritas protocol

ZK proofs (Noir + zkVerify), decentralized validators with slashing, onchain credit scoring for AI agents, DeFAI partnerships.

07 — Monetization

Token as access. Not as investment.

B2C

Private signals

Hold 1,000 $VERAX

Offchain RPC check, hourly. No fiat, no contracts, no KYC.

B2B Lite

Basic API

Hold 10,000 $VERAX

Verification API access. Phase 3 — staking contract on Solana.

B2B Pro

Extended API

Hold 50,000 $VERAX

Extended API, priority support. Phase 4 — ZK verification.

Enterprise

White label

Official contract

$VERAX, USDC, USDT or fiat via Coinbase Commerce. SLA, dedicated support.

08 — Legal triggers

Trigger model. No upfront costs.

Now — pre-launch

No legal entity, no payments, no commercial agreements. B2C and B2B access via $VERAX holdings only.

First corporate client requesting official contract

Immediate legal entity registration. Corporate = company, fund, or DAO requiring invoice and formal agreement.

First incoming Enterprise payment

Treasury multisig (2/3) accepts $VERAX, USDC, USDT. Fiat via Coinbase Commerce if needed. Bank account on client request only.

First Enterprise contract signed

Legal opinion on $VERAX (MiCA compliance). Decision on $CIPCRY integration.

09 — Tokenomics

100,000,000 VERAX. Solana.

Team

6-month cliff, 36 months linear

15%

Treasury

Multisig 2 of 3 (Squads v4)

25%

Community and airdrops

20% immediately, 80% over 12 months

10%

Marketing and partnerships

25% immediately, 75% over 12 months

10%

Initial liquidity

LP burned (Raydium + Orca)

40%

10 — Competitive landscape

No direct competitors. Niche is open.

Project	Approach	Limitation
Alpha Impact	Post-fact verification via onchain trades	No pre-commit
Knidos	ZK verification of closed fund results	Not for public signals
CryptoNinjas	Self-reporting with public P&L	No cryptography

DeFAI market

$10B

Crypto.com Research, 2025

Use AI

37%

Of market participants

Unverified signals

58%

Rely on social media

11 — Contact

Open verifier. Closed core.

Public — GPL v3.0

cryptaveritas-verify

Hash verifier: index.html (browser) + cli-verify.js (Node.js). Open source.

GitHub Pages — Live

cryptaveritas.github.io/cryptaveritas-verify

Live verifier. Tested with real hashes.

Public roadmap

github.com/cryptaveritas/roadmap

All phases, progress, and upcoming features.

Private core

cryptasignals-phase1

Full protocol core. TypeScript, SQLite, AES-256-GCM.

Telegram channel

CryptaVeritas | Proof of Signal

Link

t.me/cryptaveritas

Enterprise inquiries

Via Telegram channel

11 — NexusVeritas

Behavioral operator
intelligence for Solana.

Most tools ask: is this token safe? NexusVeritas asks: who is behind this token, and what is their history? Operator class and token risk are independent dimensions.

Core insight

operator_class ≠ token_risk

A casual creator can produce a critical-risk token. An industrial deployer can produce a safe one. Traditional scanners miss this entirely — they analyze the wrong object.

Live status

565 operators classified

8 archetypes. pgvector similarity search. Live API: GET /api/v2/scan/solana/:mint. Returns score, reasons, operator_class, isHardRefuse.

Archetype	Count	Pattern
INDUSTRIAL_DEPLOYER	315	500+ tokens, invisible funding, automated
PROFESSIONAL_CREATOR	127	20-500 tokens, sustained activity
EXCHANGE_FUNDED_DEPLOYER	31	Industrial + verified exchange funding
ROTATION_OPERATOR	30	Burst deployment, 0 days active
INFRASTRUCTURE_HUB	24	High SOL inflow, distribution node
CASUAL_CREATOR	20	<20 tokens, organic activity
WALLET_FACTORY	15	Single-use wallets, 0.002 SOL init
WALLET_FACTORY_HUB	3	Factory hub with recycling patterns

VERAX Tier	Requirement	Access
NX Basic	5,000 VERAX	Operator scan API — score, archetype, reasons
NX Pro	25,000 VERAX	Full API — similarity search, batch, history
Enterprise	Contract	White label, SLA, VERAX/USDC/fiat

"The contract is clean. The operator is not."

NexusVeritas — github.com/cryptaveritas/nexusveritas-api