Published OSINT investigations, blockchain forensics, and actionable threat intelligence. We document active cybercrime operations, trace stolen funds on-chain, and provide verified intelligence to law enforcement and the security community.
A $2.56M cryptocurrency wallet drainer disguised as a Proof-of-Stake mining platform. 146 confirmed victims across 313 drain transactions. Infrastructure traced through Tencent Cloud and bulletproof hosting in Seychelles, with connections to the Vigorish Viper gambling syndicate and the US Treasury-sanctioned Huione Group.
Longitudinal analysis of mining-themed crypto drainer kits across four major generations of tooling, infrastructure reuse, and shared actor attribution.
→Infrastructure mapping and actor attribution for a 50+ domain unlicensed gambling operation targeting Chinese-speaking users, with shared hosting and payment rails overlapping the pos-coin network.
→Technical analysis of the FUNNULL bulletproof CDN network operated by Cloud Innovation Ltd, including abuse-resistant hosting architecture, customer operation types, and takedown resistance.
→Automated bot networks targeting confirmed crypto victims with fraudulent "fund recovery" services. Infrastructure overlaps with primary drainer operations as a revenue maximization layer.
→Large-scale SEO manipulation campaign exploiting expired and compromised Chinese business domain authority to funnel search traffic to fraud and gambling operations.
→Credential harvesting campaign impersonating Canadian federal and West Virginia state government portals. 19 phishing domains on Tencent Cloud infrastructure shared with the pos-coin drainer network. Includes CISA and CCCS reporting guidance.
→All findings are derived from publicly accessible sources — blockchain data, WHOIS records, certificate transparency logs, archived web content, and passive DNS. No unauthorized access.
On-chain transaction tracing from drain events through mixing layers to exchange deposits. We document wallet clusters, flow paths, and links to known sanctioned entities.
Where wallets can be identified, we attempt direct on-chain notification of affected users. Intelligence is also shared with law enforcement and relevant exchange compliance teams.
