Independent blockchain security research. In-depth investigations into DeFi exploits, rug pulls, phishing campaigns, and on-chain fraud.
$285M drained in 12 minutes by DPRK state-sponsored UNC6862 using 6-month HUMINT operation and Solana durable nonce exploit. The largest DeFi hack of 2026.
Deep-dive investigation into CWU Token revealing coordinated Sybil attack patterns and wallet farming schemes on BSC.
Investigation of Echo Protocol flash loan exploit, tracing attacker wallets and fund movements across chains.
Analysis of the StablR stablecoin depegging exploit, including attack vector reconstruction and fund tracing.
Tracking a phishing campaign using Google Ads to target Uniswap users, with victim wallet analysis and fund tracing.
Investigation of a vulnerability in the Squid Router module affecting cross-chain bridge operations.
Analysis of the StakeDAO vsdCRV governance exploit, including attack reconstruction and loss assessment.
Comprehensive exposé of WUSD airdrop farming through coordinated Sybil networks spanning multiple chains.
Investigation of DxSale revealing rug pull patterns through fund diversion and liquidity manipulation on BSC.
Analysis of the TesseraDAO NFT fractionalization exploit, tracing stolen funds and identifying attack vectors.
Investigation of the Gravity Bridge cross-chain exploit, analyzing the attack on Cosmos IBC bridge infrastructure.
Investigation of the CATFI rug pull targeting Korean crypto investors, tracing stolen funds across exchanges.
Detailed tracking of Google Ads phishing campaigns targeting Uniswap and DeFi users with fake interfaces.
Analysis of THORChain protocol vulnerability leading to fund losses, with attack reconstruction and risk assessment.