Blockchain intelligence. Fund flow analysis. OSINT. The investigations that start where most reports stop.
A practical methodology for post-mixer tracing. Real tools, real SQL queries, and the behavioral patterns most investigators miss — developed across live exploit investigations.
Closing the books on Cyrus Finance. The remaining 210 BNB followed the same laundering architecture — but 1.67 BNB peeled off through a different bridge entirely, on a route the attacker had been quietly preparing since January. That detour leads somewhere Part 1 never went: Solana.
On March 22, 2026, someone drained $516,840 from Cyrus Finance. CertiK's post-mortem ended with "funds went to Tornado Cash." This investigation picks up where theirs left off — tracing 600 BNB through the mixer, across bridges, and into Hyperliquid spot positions in a token called XMR1.
On-chain investigator with a focus on the part of the trail that everyone else writes off as "the funds went to a mixer, the end." I trace DeFi exploits, document manipulation patterns, and follow money across chains — Tornado Cash exits, bridge aggregators, DEX routing, and L1s that most compliance tools don't index.
Background in OSINT and blockchain forensics. Available for investigations, collaborations, and tip-offs on incidents worth following.