LIVE · ON-CHAIN · Generated Saturday · April 25, 2026 · 10:16 UTC Issue №2026115 · bluewingintel.com
BlueWing Intel
Fraud Watch · Daily · BTC · ETH · SOL · TRX · BNB · Free
Issue №2026115
Saturday · April 25, 2026 · 10:16 UTC
Ed. #1 · First Edition

$150.8K flowed into Tornado Cash in the last 24 hours.

38 discrete deposits across four pool denominations, computed live from on-chain logs. Tornado's smart contracts were sanctioned in August 2022 — the contracts themselves are immutable and keep accepting ETH. This is what the chain actually shows, not an API estimate.

Editor's note — what this edition actually is
This is Fraud Watch №1. Every figure below is pulled live from public sources at generation time. No sample data, no padding. Sections without live signal are hidden, not filled. We lead with Tornado Cash deposit counts because the signal is timely, computable on free public RPC, and missing from every free competitor. Our proprietary labeled-wallet database seeds with every run.
Lead · Mixer Inflows · Tornado Cash · Last 24h

$150.8K in · 38 deposits · 65.00 ETH

PoolDepositsETH inContract
0.1 ETH202.00 ETH0x12D66f87…
1 ETH1313.00 ETH0x47CE0C6e…
10 ETH550.00 ETH0x910Cbd52…
100 ETH00.00 ETH0xA160cdAB…
Computed via eth_getLogs against the four canonical Tornado Cash ETH pools. Contracts were designated by OFAC on 2022-08-08; they remain immutable and continue accepting deposits. Anyone who deposited in the last 24 hours has, by Treasury position, touched sanctioned infrastructure.
Our Focus · USDT-TRC20 on TRON · The Rail Nobody Covers
$191.6K
across 3 notable transfers in the latest Tronscan window — live from the chain, not an aggregator.

TRON USDT moved ~$62B at last issuance count and is the dominant stablecoin venue for pig-butchering, ransomware off-ramps, and sanctions evasion. Sell-side doesn't cover it. Chainalysis dashboards it but won't publish it. This is BlueWing's lane.

AmountTime (UTC)From → To
$30.0K2026-04-25 10:15TLfmKbss…SYdWzN TSabyiUn…1u9GEwtrace →
$74.5K2026-04-25 10:15TKZg7n2E…x5PTVw TZ9tF3p8…SVpno9trace →
$87.0K2026-04-25 10:15TQHvWUPL…8M1EqE TRKESyb1…DakDhCtrace →

BTC Whale Moves · Last 24h

Transactions ≥5.0 BTC from mempool (unconfirmed) and the latest block (confirmed). Live from blockchain.info and mempool.space.

SizeTransactionState
65.93 BTC $5.13Mc40d80f4…c8ecf0mempool
16.47 BTC $1.28M7df47fd2…6c6d29mempool
14.94 BTC $1.16Mb4aa6c0f…540a91mempool

OFAC Designation Changes · Last 7 Days

Protocol Exploits · Rekt Ledger · Last 30 Days

$290.0M
KelpDao
4/18/2026 A2 · Rekt

DPRK breached LayerZero's infrastructure, forged a bridge message, and walked $290 million out of KelpDAO in one transaction. Aave is holding hundreds of millions in bad debt. The dominoes are still falling. DeFi United is scrambling to catch them.

KelpDAOLayerZeroAave
post-mortem →

Live X Alerts · PeckShield / SlowMist / ZachXBT · Last 72h

  • @CertiKAlert 2026-04-24 11:42
    #CertiKInsight 🚨 So far, April has seen losses of over ~$633M, the highest losses since March 2022 (~$715M), excluding Feb 2025 (Bybit). Losses are largely concentrated on the KelpDAO and Drift Protocol hacks, with initial losses of~$576M.
    view post →
  • @zachxbt 2026-04-24 10:17 ETH
    If you enjoy similiar type of work from me consider participating in the @thedaofund x @Giveth 500 ETH matching round for Ethereum Security which is live until May 15. It's quadratic funding, so smaller contributions are worth considerably more. Currently a $10 donation is >$5K matched. Link to support me: qf.gi
    view post →
  • @PeckShieldAlert 2026-04-24 02:16 ETH
    #PeckShieldAlert The @KelpDAO exploiter has finished moving all funds from #Ethereum to #Bitcoin, primarily routed through @THORChain - totaling $1,979 BTC. Meanwhile, the @Balancer exploiter has broken 5 months of dormancy. They’ve begun laundering funds via #Thorchain, bridging $700K worth of $ETH into #BTC.
    view post →
  • @CertiKAlert 2026-04-24 00:52
    As threat actors expand beyond code exploits, physical coercion is becoming a critical risk vector in Web3. Great to see our Wrench Attacks Report featured in @nytimes. Read the full article 👇 nytimes.com/2026/04/21/busin…
    view post →
  • @PeckShieldAlert 2026-04-23 12:46 TRX
    #PeckShieldAlert 2 addresses holding $344M $USDT have just been blacklisted by @tether on the #TRON network TNiq9AXBp9EjUqhDhrwrfvAA8U3GUQZH81 TTiDLWE6fZK8okMJv6ijg42yrH6W2pjSr9
    view post →
  • @SlowMist_Team 2026-04-23 11:07 TRX
    🫶Hacking Time maintained a highly focused and engaging atmosphere throughout the event. Both stage talks and off-stage discussions reflected strong industry focus on “AI × Web3 Security” — making it one of the most technically in-depth security events during this year’s #HKWeb3Festival 🌍🔥 After the #HackingTime, “S
    view post →
  • @zachxbt 2026-04-22 11:18
    In late 2023, French streamer TeufeurS was extorted for a ransom after a family member was kidnapped in France. I can finally share that I helped lead efforts that resulted in an ~$800K freeze with the Binance Security team after a $2M ransom was paid. Six suspects tied to the incident were later arrested. Given the
    view post →
  • @PeckShieldAlert 2026-04-22 11:12 TRX
    #PeckShieldAlert The @KelpDAO exploiter bridged $ETH from #Ethereum to #Arbitrum via @AcrossProtocol, swapped for $USDT0, and subsequently routed funds to @trondao via @LayerZero_Core
    view post →
Forensic reports · when a daily scan is not enough

Stop guessing. Start citing.

A risk verdict in thirty seconds, a filable report in three days, or the full intelligence package in ten. Same evidence discipline every BlueWing PDF has shipped since day one: SHA-256 manifests, confidence-graded findings, and a transaction hash behind every claim.

Free · Risk Check
Thirty seconds · Public
$0
Paste the address. Green, yellow, or red in under thirty seconds. OFAC and sanctions, drainer and scam-registry hits, exposure tags, one-line plain-English summary. Enough to know whether to walk away or pick up the phone. No credit card.
First 3 lookups · no email needed
Then 2 / day · 10 / week · email-verified
Cloudflare Turnstile bot protection
Check a wallet now →
Pro · On-Chain Report
Three-hop graph · 3-day delivery
$2,500
For the deal that needs a paper trail. Full transaction history, a three-hop connected-wallet graph, mixer entry flags, supply-concentration analysis, drainer-ring identification, multi-chain on the single entity. Watermarked PDF with SHA-256 evidence manifest, independently verifiable by your counterparty. Priced to close on a corporate card. No RFP. No committee.
Request a Pro report →
Founding price
Elite · Full Intelligence
Five-hop · Multi-chain · OSINT · 10-day
$7,500
$12,500 at list after founding window
For serious matters where counsel is already involved. Everything in Pro, plus the OSINT layer that holds up under scrutiny: GitHub scam-site enumeration, IPFS metadata, WHOIS pivots, social and homoglyph cross-reference, up to three chains with a five-hop network graph. Structured JSON export for the data room. Optional on-chain anchoring for chain-of-custody. Used by attorneys in live crypto-fraud matters.
Request an Elite report →
Source status this run: mixer flowsofacofac delta weekrektscamsniffercoingeckosecx alertsbtc whalestrx usdt flowstether frozenphishing domainschainabusedefillama hacks