Work

Independent on-chain investigation of a live drainer attack reported by @0xUnihax0r on May 11, 2026. Using custom Python tools I built — wallet_investigator.py and multi_hop_tracer.py — I traced fund flows from the drain wallet through an operator hub, across a deBridge cross-chain bridge to Base, into a contract routing fees to an address Arkham labels as the Sigma.win Deployer ($39.75M in historical flows), with a downstream trail ending at Kraken Hot Wallet 2.

End-to-end on-chain attribution of an $18.2M social engineering theft from a Kraken user. Traced ETH fund flows across multiple staging wallets, reconstructed a THORChain ETH→BTC cross-chain swap, documented a failed Chainflip exit attempt, and performed dual-chain cash-out attribution to HitBTC — including an assessment of HitBTC's regulatory posture across two jurisdictions (BVI FSC and SVG FSA). Published publicly with full transaction evidence.