LIVE · ON-CHAIN · Generated Wednesday · June 17, 2026 · 17:38 UTC Issue №2026168 · bluewingintel.com
BlueWing Intel
Fraud Watch · Daily · BTC · ETH · SOL · TRX · BNB · Free
Issue №2026168
Wednesday · June 17, 2026 · 17:38 UTC
Ed. #1 · First Edition
BTC
518
OFAC SDN addresses
ETH
101,939
phishing domains tracked
SOL
2,318
phishing domains tracked
TRX
48
OFAC SDN addresses
BNB
2
hack incidents · 30d

$16.76M flowed into Tornado Cash in the last 24 hours.

237 discrete deposits across four pool denominations, computed live from on-chain logs. Tornado's smart contracts were sanctioned in August 2022 — the contracts themselves are immutable and keep accepting ETH. This is what the chain actually shows, not an API estimate.

Editor's note — what this edition actually is
This is Fraud Watch №1. Every figure below is pulled live from public sources at generation time. No sample data, no padding. Sections without live signal are hidden, not filled. We lead with Tornado Cash deposit counts because the signal is timely, computable on free public RPC, and missing from every free competitor. Our proprietary labeled-wallet database seeds with every run.
Lead · Mixer Inflows · Tornado Cash · Last 24h

$16.76M in · 237 deposits · 9434.10 ETH

PoolDepositsETH inContract
0.1 ETH414.10 ETH0x12D66f87…
1 ETH6060.00 ETH0x47CE0C6e…
10 ETH47470.00 ETH0x910Cbd52…
100 ETH898900.00 ETH0xA160cdAB…
Computed via eth_getLogs against the four canonical Tornado Cash ETH pools. Contracts were designated by OFAC on 2022-08-08; they remain immutable and continue accepting deposits. Anyone who deposited in the last 24 hours has, by Treasury position, touched sanctioned infrastructure.
Our Focus · USDT-TRC20 on TRON · The Rail Nobody Covers
$188.1K
across 6 notable transfers in the latest Tronscan window — live from the chain, not an aggregator.

TRON USDT moved ~$62B at last issuance count and is the dominant stablecoin venue for pig-butchering, ransomware off-ramps, and sanctions evasion. Sell-side doesn't cover it. Chainalysis dashboards it but won't publish it. This is BlueWing's lane.

AmountTime (UTC)From → To
$25.0K2026-06-17 17:38TTxQNkBW…M8J8Me TFiroP4b…FzBwrrtrace →
$59.5K2026-06-17 17:38TVCMQk65…JasKNH TUmKKwP2…fGXxA8trace →
$58.1K2026-06-17 17:38TDBUvmAc…hmXV82 TA74puC4…d2KVXQtrace →
$17.0K2026-06-17 17:38TEvn1eGw…6BmP49 TCBCPBw1…gPw1DAtrace →
$15.0K2026-06-17 17:38TJ7hhYhV…L3JSdb TZ4sik6a…muirvxtrace →
$13.5K2026-06-17 17:38TDqSquXB…dkhSCf TBZV9bDj…ViNoJ3trace →

BTC Whale Moves · Last 24h

Transactions ≥5.0 BTC from mempool (unconfirmed) and the latest block (confirmed). Live from blockchain.info and mempool.space.

SizeTransactionState
33.15 BTC $2.18Me214d7ea…1cb2b6mempool
8.51 BTC $560.6Kecf84ccf…9d0077confirmed
6.07 BTC $400.2K8a070cb1…bbdfa3mempool

Live X Alerts · PeckShield / SlowMist / ZachXBT · Last 72h

  • @PeckShieldAlert 2026-06-17 15:35 ETH
    #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M $DAI.
    view post →
  • @CertiKAlert 2026-06-17 14:11 ETH
    #CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. etherscan.io/txs?a=0x64ab937…
    view post →
  • @PeckShieldAlert 2026-06-17 09:33
    #PeckShieldAlert @ThetanutsFi exploiter-labeled address has deposited 57 $ETH into Tornado Cash and 0.85 $ETH to @binance Deposit address 0x9AD8...701D
    view post →
  • @CertiKAlert 2026-06-16 06:40
    2/ The vulnerable contracts were deprecated three years ago in 2023 and do not affect the current Aztec network. Aztec Foundation (@aztecFND) The Aztec Foundation was made aware of a potential exploit targeting Aztec Connect which occurred earlier today, June 14, 2026. There are no links between this product and any
    view post →
  • @PeckShieldAlert 2026-06-15 15:16
    #PeckShieldAlert @ThetanutsFi has been exploited for $2.1M. It seems $2M in option tokens have been whitehatted. The exploiter has swapped $105K $USDC for ~60 $ETH and holds $34K USDC in option tokens
    view post →

Stablecoin Footprint · Multi-Chain · By Issuer

Circulating USD-pegged supply by issuer across the seven largest stablecoin chains. Source: DefiLlama, refreshed hourly. The corridor concentration tells you where the fraud rails actually run — USDT dominates Tron, USDC dominates Solana and Base, both fight on Ethereum.

Issuer · AssetETHSOLTRXBNBBaseARBMATICTotal
TetherUSDT$80.2B$2.5B$87.7B$9.2B$974M$893M$186.4B
CircleUSDC$48.1B$7.3B$28M$1.6B$4.2B$2.3B$1.9B$75.0B
MakerDAODAI$3.6B$510K$31M$19M$623M$4.4B
PaxosPYUSD (PayPal)$1.8B$677M$23$224M$10M$2.7B
PaxosUSDP$3M$10K$3M
SkyUSDS$92K$5K$0M
Chain total$133.8B$10.5B$87.7B$10.8B$4.2B$3.5B$3.4B$268.5B
Forensic reports · when a daily scan is not enough

Stop guessing. Start citing.

A risk verdict in thirty seconds, a filable report in three days, or the full intelligence package in ten. Same evidence discipline every BlueWing PDF has shipped since day one: SHA-256 manifests, confidence-graded findings, and a transaction hash behind every claim.

Free · Risk Check
Thirty seconds · Public
$0
Paste the address. Green, yellow, or red in under thirty seconds. OFAC and sanctions, drainer and scam-registry hits, exposure tags, one-line plain-English summary. Enough to know whether to walk away or pick up the phone. No credit card.
First 3 lookups · no email needed
Then 2 / day · 10 / week · email-verified
Cloudflare Turnstile bot protection
Check a wallet now →
Pro · On-Chain Report
On-chain analysis - 24 hr delivery
$2,500
For the deal that needs a paper trail. Full transaction-graph trace, sweep / consolidation / round-trip pattern detection, mixer entry flags, supply-concentration breakdown, drainer-ring identification across the single entity. Every load-bearing claim Admiralty-graded (A1 / B2 / C3). Watermarked PDF with SHA-256 evidence manifest, independently verifiable by your counterparty. Priced to close on a corporate card. No RFP. No committee.
Request a Pro report →
Founding price
Elite · Full Intelligence
On-chain + OSINT - 48 hrs delivery
13 / 50 founding reports delivered · 37 slots remain
$7,500
$12,500 at list after founding window
For serious matters where counsel is already involved. Everything in Pro, plus cross-chain operator-cluster tracing (up to three chains), sponsored-transaction rotation analysis on Solana, serial-issuer identification, and the OSINT layer that holds up under scrutiny: GitHub scam-site enumeration, IPFS metadata, WHOIS pivots, social and homoglyph cross-reference. Structured JSON export for the data room. Optional on-chain anchoring for chain-of-custody. Used by attorneys in live crypto-fraud matters.
Request an Elite report →
Source status this run: mixer flowsofacofac delta weekrektscamsniffercoingeckosecx alertsbtc whalestrx usdt flowstether frozenphishing domainschainabusedefillama hacksphantom sol