LIVE · ON-CHAIN · Generated Monday · April 20, 2026 · 05:06 UTC Issue №2026110 · bluewingintel.com
BlueWing Intel
Fraud Watch · Daily · BTC · ETH · SOL · TRX · BNB · Free
Issue №2026110
Monday · April 20, 2026 · 05:06 UTC
Ed. #1 · First Edition

$838.3K flowed into Tornado Cash in the last 24 hours.

77 discrete deposits across four pool denominations, computed live from on-chain logs. Tornado's smart contracts were sanctioned in August 2022 — the contracts themselves are immutable and keep accepting ETH. This is what the chain actually shows, not an API estimate.

Editor's note — what this edition actually is
This is Fraud Watch №1. Every figure below is pulled live from public sources at generation time. No sample data, no padding. Sections without live signal are hidden, not filled. We lead with Tornado Cash deposit counts because the signal is timely, computable on free public RPC, and missing from every free competitor. Our proprietary labeled-wallet database seeds with every run.
Lead · Mixer Inflows · Tornado Cash · Last 24h

$838.3K in · 77 deposits · 367.70 ETH

PoolDepositsETH inContract
0.1 ETH272.70 ETH0x12D66f87…
1 ETH2525.00 ETH0x47CE0C6e…
10 ETH24240.00 ETH0x910Cbd52…
100 ETH1100.00 ETH0xA160cdAB…
Computed via eth_getLogs against the four canonical Tornado Cash ETH pools. Contracts were designated by OFAC on 2022-08-08; they remain immutable and continue accepting deposits. Anyone who deposited in the last 24 hours has, by Treasury position, touched sanctioned infrastructure.
Our Focus · USDT-TRC20 on TRON · The Rail Nobody Covers
$326.1K
across 5 notable transfers in the latest Tronscan window — live from the chain, not an aggregator.

TRON USDT moved ~$62B at last issuance count and is the dominant stablecoin venue for pig-butchering, ransomware off-ramps, and sanctions evasion. Sell-side doesn't cover it. Chainalysis dashboards it but won't publish it. This is BlueWing's lane.

AmountTime (UTC)From → To
$13.8K2026-04-20 05:06TCKsNYHb…8fFHZo TVWm6WwB…Ny97evtrace →
$52.3K2026-04-20 05:06TUhF5aKK…4Vu85X TRjh622v…5miMuytrace →
$30.0K2026-04-20 05:06TBEk9G6v…HvcYSy TTP3zurW…G8UMootrace →
$10.0K2026-04-20 05:06TU3VDp2T…sn9BtA TXS581pj…MVV9uRtrace →
$220.0K2026-04-20 05:06TACmYDHq…KchDUd TSF69KAJ…fAX2ymtrace →

BTC Whale Moves · Last 24h

Transactions ≥5.0 BTC from mempool (unconfirmed) and the latest block (confirmed). Live from blockchain.info and mempool.space.

SizeTransactionState
137.43 BTC $10.24M4e4cd53a…1cb9fcmempool
85.90 BTC $6.40M88b022b1…17d7f5mempool
63.18 BTC $4.71M3d508414…1cac33mempool
21.09 BTC $1.57Md747cc0f…058f6emempool
14.65 BTC $1.09Mf2f635bd…cb86f4mempool

Live X Alerts · PeckShield / SlowMist / ZachXBT · Last 72h

  • @zachxbt 2026-04-20 03:29
    Officially recognized on @ZachXBT ! We’re just getting started. Please provide a single data point to support your $6B mkt cap at a top 20 token and why insiders hold >90% of supply.
    view post →
  • @zachxbt 2026-04-19 23:43
    Update: Three hours ago multisig 0x53d7 linked to the RAVE initial distribution which I flagged above sent ~23M RAVE ($23M) to two Bitget deposit addresses and the price dropped 40% from $1 to $0.6. Deposit addresses 0x26aC542f5a04D574580881723224DAcD1EDB9B45 0x64D6E91D0bd9cB7be44E1e627264539493f73c2b
    view post →
  • @zachxbt 2026-04-19 11:03
    A summary of the RAVE -95% price fluctuation from $26 to $1 over the past 24 hours. RAVE Timeline: April 18, 2026 7:26 am UTC: I posted a call to action for Binance, Bitget, & Gate to investigate RAVE market manipulation and offered a $10K bounty. 10:56 am UTC: I posted an update increasing the bounty to $25K. 11:1
    view post →
  • @SlowMist_Team 2026-04-19 03:58
    Regarding the $280M @KelpDAO exploit — the suspected root cause is its use of a 1/1 DVN configuration on @LayerZero_Core , meaning a single compromised validator is all it takes. All of this is still speculation. Waiting on an official post-mortem. Kelp (@KelpDAO) Earlier today we identified suspicious cross-chain
    view post →
  • @PeckShieldAlert 2026-04-19 02:49 ARB
    #PeckShieldAlert The @KelpDAO exploiter is the #8 largest variableDebtEthWETH holder on #Aave (#Ethereum) with 52,443.94 units ($123M), and the #4 largest variableDebtarbWETH holder on #Arbitrum with 12,381.93 units ($22M) Total Holding: 106,466.7 $ETH (~$250M)
    view post →
  • @PeckShieldAlert 2026-04-18 20:29
    Today's @KelpDAO exploiter deposited the stolen $rsETH into various lending protocols (AaveV3, CompoundV3, Euler) and and borrowed massive $WETHs w/ >$236m debt. PeckShield Inc. (@peckshield) Hi @KelpDAO , you may want to take a look at: etherscan.io/tx/0x1ae232da21… — https://nitter.net/peckshield/sta
    view post →
  • @CertiKAlert 2026-04-18 19:45
    #CertiKInsight 🚨 We have seen an incident affecting @KelpDAO At least ~$290M was transferred etherscan.io/tx/0x1ae232da21… Funds can be traced to these 2 addresses: ~$250M at 0x5d3919F12bCc35c26Eee5F8226A9bee90c257Ccc ~$2.5M at 0xCBb24A6B4DAfaAA1a759A2F413eA0eB6AE1455CC
    view post →
Forensic reports · when a daily scan is not enough

Stop guessing. Start citing.

A risk verdict in thirty seconds, a filable report in three days, or the full intelligence package in ten. Same evidence discipline every BlueWing PDF has shipped since day one: SHA-256 manifests, confidence-graded findings, and a transaction hash behind every claim.

Free · Risk Check
Thirty seconds · Public
$0
Paste the address. Green, yellow, or red in under thirty seconds. OFAC and sanctions, drainer and scam-registry hits, exposure tags, one-line plain-English summary. Enough to know whether to walk away or pick up the phone. No credit card.
First 3 lookups · no email needed
Then 2 / day · 10 / week · email-verified
Cloudflare Turnstile bot protection
Check a wallet now →
Pro · On-Chain Report
Three-hop graph · 3-day delivery
$2,500
For the deal that needs a paper trail. Full transaction history, a three-hop connected-wallet graph, mixer entry flags, supply-concentration analysis, drainer-ring identification, multi-chain on the single entity. Watermarked PDF with SHA-256 evidence manifest, independently verifiable by your counterparty. Priced to close on a corporate card. No RFP. No committee.
Request a Pro report →
Founding price
Elite · Full Intelligence
Five-hop · Multi-chain · OSINT · 10-day
$7,500
$12,500 at list after founding window
For serious matters where counsel is already involved. Everything in Pro, plus the OSINT layer that holds up under scrutiny: GitHub scam-site enumeration, IPFS metadata, WHOIS pivots, social and homoglyph cross-reference, up to three chains with a five-hop network graph. Structured JSON export for the data room. Optional on-chain anchoring for chain-of-custody. Used by attorneys in live crypto-fraud matters.
Request an Elite report →
Source status this run: mixer flowsofacofac delta weekrektscamsniffercoingeckosecx alertsbtc whalestrx usdt flowstether frozenphishing domainschainabusedefillama hacksclaude narrative