LIVE · ON-CHAIN · Generated Thursday · May 14, 2026 · 16:34 UTC Issue №2026134 · bluewingintel.com
BlueWing Intel
Fraud Watch · Daily · BTC · ETH · SOL · TRX · BNB · Free
Issue №2026134
Thursday · May 14, 2026 · 16:34 UTC
Ed. #1 · First Edition

$3.47M flowed into Tornado Cash in the last 24 hours.

246 discrete deposits across four pool denominations, computed live from on-chain logs. Tornado's smart contracts were sanctioned in August 2022 — the contracts themselves are immutable and keep accepting ETH. This is what the chain actually shows, not an API estimate.

Editor's note — what this edition actually is
This is Fraud Watch №1. Every figure below is pulled live from public sources at generation time. No sample data, no padding. Sections without live signal are hidden, not filled. We lead with Tornado Cash deposit counts because the signal is timely, computable on free public RPC, and missing from every free competitor. Our proprietary labeled-wallet database seeds with every run.
Lead · Mixer Inflows · Tornado Cash · Last 24h

$3.47M in · 246 deposits · 1503.30 ETH

PoolDepositsETH inContract
0.1 ETH13313.30 ETH0x12D66f87…
1 ETH7070.00 ETH0x47CE0C6e…
10 ETH32320.00 ETH0x910Cbd52…
100 ETH111100.00 ETH0xA160cdAB…
Computed via eth_getLogs against the four canonical Tornado Cash ETH pools. Contracts were designated by OFAC on 2022-08-08; they remain immutable and continue accepting deposits. Anyone who deposited in the last 24 hours has, by Treasury position, touched sanctioned infrastructure.
Our Focus · USDT-TRC20 on TRON · The Rail Nobody Covers
$100.2K
across 5 notable transfers in the latest Tronscan window — live from the chain, not an aggregator.

TRON USDT moved ~$62B at last issuance count and is the dominant stablecoin venue for pig-butchering, ransomware off-ramps, and sanctions evasion. Sell-side doesn't cover it. Chainalysis dashboards it but won't publish it. This is BlueWing's lane.

AmountTime (UTC)From → To
$10.0K2026-05-14 16:33TJLyMku9…gYRbDW TMLyxqLa…w8K8aEtrace →
$40.0K2026-05-14 16:33TKYXNcZG…U4kUrX TAq3ZW9h…cwRructrace →
$17.6K2026-05-14 16:33TYeScCmA…EXJycz TC7myHHq…m681nYtrace →
$22.5K2026-05-14 16:33TBbftnfo…4dpyMz TSytPCDL…MgRPpAtrace →
$10.1K2026-05-14 16:33TJ7hhYhV…L3JSdb TJtrjaw1…PYWMbetrace →

Protocol Exploits · Rekt Ledger · Last 30 Days

$290.0M
KelpDao
4/18/2026 A2 · Rekt

DPRK breached LayerZero's infrastructure, forged a bridge message, and walked $290 million out of KelpDAO in one transaction. Aave is holding hundreds of millions in bad debt. The dominoes are still falling. DeFi United is scrambling to catch them.

KelpDAOLayerZeroAave
post-mortem →

Live X Alerts · PeckShield / SlowMist / ZachXBT · Last 72h

  • @zachxbt 2026-05-14 12:17
    8/ 226M LAB (large % of float) was deposited to Bitget deposit addresses by insiders in March-April 2026. The deposits sat dormant until 100M LAB was withdrawn a few days ago, which received significant coverage on CT. An unknown MM operating via Chinese exchanges likely received supply and appears to be running a sim
    view post →
  • @zachxbt 2026-05-14 12:17
    9/ It seems everyone has private info except retail. Team knows the unlocks, MM knows the positioning, OTC buyers know their cliffs. Retail only sees LAB price. Call to action for @bitgetglobal, @binance, @gate_io to freeze insider profits and redistribute them to users. Or delist and act earlier without waiting for p
    view post →
  • @zachxbt 2026-05-14 12:16
    1/ An investigation into the opaque private loans/OTC, unilateral vesting changes, market maker coordination, unknown float, and >95% supply control behind $LAB's recent pump to $6B FDV. Here's why @LABtrade_ represents everything wrong with the current meta of retail extraction on major centralized exchanges.
    view post →
  • @PeckShieldAlert 2026-05-13 14:07 TRX
    From @TransitFinance: The issue was related to an early-version smart contract previously deployed on TRON. Although this legacy contract had been deprecated since 2022, historical vulnerabilities within it were recently exploited, affecting a limited number of users. nitter.net/TransitFinance/status/…
    view post →
  • @PeckShieldAlert 2026-05-13 12:21
    #PeckShieldAlert @TransitFinance seems to have been hacked for ~$1.88M The stolen funds are currently sitting in the following address in $DAI: 0x8a634DfA2609358849D7D65FFA270C8A57a8abA5
    view post →
  • @zachxbt 2026-05-12 12:01
    1/ Meet Dritan Kapllani Jr, a US based threat actor tied to $19M from social engineering thefts targeting crypto holders. Dritan flexes luxury cars, watches, private jets, & clubs all over social media. Recently he was recorded on a call showing off a wallet with stolen funds. Video Video Video
    view post →
  • @SlowMist_Team 2026-05-12 11:36 ETH
    🚨SlowMist TI Alert🚨 💸 @Aurellion_Labs Loss: 455,003 USDC (~$455,003) 🔍 Root Cause: Unprotected initialize(address varg0) in SafeOwnable Facet. Diamond set owner via non-initialize path without updating _initialized version slot (bytes 0-7 of 0xf0c57e...) from 0, allowing re-init by attacker to overwrite owner, ca
    view post →
  • @SlowMist_Team 2026-05-12 07:25
    🚨 MistEye TI Alert 🚨 MistEye has detected a highly sophisticated npm worm, "Mini Shai-Hulud," spreading through trusted developer projects like TanStack, UiPath, and DraftLab. The attackers hijacked GitHub credentials to publish malicious, yet seemingly legitimate, package updates. The malware injects a heavily disgu
    view post →
Forensic reports · when a daily scan is not enough

Stop guessing. Start citing.

A risk verdict in thirty seconds, a filable report in three days, or the full intelligence package in ten. Same evidence discipline every BlueWing PDF has shipped since day one: SHA-256 manifests, confidence-graded findings, and a transaction hash behind every claim.

Free · Risk Check
Thirty seconds · Public
$0
Paste the address. Green, yellow, or red in under thirty seconds. OFAC and sanctions, drainer and scam-registry hits, exposure tags, one-line plain-English summary. Enough to know whether to walk away or pick up the phone. No credit card.
First 3 lookups · no email needed
Then 2 / day · 10 / week · email-verified
Cloudflare Turnstile bot protection
Check a wallet now →
Pro · On-Chain Report
On-chain analysis - 24 hr delivery
$2,500
For the deal that needs a paper trail. Full transaction history, a three-hop connected-wallet graph, mixer entry flags, supply-concentration analysis, drainer-ring identification, multi-chain on the single entity. Watermarked PDF with SHA-256 evidence manifest, independently verifiable by your counterparty. Priced to close on a corporate card. No RFP. No committee.
Request a Pro report →
Founding price
Elite · Full Intelligence
On-chain + OSINT - 48 hrs delivery
$7,500
$12,500 at list after founding window
For serious matters where counsel is already involved. Everything in Pro, plus the OSINT layer that holds up under scrutiny: GitHub scam-site enumeration, IPFS metadata, WHOIS pivots, social and homoglyph cross-reference, up to three chains with a five-hop network graph. Structured JSON export for the data room. Optional on-chain anchoring for chain-of-custody. Used by attorneys in live crypto-fraud matters.
Request an Elite report →
Source status this run: mixer flowsofacofac delta weekrektscamsniffercoingeckosecx alertsbtc whalestrx usdt flowstether frozenphishing domainschainabusedefillama hacks