Introducing @coldcases An open investigation board for the Solana ecosystem. Track exploits, trace wallets, analyze tokens, and monitor what's happening on-chain — all in one place. Here's what it does. 🧵

We're getting close to the release of our next-gen chain investigation platform - @coldcases Stay tuned.

🚨 Another major supply chain incident 🚨 axios — one of the most widely used npm packages — has been compromised. Malicious versions axios@1.14.1 and axios@0.30.4 were published and are actively dropping malware. The attack pulls in a newly created dependency plain-crypto-js@4.2.1, confirmed as a malicious loader: it executes obfuscated payloads, runs shell commands, and attempts to evade detection while wiping traces. With 100M weekly downloads, this is a live, large-scale supply chain attack. More details: stepsecurity.io/blog/axios-c…

John Daghita (Lick) was arrested in the Caribbean yesterday as a direct result of my investigation. In late January 2026, I exposed how John stole $ 46M in seized crypto assets from the US government by abusing access at CMDSS, his father's company, which held a USMS contract. John then taunted me multiple times via his Telegram channel and dust attacked my public wallet address with stolen funds. Thanks for the last laugh, John.

NEW LEAK: Price sheet of 200 crypto influencers and their wallet addresses from a project they were recently contacted by to promote. From 160 accounts who accepted the deal I only saw <5 accounts actually disclose the promotional posts as an advertisement.

1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30 fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects.

JUST IN: 🇺🇸🇰🇵 FBI confirms North Korea is responsible for the $1.5 billion Bybit crypto hack.

Some thoughts on the recent hack(s). There is a pattern where hackers were able to steal large amounts of crypto from multi-sig “cold storage” solutions, as with ByBit, Phemex, WazirX and potentially others. In the most recent ByBit case, the hackers were able to make the front-end user interface show a legitimate transaction while the actual signing was for a different transaction. I am less familiar with the other cases, but they sound similar based on limited available info. What’s more scary is that the affected exchanges used different multi-sig solution providers. The hackers, the Lazarus Group, are highly advanced and broad in their abilities to penetrate. It is still unclear whether the hackers were able to penetrate multiple signing devices, or the server side, or both in each of these cases. Some people questioned my suggestion of halting all withdrawals as a standard security precaution (in a tweet I posted from a shuttle bus to the plane). My intention was to share a practical approach based on my experiences and observations, yet there is no absolute right or wrong in either approach. My guiding principle is always to lean on the safer side. After any security incident, pause everything, make sure we fully understand what happened, how hackers penetrated the systems, which devices were compromised, triple-check all is safe, and then resume operations. Pausing withdrawals could cause more panic, of course. In 2019, we paused withdrawals for a week after a massive $40 million hack. When we resumed withdrawals (and deposits), we saw more deposits than withdrawals. Not saying this is a better approach. Every situation is different. It’s a judgment call. My tweet was to share what might work and my intention was to show support in a timely manner. I am sure Ben made the best decision based on the info he had. Ben did a good job maintaining transparent communication and calmness in dealing with a challenging situation. That shows a sharp contrast to other less transparent CEOs, like WazirX, FTX, etc. The cases mentioned here are all different. FTX was fraud. WazirX, I will refrain from commenting as there is an ongoing lawsuit. Most importantly, we should never take security for granted. It is important to learn about security yourself so that you can choose the right tools for your needs. For this, I will share an article I wrote a few years ago. It’s a little outdated, but the fundamental concepts still apply. Stay SAFU! binance.com/en/blog/from-our…

>promotes coin on social media >immediately sells coin >"i didn't rug" >"ok i sold but i don't know who wouldn't" welcome to the crypto in 2025.

1/2 I uncovered 11 high confidence wallets tied to @MustStopMurad holding ~$24M in meme coins on Ethereum and Solana so the community can monitor his future activity.

1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen.

Wtf two of my posts were cited in a recent United Nations report.

FTX founder Sam Bankman-Fried has been sentenced to 25 years in prison

1/ An investigation into how the influencer Crypto Rover ghosted a project he was paid to promote, mislead followers about his trading positions, and also his shills for pump and dump meme coins.

1/ Throughout this year I have been monitoring someone who has withdrawn 11,200 ETH ($25M) from Tornado Cash and spent the majority of it on Magic The Gathering (MTG) trading cards. Here’s my analysis of where the funds went and what the potential source of funds could be.

1/ It’s unfortunate I have to make this thread but I am being sued by MachiBigBrother for an article I published in June 2022. Today Machi filed the defamation lawsuit. The lawsuit is baseless and an attempt to chill free speech. I intend to fight back & defend free speech.

1/ I am very happy to share the FBI seized crypto, BAYC 9658, AP watch, and Doodle 3114 from the phishing scammer known as Horror (HZ) aka Chase Senecal as a result of my thread.

GN

We are glad to announce our strategic partnership with @MultiversePad MultiversePad is a multichain & cross-chain decentralized all-in-one platform to include AMM, farming, lending, launchpad, NFT, and More. #GameFi #PlayToEarn #bsc #launchpad #IDO