tanuki42 (@tanuki42

tanuki42

405 posts

tanuki42

@tanuki42_

Independent blockchain investigator | Contributor @zeroshadow_io & @SEAL_911

Somewhere

Joined June 2022

Pinned
tanuki42
@tanuki42_
Jan 22
1/8 I was taking a look at this research from @elliptic and noticed something interesting. It seems that the same entity who is selling USDT to the Central Bank of Iran 🇮🇷 is also buying USDT from groups laundering on behalf of DPRK 🇰🇵
Tom Robinson
@tomrobin
Jan 21
New research: Iran’s Central Bank has purchased US dollar stablecoins worth at least half a billion dollars, likely used to evade sanctions and support the rial elliptic.co/blog/iran-has-…
37K
tanuki42
@tanuki42_
Nov 4, 2025
1/8 It's likely that the market maker @DWFLabs was compromised in September 2022 by a DPRK-affiliated threat actor called AppleJeus, resulting in a theft of at least $44M+ composed predominantly of USDC and USDT. As of November 2025, DWF has not publicly confirmed any incident.
150K
tanuki42
@tanuki42_
Mar 26, 2025
Meet Nick Franklin @0xNickLFranklin - Blockchain Security Engineer…. or RGB operative hacking for DPRK? Seemingly this guy has had the entire industry fooled for years.
118K
tanuki42
@tanuki42_
May 9, 2025
1/ Very pleased to have played a small role in finally taking down @exchcx – one of the most prolific services used for money laundering in the past year. eXch was a hub for DPRK, CSAM vendors, script kiddies, scammers, and many more bad actors laundering the money.
65K
tanuki42
@tanuki42_
Nov 7, 2025
1/ This will probably be controversial, but I’ve been wanting to share my personal thoughts on this case for a long time and I think it is an important discussion crypto needs to have: Samourai Wallet vs Tornado Cash and why conflating these two cases is bad for privacy.
This post is unavailable.
31K
tanuki42
@tanuki42_
Sep 30, 2025
Are we literally not even pretending anymore? "THORChain(NEW CRYPTO LAUNDERING TOOL)" - @BitgetWallet @THORChain
45K
tanuki42
@tanuki42_
Mar 26, 2025
Replying to @tanuki42_
This persona is extremely developed and has seemingly interacted with many major security researchers, protocols and services. It is yet another lesson that EVERYONE should be paranoid - you have probably already spoken to North Korean operatives, and have absolutely no idea.
GIF
8.9K
tanuki42
@tanuki42_
Oct 23, 2024
etherscan.io/tx/0x670c405ce… Angel Drainer affiliate tries to remove @tether blacklist on their account 🤣🤣
22K
tanuki42
@tanuki42_
Sep 19, 2024
Pleased to help get a result here for the victim and always a pleasure working with @zachxbt and @CFInvestigators, some of the best in the business 🤝
ZachXBT
@zachxbt
Sep 19, 2024
1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen.
23K
tanuki42
@tanuki42_
Mar 26, 2025
Replying to @tanuki42_
Earlier today, @k06a flagged that this account had sent him a suspicious file and was not to be trusted. It seems Anton’s diligence may have prevented an extremely serious compromise… @tayvano_ and I have spent the last few hours digging into Mr Franklin’s Telegram history and
Anton Bukov (e/acc)🦇🔊
@k06a
Mar 26, 2025
Beware of @0xNickLFranklin (t.me/defi_sec), he is very likely a scammer pretending to be a security engineer. He sent me an APP file as a report and erased our chat and banned me after I asked WTF.
27K
tanuki42
@tanuki42_
Mar 26, 2025
Replying to @tanuki42_
If you have interacted with this persona and are AT ALL concerned that you are at risk, please reach out to me, @tayvano_ or SEAL-911 (t.me/seal_911_bot) ASAP.
11K
tanuki42
@tanuki42_
Oct 30, 2025
So @gardenfi got hacked for at least $11M+ likely (TBC) by a DPRK-affiliated group known as DangerousPassword. Somewhat ironically, of the $5.3M which appears stolen on Solana (account: WZy4xxpqktWa1b6MPMRiWsD487CT8mDcapB6GufBJCH), over 50% is sourced from the @swissborg hack...
13K
tanuki42
@tanuki42_
Mar 26, 2025
Replying to @tanuki42_
Looking this address up in our notes, we noticed that this address was also involved in something else -> It was a signer on two safes, on BSC and Arbitrum: 0xcCfE10Cbc381dD6752fA34253a17e7e7c0cf7951. This exact Safe was used for testing in another incident… the hack against
10K
tanuki42
@tanuki42_
Jul 29, 2025
Next time you visit Europe, be sure to check out Poland City, Poland - "Top Digital Nomad Destination" as recommended by DPRK IT Worker, Damian Mularz 💯
00:00
15K