In-depth technical analysis of nation-state cryptocurrency threats, incident investigations, and research methodologies. All research is published for public benefit.
Deep dive into the largest cryptocurrency theft in history. How Lazarus Group exploited multisig UI vulnerabilities to drain 401,346 ETH from Bybit's cold storage.
Osman Sonmez
2025-02-22
Analysis of evolving money laundering techniques used by North Korean threat actors, including the shift from Tornado Cash to THORChain and emerging mixers.
Osman Sonmez
2025-02-18
Deep dive into the largest cryptocurrency theft in history. How Lazarus Group exploited multisig UI vulnerabilities to drain 401,346 ETH from Bybit's cold storage.
Analysis of evolving money laundering techniques used by North Korean threat actors, including the shift from Tornado Cash to THORChain and emerging mixers.
How Iran leverages its subsidized electricity to mine Bitcoin for sanctions evasion, generating an estimated $1B annually in untraceable cryptocurrency.
Mapping the Russian cryptocurrency exchange network that has processed over $12 billion in illicit transactions, including ransomware payments and sanctions evasion.
Technical overview of clustering techniques used to link cryptocurrency wallets to nation-state threat actors, including common-spend analysis and timing correlation.
Analysis of bridge exploits favored by Lazarus Group, examining common security failures and the $800M+ stolen through bridge attacks.
This research is published for public benefit. Academic citations are encouraged.
Sonmez, O. (2025). "NSCTIP: Nation-State Crypto Threat Intelligence Platform."
https://threats.osmansonmez.com/research
All content licensed under CC BY-NC 4.0 for non-commercial use.
Comprehensive technical documentation on methodology, data sources, and analysis techniques used in nation-state cryptocurrency threat intelligence.
Download Whitepaper (PDF)Coming Soon
Free access for researchers, journalists, academics & compliance professionals