Live observations and signal tracking across the current threat landscape. Updated as conditions change. Produced by Groom Lake operatives.
Reaper monitors active leak activity, identity exposure, and threat signals across the crypto ecosystem. Data updated continuously.
View Live Threat FeedShort intelligence writeups and analyst observations. Published as the threat landscape changes.
France has become the global epicenter of crypto-related kidnappings. More than 135 incidents have been recorded since 2023, with attacks increasingly driven by OSINT, data leaks, and organized criminal networks.
A Safe user lost their treasury after bridging to a contract address already deployed by an attacker. Legacy Safe deployments allow address recreation across chains, enabling malicious ownership takeover.
A 9GB leak reveals a North Korean operative collaborating with Chinese diploma fraud networks, blurring lines between nation-state cyber operations and organized crime.
A leaked dataset exposes the daily life, tooling, and psychological patterns of a North Korean hacker, revealing structured work cycles and operational discipline.
Select operations declassified and cleared for reference. Archive release — batch 01, 3 files available.
Primary adversaries conducting documented, ongoing operations against crypto ecosystem targets. Profiles current as of latest monitoring cycle.
State-sponsored APT under North Korean intelligence. Primary mission: cryptocurrency theft to fund DPRK weapons programs. Responsible for $3B+ in crypto theft since 2017. Active against DeFi protocols, exchanges, and individual executives. Demonstrates advanced capability combined with patient, research-intensive pre-operation targeting.
Financially-motivated collective specializing in SIM swapping, vishing, and impersonation of IT and HR personnel. Responsible for multiple high-profile intrusions. Techniques include help desk manipulation, MFA fatigue attacks, and insider recruitment. Effective against organizations with weak identity verification procedures.
Multiple Russia-affiliated actors conduct targeted operations against crypto infrastructure for intelligence collection, financial theft, and geopolitical disruption. Activity spans exchange targeting, smart contract reconnaissance, personnel surveillance, and market manipulation. Correlates with geopolitical events and sanctions enforcement.
Reaper gives you continuous visibility into active exposure. Track leaks, identity exposure, and threat activity as it develops.
Access Live Threat Feed