// NATIONAL SECURITY INTELLIGENCE // DEFENCE THREAT TRACKING //SESSION WD-9EVZP2 · SOVEREIGN CANADIAN INFRASTRUCTURE · --:--:--Z// ADVERSARIAL APT MONITORING // CAFCYBERCOM-ALIGNED //
← WRAITH·DEFENCE INTELLIGENCE PACK
▶ THREAT INTEL CENTER
ADVERSARIAL STATE ACTOR FINANCIAL INTELLIGENCE · CANADIAN SOVEREIGN PLATFORM

WRAITH — Defence Intelligence Pack

Real-time tracking of state-sponsored adversary financial networks across 12 blockchains. DPRK, Russian, and Chinese APT groups monitored continuously. 100% sovereign Canadian infrastructure — no US CLOUD Act exposure. Aligned with CAFCYBERCOM mandate and CPCSC Level 3.

Sovereignty — Scanning...
$2.47B
Adversary Funds Traced
10
APT Groups Monitored
48
Wallets Under Surveillance
3 (DPRK · RUS · CHN)
Nations Tracked
ACTIVE THREAT ACTORS — NATION-STATE ATTRIBUTION
🇰🇵 DPRK
Democratic People's Republic of Korea
CRITICAL
KNOWN GROUPS
Lazarus GroupAPT38KimsukyDPRK Hackers
PRIMARY TTPs
· Crypto theft
· Exchange compromise
· Mixer laundering
· DeFi bridge exploits
ACTIVE CAMPAIGNS
Bybit Hack 2025 ($1.5B)
Ronin Network 2022 ($625M)
Harmony 2022 ($100M)
$2.47B
Funds traced / Impact type
31
Wallets monitored
🇷🇺 RUS
Russian Federation
HIGH
KNOWN GROUPS
Sandworm / GRU Unit 74455FIN7ContiREvil
PRIMARY TTPs
· Ransomware
· Infrastructure sabotage
· Energy sector attacks
· Influence ops funding
ACTIVE CAMPAIGNS
Ukraine Energy Sector (Sandworm)
Conti Ransomware Ops
REvil Sodinokibi
$0.38B
Funds traced / Impact type
14
Wallets monitored
🇨🇳 CHN
People's Republic of China
HIGH
KNOWN GROUPS
APT41 / Double DragonVolt Typhoon
PRIMARY TTPs
· Espionage
· Supply chain compromise
· Critical infrastructure pre-positioning
· IP theft
ACTIVE CAMPAIGNS
APT41 DOJ Indictment 2020
Volt Typhoon CISA Advisory 2024
ESPIONAGE
Funds traced / Impact type
3
Wallets monitored
Chinese APT groups primarily conduct espionage vs. financial theft. On-chain footprint smaller than DPRK. Monitoring active.
CASE STUDY — ACTIVE INVESTIGATION
Lazarus Group — Bybit Exchange Hack 2025

$1.5 billion stolen by DPRK Lazarus Group in February 2025. WRAITH traced the full 75-layer laundering chain across 120 blocks in real time — ETH → THORChain → BTC → multiple mixer relays. Wallets reported to FBI and Bybit. Three wallets confirmed emptied via THORChain on May 2, 2025.

$1.5B
Stolen
12
Chains traced
75
Mixer layers
13
Wallets ID'd
ATTRIBUTION
▸ Lazarus Group
▸ Nation: DPRK
▸ Source: FBI / OFAC
▸ Confidence: 95%
▸ Proof: Z3 UNSAT
OPERATIONAL CAPABILITIES — DEFENCE MANDATE
CAP-D1LIVE
Nation-State Actor Attribution
CAFCYBERCOM Intelligence Mandate
Real-time attribution of on-chain activity to state-sponsored APT groups. DPRK/Russia/China. Cross-referenced against OFAC, FBI, NSA/CISA advisories. Nation-state confidence scoring.
CAP-D2LIVE
Adversary Financial Network Mapping
FINTRAC · FACFOA · SEMA
Full 12-chain graph of adversary financial infrastructure. Identifies mixer relays, bridge hops, CEX offramps. Traces operational funding from source to extraction.
CAP-D3LIVE
Canadian Sanctions Compliance (FACFOA)
FACFOA · Special Economic Measures Act
Real-time matching against Canadian sanctions lists (FACFOA), OFAC, EU, UN, OFSI simultaneously. Canadian-first — no exposure to US CLOUD Act. Sovereign jurisdiction enforcement.
CAP-D4LIVE
Pre-Exploit & Attack Financing Detection
Code criminel Art. 342.1 · 83.01
Detects adversary wallet activity indicative of pre-positioning for an attack. 60-second alerts before exploit finalization. Covers mixers, bridge staging, rapid consolidation patterns.
CAP-D5LIVE
Judicial Evidence Package (DPCP-ready)
Code criminel Art. 462.32 · Rules of Evidence
Full chain-of-custody evidence package for criminal proceedings. Graph exports, transaction dossiers, signed attribution proofs. Directly usable by PPSC/DPCP prosecutors.
CAP-D6BETA
Formal Proof Attribution (Z3 Engine)
CPCSC Level 3 · Five Eyes Standards
Machine-verifiable attribution proofs via Z3 theorem prover. Unlike black-box vendors, every attribution is independently verifiable. Meets formal verification standards for weapons systems and Five Eyes intelligence sharing.
WRAITH VS EXISTING SOLUTIONS (Palantir / Chainalysis / US Vendors)
CRITERIONWRAITHPALANTIR / CHAINALYSIS (US)
Data JurisdictionCanada (Toronto YYZ)United States
CLOUD Act ExposureZero — fully sovereignSubject to US Gov request
FACFOA / Canadian law✓ Native FACFOA + SEMAFinCEN only (US law)
APT AttributionDPRK + Russia + ChinaFinancial crime focus only
Proof standardZ3 formal proof (verifiable)Proprietary black-box algo
Pre-exploit detection< 60s on 12 chainsPost-incident only
CPCSC alignmentLevel 2 + Level 3 capableNot Canadian-certified
Chains monitored12 (ETH/BTC/SOL/TRX + 8 more)3-4 chains typically
MANDATE ALIGNMENT — CANADIAN ARMED FORCES CYBER COMMAND
CAFCYBERCOM
Established September 2024. WRAITH provides adversary financial intelligence for defensive and offensive cyber operations planning.
CPCSC Level 3
Weapons systems + Five Eyes data. Z3 formal proof attribution meets Level 3 standards. Sovereign Canadian assessor — US vendors excluded.
DRDC IDEaS
Eligible for DRDC Defence Research Partnership funding. $500K–$2M research contracts available. CANSEC 2026 pathway.
$81.1B DND Investment
Budget 2025 defence investment including $10.9B in digital upgrades. Cyber threat intelligence directly in scope.
Live operator demonstration available
Real-time APT tracking · Bybit $1.5B Lazarus investigation · Nation-state attribution · Sovereign Canadian platform
FINTRAC PACK▶ ENTER THREAT INTEL CENTER
WRAITH · Canadian Sovereign Build · Fly.io YYZ Toronto · CLOUD ACT CLEANCAFCYBERCOM-ALIGNED · CPCSC LEVEL 3 · FACFOA · FINTRAC · 12 CHAINS