Oanda+coinpass+compromised: [top]

The subject line was the only thing on the flash drive: oanda+coinpass+compromised . No file name, no folder. Just a single, nameless .txt file waiting inside.

She opened the file. They’re watching both. Not the platforms. The bridges between. OANDA for the fiat entry. Coinpass for the crypto exit. Same controller. Different names. Your last trace was correct. I’m the one who helped you find it. And now I’m the one they’re going to kill if you don’t move fast. Proof: check the API logs from your OANDA demo account. Look for the 3 a.m. UTC order modifications you didn’t make. Then check Coinpass’s withdrawal whitelist. You’ll see a wallet you’ve never added. They’ve been inside for 47 days. You’re not hunting a leak. You are the decoy. Maya’s pulse ticked up, but her hands stayed steady. She pulled up OANDA’s developer dashboard—the demo account she’d used to test her forensic trading bot. API logs. Filter by PATCH /orders . There. oanda+coinpass+compromised

She opened a fresh terminal and ran a WHOIS on the IP. Nothing remarkable. Then she cross-referenced it against known OANDA login IPs from her account’s security log. Three matches over the past two weeks. Each one preceded by a Coinpass login from a different IP—but the same ASN. The subject line was the only thing on

But the message writer said “they’re going to kill me.” That wasn’t a threat from a hacker. That was a threat from someone inside the operation. She opened the file

They weren’t watching the platforms.

She scanned the message again. Same controller. Different names.