[ Declassified ]

Case Studies & Investigations

Q: Can I commission an investigation like one of these?

Yes. Use the Start Your Investigation request form to send a scoped brief. We routinely run UBO reconstructions, multi-jurisdictional asset tracing, cross-chain crypto tracing, dark-web background checks and operator deanonymization.

Q: What sources do these investigations rely on?

Open-source intelligence only: corporate registries such as EGRUL, SPARK-Interfax and OpenCorporates, cadastres, the Federal Notarial Chamber pledge register, vessel databases (IMO GISIS, Equasis), AIS feeds, public block explorers, sanctions and PEP datasets such as OpenSanctions, and archived web content via the Wayback Machine.

These OSINT case studies document anonymized operations and flagship forensic investigations across sanctions, UBO tracing, dark web, asset tracing and crypto tracing. All client-identifying details have been redacted.

Cyprus to UAE Russian deposit exodus OSINT investigation

Investigation May 19, 2026

Cyprus → UAE: 18.4B Russian Deposit Exodus

How approximately 18.4 billion euros of Russian-linked deposits left Cypriot banks for UAE free-zone structures between 2022 and 2025 — and what 6AMLD changes.

Read the Cyprus–UAE deposit-exodus investigation →

EU crypto sanctions CASP ban on Russian counterparties

Investigation May 18, 2026

EU Crypto Sanctions: The CASP Ban

The EU 20th sanctions package bans all CASP transactions with Russian counterparties from 24 May 2026. What compliance teams must screen before the cliff.

Read the EU crypto CASP-ban analysis →

Russia shadow fleet of 287 sanctioned tankers OSINT investigation

Investigation Apr 22, 2026

Russia's Shadow Fleet: 287 Sanctioned Tankers

A forensic OSINT investigation of Russia's shadow tanker fleet: AIS spoofing, flag hopping, STS transfers, insurance fictions and vessel identification methods.

Read the shadow-fleet tanker investigation →

OFAC 50 percent rule loopholes in Russia sanctions

Investigation Apr 16, 2026

The OFAC 50-Percent Rule, Examined

A forensic walkthrough of the OFAC 50 Percent Rule: documented loopholes, Kerimov and Deripaska precedents, and an open-source methodology for compliance teams.

Read the OFAC 50-percent-rule walkthrough →

Crypto bridge tracing across Bitcoin, Ethereum and TRON

Crypto Tracing Mar 18, 2026

Crypto Bridge: 4.2M Across 3 Blockchains

Tracing $4.2M in sanctioned funds across Bitcoin, Ethereum and TRON through Tornado Cash, cross-chain bridges and a Garantex-linked cluster.

Read the crypto-bridge tracing case →

Dacha Empire hidden-asset tracing across four jurisdictions

Asset Tracing Jan 30, 2026

Dacha Empire: 2.8B in Hidden Assets, 4 Countries

Mapping the true wealth of a Russian regional official across Russia, UAE, Georgia and Montenegro via registries, AIS yacht tracking and crypto clustering.

Read the Dacha Empire asset-tracing case →

Dark Leaks background check surfacing darknet ties

Dark Web Feb 22, 2026

Dark Leaks: Background Check Surfaces Darknet Ties

A full background check on a prospective fintech co-investor revealed connections to Russian darknet markets, stolen-data vendors and unpaid bailiff debts.

Read the Dark Leaks background-check case →

Nominee Maze UBO tracing through seven shell-company layers

UBO Tracing Nov 5, 2025

Nominee Maze: 7 Layers, One Sanctioned UBO

Unmasking the real owner behind a chain of Russian shell companies via EGRUL/SPARK, notary cross-referencing and OSINT social profiling.

Read the Nominee Maze UBO-tracing case →

Dark Web Apr 10, 2026

Deanonymization of a Telegram Extortion Ring

How analysts tracked a cyber-extortion syndicate targeting a CIS fintech platform using Telegram metadata and Bitcoin flow tracing.

Read the Telegram extortion-ring deanonymization case →

Telegram Ghost extortion-channel operator identified in 72 hours

Dark Web Dec 12, 2025

Telegram Ghost: Operator Identified in 72h

Identifying the operator of an anonymous Telegram extortion channel targeting a Russian industrial group, via Telegram metadata, session artefacts and a client-mailbox correspondence pivot.

Read the Telegram Ghost operator-attribution case →

How to read these OSINT case studies

The OSINT case studies on this page are anonymized records of completed forensic investigations across Russia and the CIS. Each case study documents a real intelligence problem — a counterparty who would not resolve, an ownership chart that read cleanly on paper, an income declaration that did not match the lifestyle behind it, a withdrawal that screened green but behaved wrong — and walks through the open-source methodology we used to resolve it. We publish the method, the public-record sources, and the shape of the reconstruction; we never publish client names, real individual identities, exact amounts, or any detail that would breach confidentiality or prejudice a pending matter.

Read each case study for the workflow, not the headline number. The investigations cluster into the disciplines we practise day to day: ultimate-beneficial-owner (UBO) tracing through nominee and pledge structures, multi-jurisdictional asset tracing, on-chain cryptocurrency tracing across bridges and mixers, dark-web exposure and background checks, and deanonymization of anonymous operators. Every conclusion in the underlying deliverables is reproducible from primary public records — corporate registries, cadastres, vessel databases, block explorers and archived web content — so that the work is defensible in front of a bank’s MLRO, an instructing counsel, or a competent regulator.

If you are evaluating us for an engagement rather than reading for method, the commercial counterparts to these case studies are our full capability catalogue and the individual service pages such as asset tracing, UBO verification and deanonymization. The case studies show what the work looks like once it is done; the service pages set out how to commission it.

Frequently asked questions about our case studies

Are these case studies real investigations?

Yes. Every case study is drawn from a completed engagement. We adjust case identifiers, dates, jurisdictions and all identifying details to protect client confidentiality, but the methodology, the registry and on-chain pivots, and the substantive shape of each reconstruction are accurate to the work performed.

Why are names and amounts redacted?

Our engagements are confidential and several touch live regulatory or civil-recovery proceedings. Publishing real names, exact figures or specific entities could breach client confidentiality or prejudice pending action, so we describe the method and the public-record approach only. No case study here identifies a real natural person beyond reference to public sanctions designations.

Can I commission an investigation like one of these?

Yes. Use Start Your Investigation to send a scoped brief. We routinely run UBO reconstructions, multi-jurisdictional asset tracing, cross-chain crypto tracing, dark-web background checks and operator deanonymization on the kinds of timelines these case studies describe.

What sources do these investigations rely on?

Open-source intelligence only: corporate registries (EGRUL, SPARK-Interfax, OpenCorporates), cadastres, the Federal Notarial Chamber pledge register, vessel databases (IMO GISIS, Equasis), AIS feeds, public block explorers, sanctions and PEP datasets such as OpenSanctions, and archived web content via the Wayback Machine. The methods are set out in full on our investigation methodology hub.

Every case is unique. The methods and sources we apply depend on the specific intelligence requirements and operational context. These OSINT case studies sit alongside our published open-source investigation methodology and the full capability catalogue of [0x]INT investigation services, from asset tracing to deanonymization.

Start Your Investigation ← Russia & CIS Intelligence Home