Oanda+coinpass+compromised Now

The subject line was the only thing on the flash drive: oanda+coinpass+compromised . No file name, no folder. Just a single, nameless .txt file waiting inside.

Someone had her session tokens. Not her passwords—her sessions . That meant a browser extension, a compromised Wi-Fi network, or physical access to a device she thought was clean.

She grabbed her jacket and her lockpicks. The 6 a.m. deadline didn’t leave time to be right. Only time to move. oanda+coinpass+compromised

Maya looked at the last line of the text file, which she hadn’t read fully until now. Below the signature—just a single letter, K —was a postscript: I’m in the OANDA London office. Third floor. Server room B. They don’t know I’ve been logging everything. They’ll check the backup logs at 6 a.m. UTC. That’s 90 minutes from now. Don’t send police. Send someone who can move through a financial district without being seen. And Maya—don’t use your real name when you come. She stared at the screen. She’d never told anyone her real name. Not in five years of ghost tracing.

Another pause, longer this time. “Where’s the source now?” The subject line was the only thing on

“It’s Ghost. I need a protection detail for a source. They’re inside a dual-platform compromise ring. OANDA and Coinpass. Fiat-to-crypto laundering via forced liquidations.”

She looked at the timestamp on the photo. It was from 36 hours before the drive appeared. Someone had her session tokens

Coinpass next. Login. Withdrawal addresses. A new whitelist entry dated 46 days ago: 0x3F9...aE7 . Labeled “Savings 2.” She’d never labeled anything “Savings 2.” She clicked through the edit history. IP address: 185.165.29.101 . Not her home. Not her VPN. A known residential proxy from Eastern Europe.