voss-wallet-drain — approve-for-all drainer + sweeper

what this proves

• all eight crypto-theft primary engines produce deterministic, fixture-locked output — verified by npm run check:flagship (280/280 fleet · 8 for this scenario).
• every output is generated 100% locally in your browser — export txs and chain data, never upload wallet material.
• unlimited approve, sweeper drain, drainer bytecode, multi-hop tx graph, and BTC peel plus mixer-shaped indicators surface without sending evidence to a server.

primary engines locked to this fixture

• ethereum-tx-decoder
• bitcoin-tx-decoder
• crypto-tx-graph
• crypto-transaction-graph
• smart-contract-bytecode-analyzer
• crypto-mixer-pattern-detector
• bitcoin-address-clustering
• private-key-format-detector

build the case binder

runs all eight primary engines on the synthetic evidence zip and opens a self-contained html binder. uses the default binder renderer for crypto theft — no upload.

download the synthetic evidence

MIT-licensed, fully synthetic. includes ERC-20 approve + sweeper drain txs, drainer bytecode hex, on-chain flow graph, BTC peel tx, CoinJoin-shaped mixer trace, and synthetic key export.

built deterministically from scripts/fixtures/build-voss-wallet-drain.mjs. seed: voss-wallet-drain:v1.

methodology

crypto theft is not generic malware — it is usually a signed transaction. decode the unlimited approve and sweeper drain first, then walk bytecode → multi-hop graph → BTC peel → mixer-shaped consolidation. seed leaks come last. read the full crypto theft / wallet drain guide →

after the playbook

run each primary locally — or export findings from the binder — then drop every csv/json into fatcousin-multi-tool-super-timeline-correlator. one timestamp-sorted timeline across unlimited approve, sweeper drain, multi-hop graph, and BTC peel — still zero upload.