A real-world case study in passive threat intelligence and open-source investigation . Disclaimer: This research was conducted exclusively for educational purposes and passive threat intelligence . No systems were breached, no credentials were used without authorization, and no sensitive identifying data is reported in this article. All information collected comes from publicly accessible sources : Shodan, public paste sites, blockchain explorers, and OSINT forums. Sensitive details such as IPs, domains, wallets, emails, and specific nationalities have been redacted. This activity falls within the legal scope of passive cybersecurity research , with no active interaction with the identified systems. Some parts of the article are redacted for safety. Introduction While working on threat intelligence research , I came across one of the most underestimated phenomena in the landscape of cryptocurrency fraud: the pig butchering scam .…