Note: This report is updated by a verification record

Continuation of the flow/surf-lending DeFi cred-exfil campaign (c1655). Sentinel-9.9.9 depconf squat; preinstall node index.js || true exfils env secrets (mnemonic/private-key/blockfrost) to raw C2 2.25.140.71:8443/surflending/npm-confusion (same C2). Companions bodega-sdk/flowdefi verified identical. No-renotify.