About this investigation

Surfaced four key assumptions: (1) GLEIF ultimate-children query represents current operational reality (HIGH sensitivity, HIGH confidence — corroborated by SEC EDGAR overlap on US entities); (2) ICIJ HTTP-500 node-detail failures on JSOIN + JANE STREET CO. LTD. do not conceal Jane Street-affiliated material (MODERATE sensitivity, LOW confidence — limits kj_004 confidence); (3) opensanctions HTTP-404 means 'not screened' not 'no hits' (HIGH sensitivity, HIGH confidence — drives kj_005); (4) the JANE STREET CO. LTD. Bahamas Leaks match at 47-61% reconcile score is a name collision rather than a Jane Street vehicle (MODERATE sensitivity, LOW confidence — drives kj_004 / ent_095 confidence low).

Scored four competing hypotheses against high-grade evidence: H1 mature operationally-autonomous global market maker (lowest weighted inconsistency — leading); H2 aggressive corporate sprawl with offshore-vehicle ownership opacity (retained as plausible but weaker — ICIJ comprehensive negative + GLEIF clean chain inconsistent); H3 recent regulatory-scope expansion (SBSE / MENA / JSCT International) — supports H1 rather than competing; H4 strategic-equity activist sleeve (June 2026 HiTek + Alpha Compute) — partially retained as the leading interpretation of the specific anomaly, not the firm-wide thesis. Headline finding (kj_001 + kj_002) flows from H1+H3 synthesis; the June 2026 anomaly judgments (kj_003) flow from H4 retention.

Walked the leading hypothesis backwards under three failure modes: (a) the GLEIF entity registry materially under-represents the family (off-ledger vehicles, undisclosed JVs) — partly anticipated and limits kj_004 confidence to moderate; (b) the SBSE registration content (not yet retrieved) reveals a much narrower swap-dealing scope than kj_002 infers, reducing 'coordinated expansion' to incidental compliance event — drives the open pivot piv_004 follow-up priority; (c) the HiTek Global insider position is in fact a pass-through ownership through an underlying client agreement (custodial / sub-advised) rather than Jane Street balance-sheet exposure — would invalidate kj_003's anomaly framing and would be distinguished only by retrieving Form 4 detail (piv_002).

Inventory ran across the surfaced perimeter (4 mail-exchange subdomains, AWS Route 53 + Global Accelerator IPs, 14+ TXT-verified vendor integrations, named co-founders / senior principals, multi-jurisdiction compliance footprint, fresh SBSE counterparty channel). Eight red vectors retained (r_01 through r_08) prioritized by impact-over-effort: spear-phishing under sub-strict DMARC + Bloomberg supply-chain + AWS DNS concentration + Pardot recruiting impersonation lead; AI-integration and CAA-bypass entries are lower-confidence but real. 12 blue controls composed (9 paired + 3 baseline).