GM Welcome Back to the Dead Drop.

For five years, half of Washington lost its collective mind over a Ukrainian gas company that paid Hunter Biden up to $50,000 a month to sit on its board. A man with no energy expertise. No operational role. No discernible function beyond the quiet gravitational pull of his last name. Congressional hearings were held. An impeachment inquiry was launched. Careers were built on the outrage. The argument was simple and, frankly, correct: proximity to power has market value, and when a president's son monetizes that proximity, the public should ask questions.

Good. They should.

So let me walk you through what's happening right now, across three simultaneous operations, and you tell me where the outrage went.

Vulcan Elements is a three-year-old startup that makes rare-earth magnets. The company is real. The technology matters. China controls 91% of refined rare earth elements used in permanent magnets, and anyone who tells you that's not a national security problem is selling you something. The United States needs domestic magnet production. On this, both parties agree.

What they disagree on is whether the president's son should get rich in the process.

In August 2025, Donald Trump Jr.'s fund, 1789 Capital, invested in Vulcan's $65 million Series A round. 1789 Capital describes itself as backing "patriotic" companies. Trump Jr. told the Financial Times he is "very involved in the strategic decisions regarding where to invest." At the time, Vulcan was valued at roughly $200 million.

Three months later, the Trump administration backed Vulcan with a $620 million loan from the Department of Defense, the largest loan ever issued by the Pentagon's Office of Strategic Capital. The Department of Commerce kicked in another $50 million and received an equity stake. The government became a shareholder.

By January 2026, investors were considering a new funding round at a valuation approaching $2 billion.

Read those numbers again slowly. Donald Trump Jr’s 1789 Capital invests at $200 million. The government announces $670 million in backing. The valuation climbs toward $2 billion. That is a potential 10x return on paper in under six months. And four companies in the 1789 Capital portfolio have received a combined $735 million in government contracts since Trump took office.

Everyone involved says there was no connection. Vulcan's CEO says there has been zero contact with Trump Jr. A spokesman for Trump Jr. says he doesn't interface with the federal government on behalf of portfolio companies. A lawyer for 1789 Capital says the fund had "zero involvement" and "zero knowledge" that the government deals were contemplated.

Maybe every word of that is true. But the whole lesson of the Burisma scandal was supposed to be that you don't need a phone call. The structure is the corruption.

Hunter Biden collected roughly $600,000 a year from a Ukrainian gas company. Trump Jr.'s fund is positioned to see returns measured in hundreds of millions from a company backed by his father's administration. One drove an impeachment inquiry. The other is being celebrated as industrial policy.

On February 17, 2026, Eric Trump became a strategic investor in XTEND, an Israeli AI drone manufacturer with existing Department of Defense contracts and a track record of combat deployment in Gaza.

Eleven days later, on February 28, the United States and Israel launched strikes on Iran.

Five days after that, XTEND mobilized drone teams from the U.S. at the request of Israel's Ministry of Defense.

XTEND is now merging with JFB Construction Holdings in a deal valued at $1.5 billion to go public on Nasdaq, expected to close mid-2026. The deal includes $152 million in strategic investment commitments. Eric Trump is among the investors. His brother Donald Jr. serves as an adviser to Unusual Machines, another drone company investing in the same merger.

The investment bank arranging the deal? Dominari Holdings. Headquartered in Trump Tower. Both Trump sons have sat on its board of advisors since February 2025.

Meanwhile, Eric and Don Jr. just backed another drone deal: Powerus Corporation merging with Aureus Greenway Holdings, a golf course company the brothers helped build. A government oversight analyst called the golf company "essentially a front" for taking a drone manufacturer public through a reverse merger without the accountability of an IPO.

The Trump sons are building a drone portfolio. Their father is waging the war that creates the demand. The contracts flow through a Pentagon their father controls. The investment bank facilitating the deals operates out of their father's building.

Nobody made a phone call. Nobody needed to.

Yesterday morning, at approximately 7:04 a.m. ET, President Trump posted on Truth Social that the U.S. and Iran have had "very good and productive conversations" toward ending hostilities. He ordered a five-day pause on strikes against Iranian power plants and energy infrastructure.

By 7:10 a.m., the S&P 500 had surged 240 points, adding $2 trillion in market capitalization.

At 7:37 a.m., Iran completely denied all of it. Called Trump's statements "psychological warfare." Said there had been "no contact" with the United States.

By 8:00 a.m., the S&P 500 had fallen 120 points, erasing $1 trillion. A $3 trillion swing in 56 minutes, triggered by a social media post.

The Dow still closed up 631 points. Brent crude dropped 10%. Anyone positioned before that Truth Social post made a fortune.

This is not the first time. On April 9, 2025, Trump posted "THIS IS A GREAT TIME TO BUY!!!" on Truth Social at 9:37 a.m. Four hours later, he announced a 90-day tariff pause. The S&P 500 gained 9.5% in a single day. Short-dated call options purchased 15 to 20 minutes before the announcement reportedly yielded profits exceeding $30 million overnight. Senators Warren, Schiff, and Schumer demanded an SEC investigation. The SEC is run by a Trump appointee. No investigation materialized.

Before the February 28 Iran strikes, suspicious bets appeared on Polymarket with odds shifting dramatically in the final minutes before the attack. Before the Venezuela action in January, a newly created Polymarket account invested $30,000 and netted over $436,000.

That's at least four events now. The April 2025 tariff pause. The January Venezuela action. The late February Iran strikes. And this morning. Each one follows the same pattern: anomalous trading activity precedes a presidential announcement by minutes. The trades are large, precisely timed, and enormously profitable.

The CFTC, which oversees futures markets, is chaired by a Trump appointee who has argued that prediction markets are a healthy antidote to media bias. The SEC is run by a Trump appointee. The Justice Department reports to the president. The people responsible for investigating market manipulation report to the man whose posts are moving the markets.

Seven days ago, President Trump signed an executive order creating the Task Force to Eliminate Fraud, chaired by Vice President JD Vance. The stated mission: coordinate a national strategy to stop fraud, waste, and abuse in federal benefit programs. The Government Accountability Office estimates the federal government loses between $233 billion and $521 billion annually to fraud.

"If we found half of the fraud that's taking place in this country," the president said in the Oval Office, "we would have much more than a balanced budget."

The task force will audit eligibility controls. Mandate identity verification. Dismantle fraud networks. Withhold funding from states with inadequate protections. Nearly a dozen agencies will participate.

Meanwhile, the president's sons are building investment portfolios turbocharged by their father's military decisions and regulatory apparatus. The president's social media posts are creating trillion-dollar market swings that someone, consistently, seems to know about in advance. And the taxpayer is an involuntary equity partner in companies chosen by an administration whose family members hold stakes in the same sectors.

The fraud task force is hunting for food stamp cheats in Minnesota. It will not examine any of this. Because this isn't fraud in the legal sense.

This is something worse.

The town of Benson, North Carolina has a population under 5,000. It is known for its mule days: rodeos, hog calling, a fiddler's convention, a mule-pulling contest. The biggest employer you've never heard of makes wet wipes.

Vulcan chose Benson for its new magnet factory. A $900 million project. Potentially 1,000 jobs. The kind of number that changes a place forever.

The town's mayor, Max Raynor, asked ChatGPT what such a development could mean for his community. The chatbot told him the population could almost double. Ten years out, Benson would be unrecognizable. He was dazzled.

A small-town mayor asking an AI whether to believe the promises of powerful people from far away. That is America in 2026. The people at the top of the cap table have already seen their paper returns multiply. The people at the bottom are asking a machine whether the future is real.

If Vulcan succeeds, the returns flow to the connected funds that got in early. If it fails, the taxpayer holds the bag and Benson goes back to mule days. We've seen this before. Solyndra. Federal loan guarantees. Obama fundraiser as a backer. Taxpayers lost over $500 million. Everyone was shocked. Nobody should have been.

"There was a crack in the dam, and Trump busted it open," says Timothy Carney of the American Enterprise Institute. He calls this approach "venture socialism." He asks the only question that matters: "Is this for the public good?"

The answer depends on where you sit. If you're a venture capitalist with the right last name, this is the greatest investment environment in American history. If you're a futures trader with 15 minutes of advance notice, this is a money printer. If you're Eric Trump buying into a drone company eleven days before your father starts a war, this is exquisite timing.

If you're a taxpayer… well, you're the house money.

This is a tale of two frauds. The fraud they prosecute, and the fraud they participate in. The street-level grift that makes headlines, and the structural grift that makes fortunes. They are not the same scale. They are not treated with the same seriousness. And the people positioned to investigate the second one report to the people profiting from it.

The same administration that launched a "war on fraud" seven days ago is simultaneously running three parallel operations that convert presidential power into private wealth: venture capital positioning ahead of government contracts, defense investments timed to military operations, and social media posts that move trillions while someone, somewhere, always seems to know what's coming.

None of this requires a conspiracy. None of it requires a phone call. The incentive architecture does the work. The structure is the corruption.

Hunter Biden made $50,000 a month.

These people are making billions.

The pitch has always been seductive, almost irresistibly so: hand us your most sensitive information and we'll watch the dark web for you, standing guard while you sleep, alerting you the moment criminals get their hands on anything that belongs to you. Aura built a million-customer business on that promise, and last week a single phone call proved why the promise was always structurally doomed to collapse under its own weight.

The hacking group ShinyHunters compromised approximately 900,000 Aura records after one employee fell for a targeted voice phishing attack. One call, one hour of access, and 900,000 records walked out the door before anyone noticed the house was on fire. This wasn't a sophisticated zero-day exploit chewing through layered encryption, and it wasn't a state-sponsored operation burning months of reconnaissance. Someone picked up the phone, believed the wrong voice, and handed over the keys. The most advanced identity protection platform in America was defeated by the same social engineering technique Nigerian scammers perfected in the 1990s.

Aura's damage control arrived on schedule, polished and predictable. The company emphasized that no database supporting its core identity theft protection application was accessed, no Social Security numbers were taken, no passwords, no financial data. Just marketing lists, they said, mostly names and emails inherited from a company Aura acquired back in 2021, a database full of personal information sitting on a server that nobody had been actively thinking about for half a decade.

The breach exposed names, email addresses, phone numbers, home addresses, IP addresses, and customer service notes for up to 35,000 current and former customers. Have I Been Pwned flagged the incident and found that roughly 90% of the leaked email addresses had already appeared in previous breaches, which means the data brokers and criminals already had most of this information and Aura was essentially adding another copy to an already overflowing pile. ShinyHunters demanded a ransom, Aura refused, and the hackers published the full dataset on their leak site because that's what ShinyHunters does and has always done.

Now here's where it gets genuinely delicious. After the breach went public, security researchers noticed that Aura's own announcement page contained a "robots noindex" tag, a small piece of code that tells search engines not to list the page in their results. In plain terms, Aura published a breach notification and then quietly told Google not to show it to anyone who might be searching for it. When PCMag asked about this curious editorial decision, the company called it "an error" that had since been corrected. An error, at an identity protection company, on the single most important page they've ever published. The cobbler's children, as they say, go barefoot.

This is the fundamental contradiction at the heart of the identity monitoring industry, and it's one I've been hammering since the early days of this newsletter. The business model requires you to surrender the very information it promises to protect. Your name, your email, your phone number, your address, sometimes your Social Security number, all of it centralized on their servers, all of it becoming a target the moment it arrives. The product that promises to shield you from breaches becomes another breach surface waiting for its turn, a honeypot of personal data protected by whatever training the lowest-paid employee in the organization received last quarter. In this case, that training wasn't enough to survive a phone call.

No company can protect your data better than you can protect it yourself, and every service that stores your personal information at scale is a target whether it admits that or not. Aura's breach didn't expose Social Security numbers this time, but the model itself, collecting sensitive data in centralized databases and guarding it with human beings who answer phones, is architecturally designed to fail on a long enough timeline. The question was never if. It was when and how embarrassing.

If you're an Aura customer, expect phishing attempts in the coming weeks that reference the breach by name, because that stolen data gives criminals exactly the context they need to make their next message feel authentic and urgent. They'll ask you to "verify" your account or "secure" your information through a helpful link. Don't click any of it. Go directly to the source, verify manually, and maybe start reconsidering whether paying someone else to worry about your data makes sense when they clearly have enough trouble worrying about their own.