How I investigate crypto hacks and security incidents: A-Z
Published in
4 min readDec 1, 2022
| Much thanks vice.com for a mention!
| Here I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology!
I — Investigation Flow
- Usually in blockchain investigation I use tools first for manual analysis such as tenderly.co, ethtective.com, breadcrumbs.app, 9000.hal.xyz, dune.xyz, nansen.ai, , bloxy.info, github.com/naddison36/tx2uml, github.com/ApeWorX/evm-trace.
- Use all of the tools from my list & this website! Almost all of the presented tools run a separate knowledge-base, YouTube blog and have a reports base, so be sure to check them out!
- I seen also a rather unusual method — the use of VR, which will empower the first step: ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2
- Second, I try to set clusters to check them through Chainalysis or amlbot.com (investigation regime only). See more similar tools there. Use all of the tools from my list & this website!
- As a third step, I check contracts/addresses through the impersonator, the unrekt.net or revoke.cash checker and other tools. As an example, tutela.xyz github.com/TutelaLabs tool can help in tacking funds behind TornadoCash
- When investigating an incident, it is also important to conduct a classic OSINT (2) investigation, for example, if we are investigating a hack — it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data: www.1337pwn.com/how-to-investigate-cryptocurrency-crimes-using-blockchain-explorers-and-osint-tools/
- Use OSINT start.me/p/ek4rxK/cryptocurrency-osint & check out my article!
II — On-Chain Investigations Tools List
More data:
VR on-chain investigations:
- ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2
- symphony.iohk.io
- medium.com/coinmonks/visualizing-bitcoin-transactions-in-3d-and-virtual-reality-e3e28b3055df
- www.lopp.net/bitcoin-information/visualizations.html
- app.bubblemaps.io
ETH-USDT flow:
Explorers list:
III — How To Investigate Hacks On-Chain
- 1/3: twitter.com/officer_cia/status/1591509308818493440
- 2/3: twitter.com/officer_cia/status/1591509312312156163
- 3/3: A collection of threads
- Bonus: Monero
Follow:
- List by ZachXBT
- Read this article about being an on-chain sleuth
- Read this article from Vice!
- MistTrack Twitter
- On-Chain Analysis Threads
- TheDEFIac
- Follow on-chain Sleuth Twitter
- Follow PeckShieldAlert Twitter
- Follow BlockSecTeam Twitter
- Follow lookonchain Twitter
- Investigations by ZachXBT
- Thread from CountZero
- 0xFooBar Twitter
- CryptoShine Twitter
- Immunefi Medium
- rekt.news
- HacksDB
- Follow My Twitter
IV — Practice:
Check out this awesome on-chain & OSINT forensics investigation example! Actually an amazing thread and report made with using breadcrumbs.app :
I suggest we go through the steps of the on-chain investigation together to understand how they are done.
Use the clickable scheme report below and re-read the thread one more time but with following its on-chain storyline!
Useful for learning! See my own methodology! Check out this awesome on-chain investigation as well:
V — Additional tips
- Etherscan
- Blockchair
- Tokenview
- Ethtective
- Breadcrumbs
- chainabuse.com
- cryptoscamdb.org
- GraphSense + GitHub
- Maltego CE + Tatum Blockchain Explorer
- Cryptoblacklist
- Crystalblockchain (owner check)
- OXT (after registration, owner check)
- Blockpath
- GraphSense + GitHub
- Maltego CE + Tatum Blockchain Explorer or Blockchain.info
Google Dorks:
VI — Knowledge Hub
- Deanon ETH
- ETH Gossip
- Profiling Ethereum users
- All transaction analysis tools
- How to investigate crypto
- Investigating Blockchain
- How to become an on chain detective
- Bitcoin analysis from bitquery
- How Cryptocurrency Transactions Work
- On-chain Analytics Archives
- On-Chain Investigations with Nick
- Introduction to Bitcoin Investigation by Beatriz Silveira
- 360° AML Analytics
- How cryptocurrency intelligence aids ransomware investigations
- Clustering transactions in Bitcoin and other cryptocurrencies
- Tracking Bitcoin Transactions
- YouTube blog by bitquery
- Blog by Misttrack.io
- Knowledge-base by Breadcrumbs
- How to Trace Cryptocurrency Transactions Using Maltego
- Analysing cryptocurrencies and Investigating blockchains by BitQuery
- BlockScout Walkthrough
- Blockchain Investigations 101: An Intro to Ethereum
- Verifying Smart Contracts using Blockscout
- Maltego Ethereum Transform with SocialLinks and Bloxy.info — How to star
- Using Maltego and tatum to track the money trail of a bitcoin scam
- Tracking A Bitcoin Scam with Maltego & Tatum
- Dune analytics guide
- Investigating 3 Ethereum Addresses Using The Nansen Wallet Profiler
- Blockchain Hacks DB
- Investigations by ZachXBT
- Follow My Twitter
Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users!
If you want to support my work, you can send me a donation to the address:
- 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
- 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC
- 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR
