How I investigate crypto hacks and security incidents: A-Z
| Much thanks vice.com for a mention!
| Here I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology!
I - Investigation Flow
Usually in blockchain investigation I use tools first for manual analysis such as tenderly.co, ethtective.com, breadcrumbs.app, 9000.hal.xyz, dune.xyz, nansen.ai, , bloxy.info, github.com/naddison36/tx2uml, github.com/ApeWorX/evm-trace.
Use all of the tools from my list & this website! Almost all of the presented tools run a separate knowledge-base, YouTube blog and have a reports base, so be sure to check them out!
I seen also a rather unusual method - the use of VR, which will empower the first step: ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2
Second, I try to set clusters to check them through Chainalysis or amlbot.com (my referral: use investigation regime only)). See more similar tools there. Use all of the tools from my list & this website!
As a third step, I check contracts/addresses through the impersonator, the unrekt.net or revoke.cash checker and other tools. As an example, tutela.xyz github.com/TutelaLabs tool can help in tacking funds behind TornadoCash
When investigating an incident, it is also important to conduct a classic OSINT (2) investigation, for example, if we are investigating a hack - it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data: www.1337pwn.com/how-to-investigate-cryptocurrency-crimes-using-blockchain-explorers-and-osint-tools/
Use OSINT start.me/p/ek4rxK/cryptocurrency-osint & check out my article!
https://twitter.com/w1nt3r_eth/status/1597998923226177543
II - On-Chain Investigations Tools List
https://github.com/OffcierCia/On-Chain-Investigations-Tools-List
VR on-chain investigations:
ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2
medium.com/coinmonks/visualizing-bitcoin-transactions-in-3d-and-virtual-reality-e3e28b3055df
ETH-USDT flow:
Explorers list:
https://sovs.notion.site/Block-Explorers-8dcaed059c844e3b8f9b67b8eb90174a
III - How To Investigate Hacks On-Chain
Bonus: Monero
Follow:
IV - Practice:
Check out this awesome on-chain & OSINT forensics investigation example! Actually an amazing thread and report made with using breadcrumbs.app :
I suggest we go through the steps of the on-chain investigation together to understand how they are done.
Use the clickable scheme report below and re-read the thread one more time but with following its on-chain storyline!
See my own methodology! Check out this awesome on-chain investigation as well:
https://officercia.mirror.xyz/bekcfdWBwPh4FIzYNKfhaaorjYB90JbNRUb2oiSjiJI
V - Additional tips
Crystalblockchain (owner check)
OXT (after registration, owner check)
https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws
Google Dorks:
site:https://docs.google.com/spreadsheets Bounty intext:”@gmail.com”
site:https://docs.google.com/spreadsheets Bounty intext:”@gmail.com”
Antinalysis (TOR, owner check)
https://github.com/apoorvlathey/eth-explorers-extension
VI - Knowledge Hub
How cryptocurrency intelligence aids ransomware investigations
Clustering transactions in Bitcoin and other cryptocurrencies
Analysing cryptocurrencies and Investigating blockchains by BitQuery
Maltego Ethereum Transform with SocialLinks and Bloxy.info - How to start
Using Maltego and tatum to track the money trail of a bitcoin scam
Investigating 3 Ethereum Addresses Using The Nansen Wallet Profiler
https://officercia.mirror.xyz/wSvKI5p91-GYcun1aAyMMjNbpkgKnp7qIxVIqc1sXZk
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!
If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR
