| Here I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology!
Usually in blockchain investigation I use tools first for manual analysis such as tenderly.co, ethtective.com, breadcrumbs.app, 9000.hal.xyz, dune.xyz, nansen.ai, , bloxy.info, github.com/naddison36/tx2uml, github.com/ApeWorX/evm-trace.
I seen also a rather unusual method - the use of VR, which will empower the first step: ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2
Second, I try to set clusters to check them through Chainalysis or amlbot.com (my referral: use investigation regime only)). See more similar tools there. Use all of the tools from my list & this website!
As a third step, I check contracts/addresses through the impersonator, the unrekt.net or revoke.cash checker and other tools. As an example, tutela.xyz github.com/TutelaLabs tool can help in tacking funds behind TornadoCash
When investigating an incident, it is also important to conduct a classic OSINT (2) investigation, for example, if we are investigating a hack - it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data: www.1337pwn.com/how-to-investigate-cryptocurrency-crimes-using-blockchain-explorers-and-osint-tools/
Check out this awesome on-chain & OSINT forensics investigation example! Actually an amazing thread and report made with using breadcrumbs.app :
I suggest we go through the steps of the on-chain investigation together to understand how they are done.
Use the clickable scheme report below and re-read the thread one more time but with following its on-chain storyline!
Useful for learning! See my own methodology! Check out this awesome on-chain investigation as well:
Crystalblockchain (owner check)
OXT (after registration, owner check)
Antinalysis (TOR, owner check)
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!
If you want to support my work, you can send me a donation to the address:
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR