| Much thanks vice.com for a mention!

| Here I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology!

I - Investigation Flow

• Usually in blockchain investigation I use tools first for manual analysis such as tenderly.co, ethtective.com, breadcrumbs.app, 9000.hal.xyz, dune.xyz, nansen.ai, , bloxy.info, github.com/naddison36/tx2uml, github.com/ApeWorX/evm-trace.

• Use all of the tools from my list & this website! Almost all of the presented tools run a separate knowledge-base, YouTube blog and have a reports base, so be sure to check them out!

• I seen also a rather unusual method - the use of VR, which will empower the first step: ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2

• Second, I try to set clusters to check them through Chainalysis or amlbot.com (my referral: use investigation regime only)). See more similar tools there. Use all of the tools from my list & this website!

• As a third step, I check contracts/addresses through the impersonator, the unrekt.net or revoke.cash checker and other tools. As an example, tutela.xyz github.com/TutelaLabs tool can help in tacking funds behind TornadoCash

• When investigating an incident, it is also important to conduct a classic OSINT (2) investigation, for example, if we are investigating a hack - it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data: www.1337pwn.com/how-to-investigate-cryptocurrency-crimes-using-blockchain-explorers-and-osint-tools/

• Use OSINT start.me/p/ek4rxK/cryptocurrency-osint & check out my article!

II - On-Chain Investigations Tools List

• Use all of the tools from my list & this website !

VR on-chain investigations:

• ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2

• symphony.iohk.io

• medium.com/coinmonks/visualizing-bitcoin-transactions-in-3d-and-virtual-reality-e3e28b3055df

• www.lopp.net/bitcoin-information/visualizations.html

• app.bubblemaps.io

ETH-USDT flow:

Explorers list:

III - How To Investigate Hacks On-Chain

• 1/3: twitter.com/officer_cia/status/1591509308818493440

• 2/3: twitter.com/officer_cia/status/1591509312312156163

• 3/3: A collection of threads

• Bonus: Monero

Follow:

• List by ZachXBT

• Read this article about being an on-chain sleuth

• Read this article from Vice!

• MistTrack Twitter

• On-Chain Analysis Threads

• TheDEFIac

• Follow on-chain Sleuth Twitter

• Follow PeckShieldAlert Twitter

• Follow BlockSecTeam Twitter

• Follow lookonchain Twitter

• Investigations by ZachXBT

• Thread from CountZero

• 0xFooBar Twitter

• CryptoShine Twitter

• Immunefi Medium

• rekt.news

• HacksDB

• Follow My Twitter

IV - Practice:

Check out this awesome on-chain & OSINT forensics investigation example! Actually an amazing thread and report made with using breadcrumbs.app :

Thread start | Thread end 

I suggest we go through the steps of the on-chain investigation together to understand how they are done.

Use the clickable scheme report below and re-read the thread one more time but with following its on-chain storyline!

Useful for learning! See my own methodology! Check out this awesome on-chain investigation as well:

V - Additional tips

• Etherscan

• Blockchair

• Tokenview

• Ethtective

• Breadcrumbs

• chainabuse.com

• cryptoscamdb.org

• GraphSense + GitHub

• Maltego CE + Tatum Blockchain Explorer

• Cryptoblacklist

• Crystalblockchain (owner check)

• OXT (after registration, owner check)

• Blockpath

• GraphSense + GitHub

• Maltego CE + Tatum Blockchain Explorer or Blockchain.info!

Google Dorks:

• ETH_address -block

• site:etherscan.io ETH_address

• site:https://docs.google.com/spreadsheets Bounty intext:”@gmail.com”

• BTC_address -block

• site:bitcointalk.org BTC_address

• site:https://docs.google.com/spreadsheets Bounty intext:”@gmail.com”

• Cryptoaml

• Bitrankverified

• Antinalysis (TOR, owner check)

VI - Knowledge Hub

• Deanon ETH

• ETH Gossip

• Profiling Ethereum users

• All transaction analysis tools

• How to investigate crypto

• Investigating Blockchain

• How to become an on chain detective 

• Bitcoin analysis from bitquery

• How Cryptocurrency Transactions Work

• On-chain Analytics Archives

• On-Chain Investigations with Nick

• Introduction to Bitcoin Investigation by Beatriz Silveira

• 360° AML Analytics

• How cryptocurrency intelligence aids ransomware investigations

• Clustering transactions in Bitcoin and other cryptocurrencies

• Tracking Bitcoin Transactions

• YouTube blog by bitquery

• Blog by Misttrack.io

• Knowledge-base by Breadcrumbs

• How to Trace Cryptocurrency Transactions Using Maltego

• Analysing cryptocurrencies and Investigating blockchains by BitQuery

• BlockScout Walkthrough

• Blockchain Investigations 101: An Intro to Ethereum

• Verifying Smart Contracts using Blockscout

• Maltego Ethereum Transform with SocialLinks and Bloxy.info - How to start

• Using Maltego and tatum to track the money trail of a bitcoin scam

• Tracking A Bitcoin Scam with Maltego & Tatum

• Dune analytics guide

• Investigating 3 Ethereum Addresses Using The Nansen Wallet Profiler

• Blockchain Hacks DB

• Investigations by ZachXBT

• Follow My Twitter

Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!

• Check out my GitHub

• Follow my Twitter

• Track all my activities

• All my Socials

• Join my TG channel

If you want to support my work, you can send me a donation to the address:

• 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc

• 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU - BTC

• 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR

Thank you! ❤️