Awesome On-Chain Investigations HandBook 2.0

Blockchain technology has unlocked a new era of digital innovation, offering unprecedented opportunities and possibilities. However, the decentralized nature of blockchain platforms has also given rise to complex challenges, particularly in the realm of cybersecurity.

As the incidence of crypto hacks and security breaches continues to make headlines, the importance of conducting thorough investigations into these incidents cannot be overstated.

In this article, we will explore the strategies and methodologies for investigating crypto hacks, shedding light on why this process is crucial in safeguarding the integrity and trustworthiness of the blockchain ecosystem. Let’s get started!


How One Can Investigate Crypto Hacks and Security Incidents?

Investigating a crypto hack involves delving into a web of intricate transactions, digital footprints, and decentralized platforms. The process typically begins with the identification of anomalous activities or a reported security breach within a blockchain network. From there, investigators must meticulously trace the flow of compromised assets, analyze transactional data, and uncover potential points of vulnerability within the blockchain infrastructure.

To conduct a comprehensive investigation into a crypto hack, individuals and organizations can leverage a range of tools and techniques designed to navigate the complexities of blockchain analytics. These may include blockchain explorers, forensic transaction analysis, and digital surveillance methodologies aimed at elucidating the modus operandi of malicious actors and the trail of illicit transactions.

De-mixing TornadoCash (by flipsidecrypto and AMLBotHQ & PureFiProtocol):

Also (including RAILGUN_Project de-mixers), check out awesome tools by 0xKoda:

In summary, investigating crypto hacks is an indispensable component of preserving the legitimacy and resilience of the blockchain ecosystem. By unraveling the intricacies of security breaches, deploying advanced investigative methodologies, and embracing a culture of transparency and accountability, the blockchain community can navigate the evolving landscape of cybersecurity with confidence and precision.


How I Investigate Crypto Hacks & Security Incidents: A-Z

Usually in blockchain investigation I use tools first for manual analysis such as tenderly.coethtective.combreadcrumbs.app9000.hal.xyzdune.xyznansen.ai, , bloxy.infogithub.com/naddison36/tx2umlgithub.com/ApeWorX/evm-trace.

Use all of the tools from my list & this websiteAlmost all of the presented tools run a separate knowledge-base, YouTube blog and have a reports base, so be sure to check them out! I seen also a rather unusual method — the use of VR, which will empower the first step: ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2

Honeypot hacker via: twitter.com/lordnarfz0g/status/1554649309580300288 | CDN NFT honeypot (Canarytokens and Iplogger), or other honeypots. | Read: medium.com/@alxlpsc/critical-privacy-vulnerability-getting-exposed-by-metamask-693c63c2ce94

Second, I try to set clusters to check them through Chainalysis or amlbot.com (use investigation regime only). See more similar tools there. Use all of the tools from my list & this website!

As a third step, I check contracts/addresses through the impersonator, the unrekt.net or revoke.cash checker and other tools. As an example, tutela.xyz github.com/TutelaLabs tool can help in tacking funds behind TornadoCash.

When investigating an incident, it is also important to conduct a classic OSINT (2) investigation, for example, if we are investigating a hack — it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data: www.1337pwn.com/how-to-investigate-cryptocurrency-crimes-using-blockchain-explorers-and-osint-tools

Use OSINT start.me/p/ek4rxK/cryptocurrency-osint & check out my articles:

We need also to check out this address via impersonator.xyz + reverse check:

Important tools: MetaSleuth / Phalcon_xyz / SlowMist_Team / AMLBotHQ / MaltegoHQ / AppBreadcrumbs / ethtective / oxt_btc / ArkhamIntel

Check out this awesome on-chain & OSINT forensics investigation example performed by my ex-colleague! Actually an amazing thread and report made with using breadcrumbs.app :

Thread start | Thread end

I suggest we go through the steps of the on-chain investigation together to understand how they are done.

Use the clickable scheme report below and re-read the thread one more time but with following its on-chain storyline!


Recovering Lost Assets

We’ve used it to help a few people that had leaked wallets private keys or seeds and, specifically, sweeper bots. So, if you know anyone who has this issue feel free to send them this article!

When a crypto wallet is compromised, it can feel like all hope is lost… Occasionally, a hacker may overlook stealing your NFT, staking position, or forget to drain assets from other networks. In such instances, the question of how to recover the rest of (untouched by hacker!money emerges.

The outcome can be the same regardless of how you were hacked — whether you lost your private keys, made a poisoned signature or approve, or whatever else.

The longer a compromised wallet remains in the hands of a hacker, the more difficult it becomes to recover the funds. However, this is what you should do first:

Once again, do not hesitate to contact/tag/email CEX’s support, wallet’s support, stable-coins operators, and relevant protocols! Email or message costs 0$ for you, please keep this in mind!

After completing the checklist presented above, seeking professional assistance from services like HackedWalletRecovery as soon as you suspect your wallet has been compromised significantly increases the chances of successful recovery!

In case HackedWalletRecovery.com won’t help, here are several alternative solutions:

PSA to anyone who checks their accounts daily to make sure they didnt get hacked — set up a Watch List on Etherscan to notify you of any transactions from your addresses. It’s free and the notifications come quickly. Could buy you some valuable time while the hacker is still doing test transactions: etherscan.io/myaddress or use aml-bot!

Keep in mind, prevention is better than cure. Take the necessary steps to secure your wallet and always stay vigilant. With the right tools and precautions in place, you can protect yourself from potential hacks and ensure the longevity and security of your digital assets.


Investigator’s Corner

In the fast-evolving world of blockchain technology, security and trust are of paramount importance. As the decentralized nature of blockchain platforms continues to revolutionize industries, the risks associated with cyber threats and hacks have become a growing concern.

In the event of a hack or security breach involving blockchain assets, it is crucial to consider the significance of reporting such incidents to the authorities, particularly law enforcement agencies.

When faced with the daunting reality of a blockchain hack, the initial reaction for many individuals and organizations may be to mitigate the immediate impact by taking swift remedial actions within the digital realm. However, it is equally important to recognize the value of involving law enforcement in the resolution process. While the instinctual response may not necessarily be to seek assistance from the police, there are compelling reasons why reporting a blockchain hack should be a priority.

In the context of blockchain assets, reporting a hack to the police is not necessarily a plea for authorities to intervene in the recovery of the compromised funds. Instead, it serves the essential purpose of providing evidence to substantiate ownership and custody of the assets in question. By involving law enforcement in the notification process, individuals and organizations can effectively document their claim to the hacked assets, strengthening their legal position in subsequent proceedings.

You don’t have to ask the police to rescue funds but to proof you are holding them and then send these docs to CEXes/tether/circle in order to freeze stolen funds.

In many jurisdictions, a police report can serve as a foundational document to support claims and assertions regarding the ownership and control of blockchain assets. It provides a tangible record that can substantiate the legitimate holding of digital assets and reinforce the veracity of the claimant’s position.

Beyond the immediate implications for the affected parties, reporting a blockchain hack to the police contributes to a broader effort to combat cybercrime and improve cybersecurity practices within the blockchain industry. Law enforcement agencies rely on the aggregation of information and intelligence to investigate and address digital breaches effectively.

By sharing pertinent details of a blockchain hack with the police, individuals and organizations can contribute to the accumulation of critical intelligence that may be instrumental in identifying and mitigating future security threats. This collaborative approach fosters a proactive exchange of insights and data, strengthening the collective resilience of the blockchain community against malicious actors and illicit activities.

You can also either submit a police report yourself or follow our guidelines to do it more effectively via a private company, for example:

My own articles on topic:

Stay safe!


If you want to support my work, please, consider donating me:

Thank you!

Subscribe to Officer's Blog
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.