Blockchain technology has unlocked a new era of digital innovation, offering unprecedented opportunities and possibilities. However, the decentralized nature of blockchain platforms has also given rise to complex challenges, particularly in the realm of cybersecurity.
As the incidence of crypto hacks and security breaches continues to make headlines, the importance of conducting thorough investigations into these incidents cannot be overstated.
In this article, we will explore the strategies and methodologies for investigating crypto hacks, shedding light on why this process is crucial in safeguarding the integrity and trustworthiness of the blockchain ecosystem. Let’s get started!
Investigating a crypto hack involves delving into a web of intricate transactions, digital footprints, and decentralized platforms. The process typically begins with the identification of anomalous activities or a reported security breach within a blockchain network. From there, investigators must meticulously trace the flow of compromised assets, analyze transactional data, and uncover potential points of vulnerability within the blockchain infrastructure.
To conduct a comprehensive investigation into a crypto hack, individuals and organizations can leverage a range of tools and techniques designed to navigate the complexities of blockchain analytics. These may include blockchain explorers, forensic transaction analysis, and digital surveillance methodologies aimed at elucidating the modus operandi of malicious actors and the trail of illicit transactions.
De-mixing TornadoCash (by flipsidecrypto and AMLBotHQ & PureFiProtocol):
Also (including RAILGUN_Project de-mixers), check out awesome tools by 0xKoda:
In summary, investigating crypto hacks is an indispensable component of preserving the legitimacy and resilience of the blockchain ecosystem. By unraveling the intricacies of security breaches, deploying advanced investigative methodologies, and embracing a culture of transparency and accountability, the blockchain community can navigate the evolving landscape of cybersecurity with confidence and precision.
Usually in blockchain investigation I use tools first for manual analysis such as tenderly.co, ethtective.com, breadcrumbs.app, 9000.hal.xyz, dune.xyz, nansen.ai, , bloxy.info, github.com/naddison36/tx2uml, github.com/ApeWorX/evm-trace.
Use all of the tools from my list & this website! Almost all of the presented tools run a separate knowledge-base, YouTube blog and have a reports base, so be sure to check them out! I seen also a rather unusual method — the use of VR, which will empower the first step: ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2
Honeypot hacker via: twitter.com/lordnarfz0g/status/1554649309580300288 | CDN NFT honeypot (Canarytokens and Iplogger), or other honeypots. | Read: medium.com/@alxlpsc/critical-privacy-vulnerability-getting-exposed-by-metamask-693c63c2ce94
Second, I try to set clusters to check them through Chainalysis or amlbot.com (use investigation regime only). See more similar tools there. Use all of the tools from my list & this website!
As a third step, I check contracts/addresses through the impersonator, the unrekt.net or revoke.cash checker and other tools. As an example, tutela.xyz github.com/TutelaLabs tool can help in tacking funds behind TornadoCash.
When investigating an incident, it is also important to conduct a classic OSINT (2) investigation, for example, if we are investigating a hack — it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data: www.1337pwn.com/how-to-investigate-cryptocurrency-crimes-using-blockchain-explorers-and-osint-tools
Use OSINT start.me/p/ek4rxK/cryptocurrency-osint & check out my articles:
What you should do if you think someone has stolen your crypto-assets
How to Build A Career In Crypto Forensics In 2023 and find your Dream Web3 Job
We need also to check out this address via impersonator.xyz + reverse check:
Important tools: MetaSleuth / Phalcon_xyz / SlowMist_Team / AMLBotHQ / MaltegoHQ / AppBreadcrumbs / ethtective / oxt_btc / ArkhamIntel
Check out this awesome on-chain & OSINT forensics investigation example performed by my ex-colleague! Actually an amazing thread and report made with using breadcrumbs.app :
I suggest we go through the steps of the on-chain investigation together to understand how they are done.
Use the clickable scheme report below and re-read the thread one more time but with following its on-chain storyline!
We’ve used it to help a few people that had leaked wallets private keys or seeds and, specifically, sweeper bots. So, if you know anyone who has this issue feel free to send them this article!
When a crypto wallet is compromised, it can feel like all hope is lost… Occasionally, a hacker may overlook stealing your NFT, staking position, or forget to drain assets from other networks. In such instances, the question of how to recover the rest of (untouched by hacker!) money emerges.
The outcome can be the same regardless of how you were hacked — whether you lost your private keys, made a poisoned signature or approve, or whatever else.
The longer a compromised wallet remains in the hands of a hacker, the more difficult it becomes to recover the funds. However, this is what you should do first:
Revoke approvals via revoke.cash or cointool.app or app.unrekt.net or these tools or web3antivirus.
Blind signing is also dangerous! Use transaction simulators & multi-sig.
Establish endpoint cluster (use On-Chain Investigations Tools List ) and contact them.
Report your case here: chainabuse.com & cryptoscamdb.org or phishtank.org
Once again, do not hesitate to contact/tag/email CEX’s support, wallet’s support, stable-coins operators, and relevant protocols! Email or message costs 0$ for you, please keep this in mind!
After completing the checklist presented above, seeking professional assistance from services like HackedWalletRecovery as soon as you suspect your wallet has been compromised significantly increases the chances of successful recovery!
In case HackedWalletRecovery.com won’t help, here are several alternative solutions:
For unclaimed tokens x.com/officer_cia/status/1729515020315131994
For ERC721: x.com/lcfr_eth/status/1660974943092318208
PSA to anyone who checks their accounts daily to make sure they didnt get hacked — set up a Watch List on Etherscan to notify you of any transactions from your addresses. It’s free and the notifications come quickly. Could buy you some valuable time while the hacker is still doing test transactions: etherscan.io/myaddress or use aml-bot!
If you need additional assistance, feel free to reach out to whitehat.flashbots.net — a group of white-hats organized by Flashbots that help users recover funds leftover from hackers.
If you have an urgent (and/or potentially massive) situation and need help or a contact, please message us via seal_911_bot. You can also reach out to Mycrypto or Defiac!
Check out this super simple contract allowing a target wallet to attempt to recover a token quickly in the event it is comprised or locked out / keys lost.
To ensure there’s no ETH in the compromised account, it is highly recommended running a burner bot!
For Bitcoin there was a similar solution — you can use something like this or this.
Check out Accelerator (Choose Paid accelerating) and Broadcatst!
Keep in mind, prevention is better than cure. Take the necessary steps to secure your wallet and always stay vigilant. With the right tools and precautions in place, you can protect yourself from potential hacks and ensure the longevity and security of your digital assets.
In the fast-evolving world of blockchain technology, security and trust are of paramount importance. As the decentralized nature of blockchain platforms continues to revolutionize industries, the risks associated with cyber threats and hacks have become a growing concern.
In the event of a hack or security breach involving blockchain assets, it is crucial to consider the significance of reporting such incidents to the authorities, particularly law enforcement agencies.
When faced with the daunting reality of a blockchain hack, the initial reaction for many individuals and organizations may be to mitigate the immediate impact by taking swift remedial actions within the digital realm. However, it is equally important to recognize the value of involving law enforcement in the resolution process. While the instinctual response may not necessarily be to seek assistance from the police, there are compelling reasons why reporting a blockchain hack should be a priority.
In the context of blockchain assets, reporting a hack to the police is not necessarily a plea for authorities to intervene in the recovery of the compromised funds. Instead, it serves the essential purpose of providing evidence to substantiate ownership and custody of the assets in question. By involving law enforcement in the notification process, individuals and organizations can effectively document their claim to the hacked assets, strengthening their legal position in subsequent proceedings.
You don’t have to ask the police to rescue funds but to proof you are holding them and then send these docs to CEXes/tether/circle in order to freeze stolen funds.
In many jurisdictions, a police report can serve as a foundational document to support claims and assertions regarding the ownership and control of blockchain assets. It provides a tangible record that can substantiate the legitimate holding of digital assets and reinforce the veracity of the claimant’s position.
Beyond the immediate implications for the affected parties, reporting a blockchain hack to the police contributes to a broader effort to combat cybercrime and improve cybersecurity practices within the blockchain industry. Law enforcement agencies rely on the aggregation of information and intelligence to investigate and address digital breaches effectively.
By sharing pertinent details of a blockchain hack with the police, individuals and organizations can contribute to the accumulation of critical intelligence that may be instrumental in identifying and mitigating future security threats. This collaborative approach fosters a proactive exchange of insights and data, strengthening the collective resilience of the blockchain community against malicious actors and illicit activities.
You can also either submit a police report yourself or follow our guidelines to do it more effectively via a private company, for example:
Attacks via a Representative Sample : Myths and Reality: officercia.mirror.xyz/WeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo
100 BTC deadman drops: Silk Road: officercia.mirror.xyz/bekcfdWBwPh4FIzYNKfhaaorjYB90JbNRUb2oiSjiJI
Ethereum Alarm Clock Exploit: Final Thoughts: officercia.mirror.xyz/6V1oL16ArHLtkFQFTWhb2Xl0tbLJba89bF7b0rNXDQU
If you want to support my work, please, consider donating me:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR
More addresses: github.com/OffcierCia/support.