# How I investigate crypto hacks and security incidents: A-Z

**Published by:** [Officer's Blog](https://paragraph.com/@officercia/)
**Published on:** 2022-05-01
**URL:** https://paragraph.com/@officercia/how-i-investigate-crypto-hacks-and-security-incidents-a-z

## Content

| Much thanks vice.com for a mention! | Here I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology!I - Investigation FlowUsually in blockchain investigation I use tools first for manual analysis such as tenderly.co, ethtective.com, breadcrumbs.app, 9000.hal.xyz, dune.xyz, nansen.ai, , bloxy.info, github.com/naddison36/tx2uml, github.com/ApeWorX/evm-trace.Use all of the tools from my list & this website! Almost all of the presented tools run a separate knowledge-base, YouTube blog and have a reports base, so be sure to check them out!I seen also a rather unusual method - the use of VR, which will empower the first step: ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2Second, I try to set clusters to check them through Chainalysis or amlbot.com (my referral: use investigation regime only)). See more similar tools there. Use all of the tools from my list & this website!As a third step, I check contracts/addresses through the impersonator, the unrekt.net or revoke.cash checker and other tools. As an example, tutela.xyz github.com/TutelaLabs tool can help in tacking funds behind TornadoCashWhen investigating an incident, it is also important to conduct a classic OSINT (2) investigation, for example, if we are investigating a hack - it is necessary to check messages from chats, interview employees and eyewitnesses. Sometimes this yields data: www.1337pwn.com/how-to-investigate-cryptocurrency-crimes-using-blockchain-explorers-and-osint-tools/Use OSINT start.me/p/ek4rxK/cryptocurrency-osint & check out my article! WINTΞR 💙💛 @w1nt3r_eth If you only use Etherscan to browse Ethereum, you're missing out. Here's a list of power tools (and their hidden features) that security researchers use to investigate hacks. ↓ 2,910 11:00 AM • Nov 30, 2022 II - On-Chain Investigations Tools ListUse all of the tools from my list & this website !GitHub - OffcierCia/On-Chain-Investigations-Tools-List: Here we discuss how one can investigate crypto hacks and security incidents, and collect all the possible tools and manuals! PRs are welcome! If any tool is missing - please open PR!Here we discuss how one can investigate crypto hacks and security incidents, and collect all the possible tools and manuals! PRs are welcome! If any tool is missing - please open PR! - OffcierCia/O...https://github.comVR on-chain investigations:ethresear.ch/t/open-source-3d-and-vr-blockchain-visualizations/3297/2symphony.iohk.iomedium.com/coinmonks/visualizing-bitcoin-transactions-in-3d-and-virtual-reality-e3e28b3055dfwww.lopp.net/bitcoin-information/visualizations.htmlapp.bubblemaps.ioETH-USDT flow:https://dune.com/runstar/eth-usdt-flow?address_t360d6=0x0f1ccd7DB92209B5FAE43Cfe5c98B66d1757Aa79&%E6%B1%87%E6%80%BBUSDT%E6%9C%80%E5%B0%8F%E8%BD%AC%E7%A7%BB%E9%87%8F_nbcc80=0&%E5%8D%95%E7%AC%94USDT%E6%9C%80%E5%B0%8F%E8%BD%AC%E7%A7%BB%E9%87%8F_n8de76=0Explorers list:Block & Smart Contract Explorers | NotionHosted by Notion Sites - The easiest way to get a website up and running.https://sovs.notion.siteIII - How To Investigate Hacks On-Chain1/3: twitter.com/officer_cia/status/15915093088184934402/3: twitter.com/officer_cia/status/15915093123121561633/3: A collection of threadsBonus: MoneroFollow:List by ZachXBTRead this article about being an on-chain sleuthRead this article from Vice!MistTrack Twitter Pothu @cryptoPothu On-chain analysis is a great skill to learn. The most successful traders know how to find and analyze information on-chain. Here’s a collections of threads to learn how to become an on-chain expert. A thread 245 11:30 PM • Jun 12, 2022 TheDEFIacFollow on-chain Sleuth TwitterFollow PeckShieldAlert TwitterFollow BlockSecTeam TwitterFollow lookonchain TwitterInvestigations by ZachXBT Count Ze0 @CountZe0 This thread will show you how you can catch web3 hackers/scammers using OSINT techniques. I will use address 0x8c7934611b6AD70FBEa13A1593dE167a4689b9A9 as an example. According to @zachxbt, hackers had stolen 91 NFTs. 46 10:26 AM • Jun 28, 2022 0xFooBar TwitterCryptoShine TwitterImmunefi Mediumrekt.newsHacksDBFollow My TwitterIV - Practice:See my own methodology! Check out this awesome on-chain investigation as well: https://officercia.mirror.xyz/bekcfdWBwPh4FIzYNKfhaaorjYB90JbNRUb2oiSjiJIV - Additional tipsEtherscanBlockchairTokenviewEthtectiveBreadcrumbschainabuse.comcryptoscamdb.orgGraphSense + GitHubMaltego CE + Tatum Blockchain ExplorerCryptoblacklistCrystalblockchain (owner check)OXT (after registration, owner check)BlockpathGraphSense + GitHubMaltego CE + Tatum Blockchain Explorer or Blockchain.info!https://officercia.mirror.xyz/5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47WsGoogle Dorks:ETH_address -blocksite:etherscan.io ETH_addresssite:https://docs.google.com/spreadsheets Bounty intext:”@gmail.com”BTC_address -blocksite:bitcointalk.org BTC_addresssite:https://docs.google.com/spreadsheets Bounty intext:”@gmail.com”CryptoamlBitrankverifiedAntinalysis (TOR, owner check)GitHub - apoorvlathey/eth-explorers-extension: Browser extension to open Ethereum addresses & transaction hash from any page on popular explorers + dashboardsBrowser extension to open Ethereum addresses & transaction hash from any page on popular explorers + dashboards - apoorvlathey/eth-explorers-extensionhttps://github.comVI - Knowledge HubDeanon ETHETH GossipProfiling Ethereum usersAll transaction analysis toolsHow to investigate cryptoInvestigating Blockchain DeFiac @TheDEFIac Do you want to become an on-chain detective? Read this then I learned all of this in the past year and I decided to share some of my knowledge This should teach you how to analyze an ethereum address from scratch 3,670 9:40 PM • Apr 9, 2022 Bitcoin analysis from bitquery On-chain Analytics Archives Clustering transactions in Bitcoin and other cryptocurrencies YouTube blog by bitqueryBlog by Misttrack.ioKnowledge-base by Breadcrumbs Using Maltego and tatum to track the money trail of a bitcoin scam Dune analytics guide Blockchain Hacks DBInvestigations by ZachXBTFollow My Twitterhttps://officercia.mirror.xyz/wSvKI5p91-GYcun1aAyMMjNbpkgKnp7qIxVIqc1sXZkSupport is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!Check out my GitHubFollow my TwitterTrack all my activitiesAll my SocialsJoin my TG channelIf you want to support my work, you can send me a donation to the address:0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU - BTC4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMRThank you! ❤️

## Publication Information

- [Officer's Blog](https://paragraph.com/@officercia/): Publication homepage
- [All Posts](https://paragraph.com/@officercia/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@officercia): Subscribe to updates
- [Twitter](https://twitter.com/officer_secret): Follow on Twitter