Awesome On-Chain Investigations HandBook
Disclaimer: All information (tools, links, articles, text, images, etc.) is provided for educational purposes only! All information is also based on data from public sources. You are solely responsible for your actions, not the author! Follow InfoSec and OpSec guidelines and perform all of your research on a separate, secure device!
Section | Link |
---|---|
Tools List | Explore |
VR & 3D Tools List | Explore |
Monero | Explore |
Knowledge Hub | Explore |
Follow List | Explore |
Support Project | Explore |
A Walkthrough by officercia.eth | Explore |
In this article I will tell you exactly how I investigate crypto hacks and security incidents, and describe methodology!
I - Tools List
Data-Analysis:
- nansen.ai
- metasleuth.io
- Explorers List
- explorer.0x.org
- watchers.pro
- 0xscope.com
- dune.xyz
- snapp.wtf
- zettablock.com
- duneninja.com for dune.xyz
- Dune Dashboard
- Dune Extension: Web3 Wizard Helper & TLDR
- Dune Manual
- Dune SQL
- Dune CandleStick Chart & more
- Dune: Token Holders
- Dune: Get All TXs
- More Dune Dashboards
- Dune MEV Dashboards
- ethplorer.io
- cryptoflows.info
- parsiq.net
- Etherscan Transforms for Maltego
- GraphSense Maltego Transform
- cielo.finance
- AI+Blockchain Tracking
- List of Tools by Alchemy
- eigenphi.io/mev/eigentx
- Maltego Transforms List
- glassnode.com
- metrika.co
- thegraph.com
- ledgerql.com
- SpiderFoot
- Erigon Archive Nodes
- Alethio
- Tenderly Dashboard
- blockchain-etl
- tx2uml & Tx2uml Example & tx2uml v1.1.19
- oklink.com
- tokenscope.com
- skynet.certik.com
- sol2uml
- evm-trace
- spiderfoot.net
- AmberData
- blockhead.info
- smarttrust.io
- sharkteam.org
- openchain.xyz
- monobase.xyz
- graphsense.info
- bitfury.com
- walletLabels.xyz & TLDR
- shard.ru
- analybits
- transpose.io, example: Link & Link2
- pod.xyz
- flipsidecrypto.xyz
- cosmograph.app
- parsec.finance
- jsoncrack.com
Visualization:
- phalcon.blocksec.com & PhalconV2
- Phalcon New Link
- Fork
- Icevision.xyz
- blockpour.com
- flourish.studio
- billfodl.com
- blocks.wizb.it
- tx.eigenphi.io
- bitlisten.com
- app.bubblemaps.io
- explorer.bitquery.io
- cruise.supremacy.team & their main page
- blockscout.com
- ethtective.com
- breadcrumbs.app
- orion.ninja
- Smart Contract Visualization & TLDR
- BloodHound
- Anitanalysis - open in TorBrowser
- antinalysis.org
- bloxy.info
- Bloxy.info Example
- Code2pdf
- Gas Reporting
- reservoir.tools
- The Interceptor
- upgradehub.xyz
- oxt.me
- blocktrace.com
- BlockTrace AI Robot for Bitcoin transactions tracking
- anchain.ai
- blockpath.com
- elliptic.co
- cipherblade.com
- arkhamintelligence
- Arkham - Twitter Search Beta
- SkyTrace
- maltego.com
- Orbit
- Orbit(2)
- Arronax
- web3cat
- blockchair.com
- cryptosheets.com
- Manim
- nftscan.com
- stately.ai
- etherscan.io & TLDR
- Full label data dump of etherscan in JSON/CSV
- Etherscan phish-hack.csv Labels
- sochain.com
- Inca
- splunk.com
- nakji.network
- kaiko.com
- address tx search by web3rekt
- blockscan.com
- onceupon.gg
- algoexplorer.io
- subscan.io
- metrica.co
- draw.io
- absolutelabs.io
- openchain.xyz EVM Trace
- Rotki
- tokenanalyst.io
- walletexplorer
- blockstream
- DarkBTCGraph
- ETH-USDT Flow
- coinfirm.com
- NFT icy.tools
- ENS chainstory.xyz
Clusterizers:
- amlbot.com
- misttrack.io
- crystalblockchain.com
- reactor.chainalysis.com
- ciphertrace.com
- TRM Labs
- scorechain.com
- CoinPath
- Storyline
- metadock
Specific:
- Web3, Crypto, Metaverse and NFT resources for OSINT investigations
- How to analyse on-chain activity?
- Blockchain OSINT In-Depth
- the wallet analyzooor Main
- the wallet analyzooor No.2
- hal.xyz, example: 9000.hal.xyz; TLDR & docs
- tx.cool
- bytegraph.xyz
- cryptocurrency search OSINT tool
- Gephi
- Tenderly Explorer
- RolodETH Ethereum tag system
- ethcmd
- Surya
- dexterlab.com
- dappradar.com
- dextools.io
- uniwhales.io
- ensideas.com
- ens.vision
- flipsidecrypto.xyz
- app.blockpour.com
- approvals.xyz
- superchain.network
- blocknative.com
- secretnodes.com
- bytegraph.xyz
- de.fi/scanner
- metropolis.space
- ApeWorX/ape: Python
- Forta Contract Simil
- earni.fi
- Uniscan
- purefi.io
- www.chainabuse.com
- info.yewbow.org
- CLI tool to get the implementation address from a proxy contract & NPMjs
- AI code translator
- cryptoscamdb.org
- A VSCode extension for inspecting solidity smartcontracts using Forge
- getblock
- coinalyze.net
- Smart Contract Storage Slot Reader
- sicp.ueba.su
- solidlint.com
- A Windows 95 themed UI for interacting with Ethereum smart contracts
- bitinfocharts
- BTC Wallet Recovery Tool
- CoinTracking
- Ethereum leveldb Explorer
- cryptotxalert
- Bitcoin Investigations
- Solana FM
- hapi.one
- dex.guru
- footprint.network
- qlue.io
- rated.network
- glasschain.org
- santiment.net
- oko.palkeo.com
- zeromev.org
- tradingstrategy.ai
- Repl
- Dapp.tools
- Vfat.Tools
- zettablock.com
- chainbroker.io
- data.paradigm.xyz
- library.dedaub.com
- Heimdall-rs
- whatsABI
- abi guesser
- eth-txns.vercel.app & Deployed Code
- Visualize ERC20 token transfers in Truffle Tests
- EVM toolkit
- zapper.fi
- bitinfocharts.com
- tutela.xyz
- os-surveillance.io
- walletrecoveryservices.com
- Heimdall-RS frontend: decompile.tools
- chainway.xyz/prove
- revoke.cash
- moderncsv.com
- upgradehub.xyz
- Smart Contract Hash Matcher
- contract-diff.xyz
- BitCrack
- pdfcrack
- socketscan.io
- Smart Contract Library
- btcparser.com
- chainbound
- forta ENS spoofing
- otterscan.io
- scan.builder0x69.io: otterscan instance without running your own node
- tryethernal.com
- ChainBeat
- blockdaemon.com
- Vscode Solidity Inspector
- impersonator.xyz
- DeFi MetaLens
- Twitter Nansen - Moivre
- xrpintel.com
- nft analyst starter pack
- cointool.app
- kycp.org
- Shodan + Crypto example
- 15K crypto search "dorks"
- osintframework.com
- cryptostats.community
- gmi.io
- sourcify.com
- vscode.blockscan.com
- etherscan.deth.net
- EVMc
- polybase.xyz
- walletchecker.io
- transaction-simulation-alchemy
- dETH Node
- txio view react
- yogh.io
- snowflake.com
- MongoDB: Blockchain Database
- artemis.xyz
- blockpour.com
- Lasso
- starksheet.xyz
- upgradehub.xyz
- ETH On-chain price
- NFT Mind Analysis Tool
- Valid.Network
- Draw EVM contract byte code
- Twitter Social Graph
- chainbroker.io
- cryptofees.info
- stablecoins.wtf
- blocktorch
- tellor.io
- eth-explorers-extension
- nanoly.com
- tally.xyz
- chaineye.tools
- token.unlocks.app
- smart-reader-vidvidvid.vercel.app
- defi-lab.xyz
- chainspot.io
- lorescan.com
- chaineye.tools
- codeslaw.app & tutorial
- coins95.web.app
- CryptocurrencyAlerting
- Ramen EVM
- thedatafi.com
- TON blockchain investigation tool
- TON + Maltego
- trueblocks.io
- dreamtools.app
- storage-slots.apoorv.xyz
- intelx.io
- minimax.finance
- supersight.app
- contract-wizard.streamlit.app
- kaito.ai
- tickr.ai
- defillama-extension
- cryptoblacklist.io
- eth-onchain-price
- nft-manual-mint-analysis
- bitcoinwhoswho.com
- bitcoinabuse.com
- Contract Diff Checker
- tokenterminal.com
- poocoin.app
- browse.ai
- rugdoc.io
- tryshadow.xyz
- data.chain.link
- decompile.tools
- hunter.how
- cryptowat.ch
- Smart Contract Wrapper
- Abinator
- contractreader.io
- Leaked Keys Look Up & more info
- dedaub.com
- wagmi.sh
- Writehat
- solmap.zeppelin.solutions
- blockfence
- lunaray.co
- DeBank
- explorer.forta.network
- erigoneth Node
- akula.app Node
- tracktx.io
- Erigon + Otterscan
- Eigen
- EVM Tools
- EVM Networks List
- FindETH
- nftchecker.io
- loch.one
- Smart Contract Search
- coinapi.io
- coinmetrics.io
- toolske.com/text2sql
- api.checknft.io
- web3antivirus.io
- Interesting list of doxxed EVM wallets
- Yet another awesome list of doxxed EVM wallets
- Eth Tx Decoder
- Ethereum input data decoder
- Cancel Ethereum Transaction
- bitaml.com
- btcrecover
- osintui
- SuperIP
- monorepo
- ethereum censorability monitor
- Hacken Oracle
- chainalysis oracle docs
- valitraitors.info
- pulsedive.com
- tx-data.surge.sh
- smart-reader-vidvidvid.vercel.app
- de.fi
- osint.scamfari.com + TLDR
- Portfolio Tracking Tools
- TornadoCash Eth in pool - Dune DashBoard
- Tornado.cash - Dune DashBoard
- eth_deposits Tornado - Dune Dashboard
- IP DB
- charts.cointrader.pro
- BlockTracker
- chainlist.org
- DAO Tools
- Zellic/smart-contract-fiesta
- codeslaw.app
- base-goerli.blockscout.com
- abi-lity
- Diagram Builder
- Telegram OSINT
- A tool for organizing info
- GitHub Search
- AML Toolbox
- apollo.io
- offshoreleaks.icij.org
- aleph.occrp.org
- osint.sh
- criminalip.io
- app.dexani.io/explore
- evm-cfg
- Sherlock
- Gitleaks
- dedigger.com
- JSleak
- diagramify.agiliq.com
- Bitcoin Prefixes Address List
- cryptaddress.vercel.app
- Public APIs
- BTC List
- Portfolio Trackers List
Hacks DBs
- solodit.xyz
- defillama.com/hacks
- hacked.slowmist.io
- Hacks Retro from officercia.eth
- chainsec.io/defi-hacks
- defyield.xyz/rekt-database
- web3rekt.com
- newsletter.blockthreat.io
- rekt.news
II - VR & 3D
- open source 3d and vr blockchain visualizations
- symphony.iohk.io
- visualizing bitcoin transactions in 3d and virtual reality
- bitcoin visualizations
- blockchain3d
III - Monero
- How one can deanonymize Monero to a certain degree of probability?
- Monero: All About the Top Privacy Coin
IV - Knowledge Hub
- How can you become a one-man-army OSINT specialist?
- Due Diligence
- Visualization of Blockchain Data: A Systematic Review
- Blocktrace introduces AI chatbot for easy blockchain transaction tracking
- Oracles No More: A Guide to Obtaining Onchain Historical Data for Smart Contracts on Ethereum
- Dune Manual
- Typical hacker errors leading to deanon
- Address Poisoning / Address Mapping (How does Chainalysis work with mixers); Dusting Attack
- On-chain journalism idea
- Top 6 tools to enable crypto data visualization in your application
- Leveraging OSINT to fight financial crime
- Investigating Cryptocurrency Theft Through OSINT
- monobase.xyz
- cookbook.dev + codeslaw.app
- Maltego Guide
- Blockchain OSINT In-Depth
- Password OSINT
- Nickname OSINT
- cryptocurrencies-exchangers-wallets-and-explorers
- OSINT Toolkit
- But how does bitcoin actually work?
- Summarizing and Analyzing the Privacy-Preserving Techniques in Bitcoin and other Cryptocurrencies
- INTERPOL Hardware Wallets List
- Using Maltego with netlas.io plugin
- Learn EVM Attacks
- So you want to start investigating on-chain?
- 9 techniques for your blockchain analysis tool
- Awesome Blockchain Visualisation
- List of 31 Analytics Tools on Polygon
- List of 24 Analytics Tools on Avalanche
- Blockchain Data Analysis from the Perspective of Complex Networks
- Anomaly Detection in Blockchain Networks: A Comprehensive Survey
- Blockchain Analytics and its Use Cases
- How do crypto monitoring and blockchain analysis help avoid cryptocurrency fraud?
- osint.sh
- NFT Attacks
- NFT Attack Vectors
- web3sec.news
- Awesome EVM Security
- How to Extract on-chain data from an Ethereum node
- Paradigm Data Portal & TLDR & TLDR2
- Portfolio Analyzing Tools
- Books & Researches
- How To Research a Project (High Level)
- DarkNet Investigations
- StegoIntelligence
- Investigation Mind-Map
- A Deep Dive into Crypto Custody
- UTXO VS Account Model
- Supremacy: How to analyze transactions with Cruise?
- OSINT Tools 2022
- OSINT Tools 2023
- BreadCrumbs Tools List
- A curated list of crypto project trackers and analytics dashboards.
- Learn new skills to fight financial crime with the Basel Institute’s free eLearning courses and practical resources for law enforcement, anti-money laundering and compliance professionals.
- Smart Contract Auditor Tools and Techniques
- OnChain Transaction Debugging: 1. Tools
- Comprehensive List of Crypto Research & Analytics Tools
- messari
- Finally! BigQuery now supports Alter Table Rename & Drop
- Top 10 on-chain data APIs for developers
- Top 10 indexed blockchain data APIs providers
- An Interesting Solution for MEV Backrunning Using TEEs and MPC
- Smart Contract Obfuscation
- osint.scamfari.com
- Whale Watching — On-Chain Analysis Tools In Action
- Deanonymizing OpenSea NFT Owners via Cross-Site Search Vulnerability
- Keylogger into a JPG image
- Discord OSINT
- Several Rare EVM Tools
- Smart Contract Analysis Tools
- Blockchain Investigations 101: An Intro to Ethereum
- Hacking Cryptocurrency Miners with OSINT Techniques by Seyfullah KILIÇ
- Ethereum Security Tools List
- Tornado Cash In-Depth
- OSINT tool SpiderFoot — Scraping Bitcoin addresses and balances
- 4 use-cases for Sankey Charts
- A Sankey diagram of the monetary flows example
- Grouping Events in Splunk
- A Systematic Review of Online Bitcoin Visualizations
- flow-of-ingoing-transactions-from-known-wallets-to-sheepmarketplace
- chart-studio.plotly.com
- Twitter Hack Addresses and Transactions
- Ethereum Smart Contracts Visualisation Tools: Surya, Solgraph, Slither, Piet, Sol2UML and Sol Function Profiler
- How to Export a Full History of Ethereum Blockchain to S3
- Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops
- UTXO model in Bitcoin Vs Account/Balance Model Ethereum
- OSINT Punk
- Crypto Scam Investigation Using SpiderFoot HX For OSINT Automation
- 9 APIs for real time cryptocurrency data
- Crypto Analytics Tools
- testnetbridge.com
- Denial of Ethereum Txpool sERvices
- phish-hack.csv Etherscan Labels
- Solidity Pro
- The Reading List and This repo with Engineering Data List
- Awesome Blogs
- What happens when you send one DAI
- EVM deep dive
- Cryptocurrency OSINT
- Math & Cryptography
- Unmasking Venom Spider
- Spin up your own Ethereum node
- How does Ethereum work, anyway?
- Maltego Blog
- How to use MetaSleuth to analyze a phishing attack
- Visualization Tools - EVM
- EVM Tools List
- Internal transactions
- Solana Security
- Ethereum Datafarm: Parsing Historic Event Data from the Ethereum Blockchain into CSV files using the Etherscan API
- Bitcoin analysis from bitquery
- How Cryptocurrency Transactions Work
- Investigation Tools & Guides
- effectiveaml.org
- Archive Nodes - Everything You Need to Know
- Ethereum Full Node vs Archive Node
- Unveiling Bitcoin Nodes: A Comprehensive Guide for Beginners 2023
- DeFi Defence DAO Tools
- ADF
- DeFi Toolkit
- Web3, Crypto, Metaverse and NFT resources for OSINT investigations
- An interesting, fun and well written article about AML
- Running Erigon After the Merge
- Run a LightHouse Node
- Top Vizualization Tools
- How to use CrystalBlockchain Tool
- Several awesome AI+OSINT Tools
- Blockchain Analysis Tools List
- Blockchain analysis techniques
- Chainalysis NFT tool Storyline
- How to visualize Ethereum transactions using Maltego
- Yet Another On-Chain Data Analysis Tools List
- How I investigate crypto hacks and security incidents: A-Z
- UTXO Model
- Ethereum archive nodes
- OSINT Basics
- Account Model
- On-chain Analytics Archives
- ETHSec Tools
- BreadCrumbs Investigator Directory
- On-chain analysis is a great skill to learn...
- On-Chain Investigations with Nick
- How does the NEW Ethereum work?
- Retrospective: Hacks in Web3
- Introduction to Bitcoin Investigation by Beatriz Silveira
- 360° AML Analytics
- Visualize the bitcoin blockchain Transforms in Maltego
- MEV Toolkit
- Web3 Security Deep Dive
- How to use OSINT in Cryptocurrency Investigations?
- Flash Boys 2.0:Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges
- Bitcoin and Cryptocurrency Forensic Investigation
- Investigation of AML Instances Around Blockchain Technology
- Awesome Ethereum staking
- Learn EVM Attacks
- OSINT cryptocurrency
- How to use Breadcrumbs.app?
- Following the Breadcrumbs: Tracing Cryptocurrencies in Fraud Investigations
- Accelerating Investigations Using the Crypto Analysis Transaction Visualization
- How (Not) To React When Your Cryptocurrency Is Stolen
- Channels about OSINT, Hacking, Security and so on...
- What is Netstalking?
- Cool OSINT blog
- ZERO to WEB 3 Data Analyst with DuneAnalytics
- Learning SQL
- Moivre + TwttrToTG_Bot
- Automated Website Takedown | Online Fraud & Phishing Prevention
- Dune Course
- Research Tools
- Ultimate Crypto Tools Thread
- Free crypto tools you can use every week to find alpha
- Crossing The Bridge
- MEV: Maximal Extractable Value
- How Cross-Chain Bridges are Hacked?
- Data Visualization Tools
- Data visualization
- Quickly Create Visual Stunning Blockchain Data Graphs and Charts in JavaScript
- An Investigation into Methods for Taint Analysis
- Bonus OSINT Twitter Crypto toolset
- Making Blockchain Analytics Easy
- How to become an on-chain detective
- Profiling Ethereum users
- ETH Gossip
- Practical Deanonymization Attack in Ethereum
- The Challenges of Investigating Cryptocurrencies and Blockchain Related Crime
- Cryptocurrency Investigations 101
- How cryptocurrency intelligence aids ransomware investigations
- Visualizing blockchain transactions with Maltego
- Crypto Investigation and Forensics
- Visualization of Bitcoin Transactions for Forensic and Security Analysis
- Clustering transactions in Bitcoin and other cryptocurrencies
- Tracking Bitcoin Transactions
- YouTube blog by bitquery
- Blog by Misttrack.io
- Knowledge-base by Breadcrumbs
- How to Trace Cryptocurrency Transactions Using Maltego
- Analysing cryptocurrencies and Investigating blockchains by BitQuery
- BlockScout Walkthrough
- Top Data Integrations & OSINT Tools for Cryptocurrency Investigations by Maltego
- Blockchain analysis tools review
- A Guide to Blockchain Analysis Tools
- Cryptocurrency and NFT OSINT Investigations Tips & Techniques
- Developing an Etherscan clone in 48 hours
- The best visualization tools for flow analysis
- Graph Based Visualisation Techniques for Analysis of Blockchain Transactions
- Visualise Blockchain Transactions in Gephi
- Tool to visualize graph of transactions
- A graph visualization of Bitcoin transactions using Sigma.js
- Tracking Bitcoin Transactions on the Blockchain
- Toward forensically sound cryptocurrency investigation
- Safeguarding the evidential value of forensic cryptocurrency investigations & Link2!
- Enhancing Ethereum Blockchain Investigations Using OSINT
- Blockchain Investigations 101: An Intro to Ethereum
- Verifying Smart Contracts using Blockscout
- Maltego Ethereum Transform with SocialLinks and Bloxy.info - How to start
- Using Maltego and tatum to track the money trail of a bitcoin scam
- How To Investigate Cryptocurrency Crimes Using Blockchain Explorers & OSINT Tools
- Tracking A Bitcoin Scam with Maltego & Tatum
- Dune analytics guide
- Dune client, Dune Snippets, Python Dune
- diagrams.net Docs
- StableCoins
- Offensive AI
- Curated list of Ethereum infographics
- A collection of dashboards related to Ethereum
- Dune Manual
- Dune ToolSet
- Another Dune Manual
- Exploration of Cryptocurrencies
- Etherscan 101
- Investigating 3 Ethereum Addresses Using The Nansen Wallet Profiler
- Ethereum (ETH) OSINT investigations tools
- Eherscan Manual
- 20 regular expressions examples to search for data related to cryptocurrencies
- Analysing On-chain Data
- How I turned a mini-PC into an Ethereum node to run at home
- Threat Modeling for Smart Contracts: Best Step-by-Step Guide
- How to Defend Your Castle | Innovative Trio in Smart Contract Security: Monitoring, Prevention, Defense
- Getting Started with Phalcon 2.0v
- Nansen Research Portal
- leakix.net
- Moriarty Project Tool
- FindETH Tool
- meta-secret Tool
- World check KYC screening
- Database: world-check.com
- SWIFT Kyc
- Follow My Twitter
- My Article
V - Follow
- List by ZachXBT
- Read this article about being an on-chain sleuth
- Follow bax1337
- Follow LookOnChain
- Follow
- OtterSec
- Dedotfisecurity
- Yet another awesome Twitter list to follow
- Folllow Frankresearcher
- MistTrack Twitter
- On-Chain Analysis Threads
- TheDEFIac
- Follow on-chain Sleuth Twitter
- Follow PeckShieldAlert Twitter
- Follow BlockSecTeam Twitter
- Follow lookonchain Twitter
- Investigations by ZachXBT
- Rekt.News
- Follow SamCZSun!
- Certik Alert
- EmporiumTools
- Anciliainc
- Beosin Twitter
- Hacks DataBases
- Thread from CountZero
- 0xFooBar Twitter
- OXT Blog
- CryptoShine Twitter
- Immunefi Medium
- X-Explore
- Follow My Twitter
VI - My Works
| Special Author's Notes:
| Articles:
- What you should do if you think someone has stolen your crypto-assets
- Attacks via a Representative Sample : Myths and Reality
- How can you become a one-man-army OSINT specialist?
- How I investigate crypto hacks and security incidents: A-Z
- 100 BTC deadman drops: Silk Road
- If you have been scammed…
Support Project
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users
If you want to support my work, please consider donating me to the address:
-
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A — ERC20 & ETH officercia.eth
-
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR
You can also send me a donation to the address from this repository!
Check out as well:
Thank you!