Having investigated many crypto incidents, we have encountered both popular and unique cases of cryptoasset theft. That's why we know what to look out for.
Detailed interviews help us gather the right data and leads for subsequent OSINT and blockchain analysis.
The information collected about the victim's interactions with the intruders is carefully parsed by the analysts. All valuable information (blockchain addresses, nicknames, websites, contacts, etc.) is extracted from the content of their correspondence and enriched with data from public sources.
All of this can give analysts leads and connections, even if the communication channels found are no longer in use. Sometimes, just these actions are enough to identify the intruder.
No matter how many transit addresses and transactions the intruder uses, we can analyze them all. A prime example is our investigation where an attacker created over 113,000 crypto addresses to cover his traces. This factor made it impossible to conduct analytics using blockchain browsers.
We use our own software “EYE”, which allows us to track the flow of funds between addresses, the transfer of assets through DEX to other blockchain networks, and automatically searches hundreds of different databases for new valuable information. The result is an answer to the question of where funds have settled, whether they went out through exchanges with KYC, and whether mixers were used to obfuscate the traces.
At the end of the work, you receive a detailed report with as much data on the incident as possible.
For law enforcement agencies, this report will be the basis for initiating proceedings, as well as simplify and speed up the process.
The security services do not have enough dedicated specialists for a proper response to all incidents, and our report will simplify their work. The only thing left is to send the appropriate requests to exchanges, domain name registrars, and sites advertising phishing sites, or to immediately conduct investigative actions against the identified intruder.