Skip to content

For Compliance and Investigations

Separate evidence from attribution, preserve timelines, and make escalation decisions explainable. Do not overclaim certainty from one source.

30 / 60 / 90-day path

Window What to do Evidence to keep
30 days Define acceptable evidence for scam, phishing, sanctions, abuse, and wallet-drainer reviews. Evidence policy, source list, case template, retention rule.
60 days Connect public report sources, transaction traces, domain observations, and partner escalation paths. Case records, wallet graph notes, domain snapshots, escalation log.
90 days Review false positives, delayed escalation, repeated abuse patterns, and automation candidates. Metrics, lessons learned, improved playbooks.

Must-read pages

Checklists to use first

First 10 resources

  1. Chainabuse
  2. DefiLlama hacks
  3. MetaMask eth-phishing-detect
  4. BlockSec Phalcon simulator
  5. Tenderly docs
  6. TRM Labs
  7. Chainalysis
  8. Elliptic
  9. zeroShadow
  10. DigiBastion Threat Intel

Common failure

Investigations can mix confidence levels. Record source, timestamp, collection method, confidence, action taken, and unresolved assumptions for every claim.

Educational resource only. Links and listings are not endorsements by Raiders0786, DigiBastion, maintainers, contributors, or this project. Verify third-party resources before relying on them. Not legal, financial, investment, compliance, or professional security advice. Read the full disclaimer.