Skip to content

For Incident Responders

Focus on containment, evidence preservation, transaction reproduction, signer safety, user communications, and post-incident control fixes.

30 / 60 / 90-day path

Window What to do Evidence to keep
30 days Define severity triggers, war-room roles, public comms owners, legal escalation, and evidence templates. Severity matrix, role card, case template, comms draft.
60 days Add simulation and trace tools, signer replacement steps, and wallet-drainer reporting paths. Trace examples, transaction review checklist, takedown packet.
90 days Run a full tabletop with executives, engineers, comms, legal, support, and partners. Exercise notes, remediation tracker, monitoring updates.

Must-read pages

Checklists to use first

First 10 resources

  1. SEAL 911
  2. SEAL Frameworks
  3. BlockSec Phalcon simulator
  4. Tenderly docs
  5. Chainabuse
  6. MetaMask eth-phishing-detect
  7. DefiLlama hacks
  8. Safe Transaction Service
  9. Wormhole security
  10. DigiBastion Threat Intel

Common failure

Incident teams often patch before preserving evidence. Snapshot transactions, traces, DNS, frontend assets, logs, screenshots, public reports, and timestamps before emergency fixes erase root-cause material.

Educational resource only. Links and listings are not endorsements by Raiders0786, DigiBastion, maintainers, contributors, or this project. Verify third-party resources before relying on them. Not legal, financial, investment, compliance, or professional security advice. Read the full disclaimer.