Compliance and Investigations¶
Security teams increasingly need to understand investigations, sanctions/AML screening, exposure management, exchange coordination, and funds tracing. This does not replace legal advice or compliance counsel; it helps technical teams know what tools and workflows exist.
Intelligence and Compliance Platforms¶
| Resource | Tier | Use |
|---|---|---|
| TRM Labs | Paid / certification | Blockchain intelligence, investigations, wallet screening, and risk monitoring. |
| Chainalysis | Paid / certification | Blockchain analytics, investigations, compliance, and ecosystem reports. |
| Elliptic | Paid / certification | Crypto risk intelligence, wallet screening, and investigations. |
| zeroShadow | Paid / certification | Web3 incident response, investigations, threat intelligence, and vSOC services. |
| DigiBastion Threat Intel | Use in real audits | Free Web3, DeFi, supply-chain, and operational-security feed with daily, weekly, or immediate alert subscriptions. |
| Chainabuse | Use in real audits | Public scam and abuse reporting signal. |
| CryptoScamDB | Watchlist | Public scam-domain and address intelligence. |
When It Matters¶
- Active exploit response and funds tracing.
- Sanctions, AML, and counterparty exposure checks.
- Exchange, bridge, stablecoin issuer, and law-enforcement coordination.
- Wallet screening for protocol operations, treasury flows, and user-protection products.
- Post-incident reporting and recovery support.
- Monitoring known attacker clusters, laundering paths, mixers, and high-risk services.
Technical Team Checklist¶
- Preserve transaction hashes, logs, timestamps, frontend builds, API logs, and signer actions.
- Identify stolen assets, contracts, chains, bridges, exchanges, and current wallet clusters.
- Separate public communications from private investigation details.
- Coordinate with incident responders before publishing tactical details.
- Keep compliance tooling separate from deterministic security verdicts; risk labels can be wrong or delayed.