Feel free to save & share it if you know someone who has been scammed or hacked and lost crypto!

You may order an investigation from the amlbot.com/reclaim-crypto (my referral link) or analybits.xyz. You can also directly DM Rata on Telegram or Twitter

Check out:

https://officercia.mirror.xyz/wSvKI5p91-GYcun1aAyMMjNbpkgKnp7qIxVIqc1sXZk

https://officercia.mirror.xyz/p1ieZdxQWH4yHCNOXNPHyT8So1cY0X_wMGKwdmavi7s

Important to mention: only crypto-focused tips!

For more InfoSec head to:

http://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap

I - Bitcoin

• May order an investigation from the amlbot.com/reclaim-crypto (my referral link) or analybits.xyz. You can also directly DM Rata on Telegram or Twitter ❗️

• Report here: www.chainabuse.com & cryptoscamdb.org or phishtank.org

• Establish endpoint cluster (use github.com/OffcierCia/On-Chain-Investigations-Tools-List ) and contact it.

• Once again, do not hesitate to contact/tag/email/DM CEXes, Wallet’s support, stablecoin-companies, DEXes and Protocols! Ask, ask and ask! Then repeat. Email or message costs 0$ for you.

https://analybits.medium.com/how-to-recover-stolen-crypto-bitcoin-or-eth-bb807d65b470

II — Others (Mostly, EVM)

• Revoke approvals via revoke.cash or cointool.app or app.unrekt.net or mirror.xyz/0x17e1F2A87F874D4C5E56d323caB45A4301D0325D/8OEm3pJ5vLcPrE8W3IBqfnq-IUGMhKBB368NZtCwz1I

• If you see zero approve tx — don’t touch it, read: officercia.mirror.xyz/n-sXszeDoNU3wtUUxRQEYvxQlZ6loaFElILzm2gnMzw and mirror.xyz/x-explore.eth/cL3d_CyNujXq8XY7ueP4omNXx_IY1EG5Dz0FD0vJ90M

• Signing is also dangerous! twitter.com/officer_cia/status/1609273593606578177 use transaction simulators & multi-sig.

• Establish endpoint cluster (use github.com/OffcierCia/On-Chain-Investigations-Tools-List ) and contact it.

• May order an investigation from the amlbot.com/reclaim-crypto (my referral link) or analybits.xyz. You can also directly DM Rata on Telegram or Twitter ❗️

• If you need to escape the rest of the funds (if you seed/key is comprised) head to whitehat.flashbots.net

• Report here: www.chainabuse.com & cryptoscamdb.org or phishtank.org

• Establish endpoint cluster and report to CEX/P2P directly.

• Once again, do not hesitate to contact/tag/email/DM CEXes,Wallet’s support, stablecoin-companies, DEXes and Protocols! Ask, ask and ask! Then repeat. Email or message costs 0$ for you.

III — Escape Funds

MEV method:

One amazing researcher made this simple flashbots bundler app to help people with white-hat recoveries of compromised accounts:

• flashbots-bundler.surge.sh

You can use the UI to generate a new flashbots rpc, build the bundle by sending ETH for gas, then the recovery TX, then withdraw remaining funds. Then when you hit submit bundle it goes through a relayer which is maintained by the community!

We’ve used it to help a few people that had leaked wallets private keys or seeds and, specifically, sweeper bots. If you know anyone who has this issue feel free to send them this way!

Here’s a video walkthrough:

https://youtu.be/itPz35FGGJk

If you use it, I recommend paying around 3x the gas price to get included. And make sure your bundle is over 42k gas or it will be ignored by the network!

Or Use:

• whitehat.flashbots.net

• sweeposaurus.com

• migratooor.com/#wallet

• smold.app/migratooor

Check out:

https://medium.com/@kanewallmann_71759/recovering-assets-from-a-hacked-account-with-flashbots-bfe920435fb6

https://twitter.com/bertcmiller/status/1638878447610081282

https://twitter.com/programmersmart/status/1640207237837893633

Bitcoin:

For Bitcoin there was a similar solution - you can use something like this or this. A private pool. Can be compared to using flash-bots or Taichi on Ethereum…

• Accelerator (Choose Paid accelerating)

• Broadcatst

Investigation Methodology:

• How I investigate crypto hacks and security incidents: A-Z

• How can you become a one-man-army OSINT specialist?

Also Check Out:

http://github.com/OffcierCia/On-Chain-Investigations-Tools-List

IV — Bad Tips

At the moment, you can only block funds through an official appeal…but someone may come up with:

• Honeypot a hacker via: twitter.com/lordnarfz0g/status/1554649309580300288 CDN NFT honeypot (Canarytokens and Iplogger), or other honeypots:

• Read: medium.com/@alxlpsc/critical-privacy-vulnerability-getting-exposed-by-metamask-693c63c2ce94

• Using AD-INT (via MAC Address & ads).

Telegram:

• github.com/lamer112311/Dnnme2

• github.com/Bafomet666/Bigbro

• t.me/ibederov_en/252

Regarding tracking:

• github.com/OffcierCia/On-Chain-Investigations-Tools-List

For educational purposes only! You have been warned. Illegal activity is bad!

• t.me/s/officer_cia

• officercia.mirror.xyz

• More info & More info

Support is very important to me, with it I can do what I love — educating users!

• Check out my GitHub

• Follow my Twitter

• Track all my activities

• All my Socials

• Join my TG channel

https://github.com/OffcierCia/support

If you want to support my work, you can send me a donation to the address:

• 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc

• 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC

• 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR

• DeFi Roadmap grant page!

Stay safe!