Blockchain Insights Hub

Discover a world of blockchain and cybersecurity insights with the Blockchain Insights Hub on GitHub. This expansive repository offers a rich collection of resources, including the latest in blockchain research, thorough analyses of crypto crimes, updates on cybersecurity regulations, and an extensive suite of tools for blockchain development and cyber threat analysis. Ideal for blockchain enthusiasts, cybersecurity professionals, academic researchers, and regulatory bodies, this hub provides direct access to crucial information and tools, empowering you to stay ahead in the dynamic realms of blockchain technology and cybersecurity. Simply click on a topic of interest to jump directly to that specific section.

This section contains a collection of academic research papers focused on blockchain technology, covering a wide range of topics including security measures, anomaly detection, and network vulnerabilities. The papers explore various aspects of blockchain networks, from advanced techniques for monitoring and detecting unusual activities to comprehensive surveys of existing models and methodologies. Each study contributes to the broader understanding of blockchain's capabilities, challenges, and future research directions.

Anomaly Detection based on Traffic Monitoring for Secure Blockchain Networking TLDR This research explores advanced security measures for blockchain networks by focusing on vulnerabilities to threats like denial of service, Eclipse spoofing, and Sybil attacks. Instead of analyzing the blockchain ledger, it introduces a security approach based on monitoring blockchain network traffic statistics. The proposed system comprises a data collection engine for traffic monitoring and an anomaly detection engine employing semi-supervised learning to spot unusual patterns. Experimental results showcase its efficiency in real-time detection of malicious activities, achieving reduced time complexity through prioritized feature analysis.
Anomaly Detection in Blockchain Networks: A Comprehensive Survey TLDR The paper "Anomaly Detection in Blockchain Networks: A Comprehensive Survey" provides an in-depth analysis of integrating anomaly detection models in blockchain technology. It discusses the importance of identifying anomalous behavior within blockchain networks to ensure security and reliability. The paper covers various evaluation metrics and key requirements crucial for developing effective anomaly detection models for blockchain. Additionally, it presents a thorough survey of different anomaly detection models from the perspective of each layer of blockchain, concluding with an exploration of significant challenges and future research directions in this field.
Cross-chain Transactions TLDR This paper addresses the challenges in cross-chain transactions, where multiple parties exchange assets across various blockchains. It details how these transactions can be represented as a directed graph with vertices representing parties and edges representing asset transfers. The study introduces a novel uniform protocol for general cross-chain transactions, including those with sequenced and off-chain steps, ensuring that if all parties adhere to the protocol, assets are transferred without loss even if a party deviates from the protocol. Additionally, the paper introduces an end-to-end property guaranteeing that if the source parties pay, the sink parties are paid. A significant contribution is the development of the XCHAIN tool, which automatically generates smart contracts in Solidity based on high-level descriptions of cross-chain transactions.
Detecting malicious accounts in permissionless blockchains using temporal graph properties TLDR This paper focuses on identifying malicious behavior in permissionless blockchain networks like Ethereum. It emphasizes the importance of understanding the temporal characteristics of blockchain interactions for security. The authors introduce temporal features such as burst and attractiveness, alongside traditional graph properties like node degree and clustering coefficient. Using these features, they train various machine learning models to detect malicious accounts effectively. The study also analyzes account behaviors over different temporal granularities before labeling them as malicious, leading to the identification of specific accounts that exhibit suspicious activities. This research contributes significantly to enhancing security measures in blockchain technology by providing a methodology for early detection of potential threats.
Efficient Fraud Detection in Ethereum Blockchain through Machine Learning and Deep Learning ApproachesTLDR This paper focuses on identifying fraudulent transactions in the Ethereum blockchain using various machine learning techniques. The study employs a public dataset of Ethereum transactions, preprocessing it to extract pivotal features and then applying predictive modeling. Several algorithms, including decision trees, logistic regression, gradient boosting, XGBoost, and a hybrid model combining random forests and deep neural networks (DNN), are evaluated for their effectiveness in distinguishing between fraudulent and legitimate transactions. The proposed model achieves a precision rate of 97.16%, significantly outperforming existing methods in detecting Ethereum fraud. The study contributes to enhancing blockchain security by demonstrating the effectiveness of sophisticated machine learning and deep learning strategies in fraud detection.
Evolve Path Tracer: Early Detection of Malicious Addresses in Cryptocurrency TLDR This paper introduces an innovative approach to early detection of malicious addresses in the cryptocurrency domain. The Evolve Path Tracer model is central to their approach, consisting of the Evolve Path Encoder LSTM, Evolve Path Graph GCN, and Hierarchical Survival Predictor. These components work together to analyze asset transfer paths and corresponding path graphs, capturing early transaction patterns of potential fraud. The model's effectiveness is tested on three real-world illicit bitcoin datasets, showing superior performance compared to existing methods. This paper contributes significantly to the field of cryptocurrency security, offering a scalable and efficient solution for early fraud detection.
Identification of token contracts on Ethereum: standard compliance and beyond TLDR This paper discusses the challenge of detecting illegal activities in blockchain technology, which has seen a surge in adoption. The authors propose a novel approach that focuses on using Domain Names (DNs) associated with blockchain accounts to determine their malicious nature. They emphasize the importance of temporal aspects linked to these DNs in their methodology. Their technique achieves a balanced-accuracy of 89.53% in detecting malicious blockchain DNs. The study identifies 73,769 DNs exhibiting malicious behavior at least once, with 34,171 of these showing persistent malicious behavior. Interestingly, none of these identified malicious DNs were previously reported in newly officially tagged malicious blockchain DNs.
Identifying malicious accounts in blockchains using domain names and associated temporal properties TLDR This paper focuses on combating illegal activities in blockchain technology. The study explores the use of machine learning algorithms trained on transaction behavior and vulnerabilities in the system, incorporating metadata like Domain Names (DNs) and their temporal aspects to detect malicious accounts. The research identifies 144930 DNs exhibiting malicious behavior, with 54114 showing persistent malicious actions over time. The approach includes both temporal and non-temporal features in machine learning pipelines, achieving high balanced-accuracy in detecting malicious blockchain DNs using both supervised and unsupervised learning methods.
Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Security Threats TLDR This paper focuses on enhancing the security of smart contracts on blockchain platforms like Ethereum. It introduces a machine learning-based approach, specifically using Long Short-Term Memory (LSTM) models, to detect security vulnerabilities in smart contracts at the opcode level. This is the first instance of applying LSTM for smart contract exploit detection. The model outperforms traditional symbolic analysis tools in detecting vulnerabilities and maintains constant analysis time despite increasing contract complexity. The effectiveness of the LSTM model was validated through testing on over 620,000 smart contracts from the Ethereum blockchain dataset.
Understanding Money Trails of Suspicious Activities in a cryptocurrency-based Blockchain TLDR This paper presents a comprehensive approach to identifying fraudulent transactions within the Ethereum blockchain using advanced machine learning and deep learning techniques. The study utilizes a public dataset of 9841 Ethereum transactions and engages in two primary phases: data preprocessing and predictive modeling. The research explores various machine learning algorithms, including decision trees, logistic regression, gradient boosting, XGBoost, and a novel hybrid model that combines random forests with deep neural networks (DNN). The findings demonstrate that the proposed model achieves a precision rate of 97.16%, significantly improving fraudulent transaction detection on the Ethereum blockchain compared to existing methods. This research contributes to enhancing the security of blockchain transactions by implementing sophisticated analytical strategies.
Vulnerability and Transaction behavior based detection of Malicious Smart Contracts TLDR This paper investigates the link between vulnerabilities in Smart Contracts (SCs) and malicious activities. The study utilizes a 'Turing-complete' programming language, Solidity, which, while enabling automation of tasks in SCs, also introduces vulnerabilities that malicious actors can exploit. The authors map various vulnerability vocabularies, showing how different vulnerabilities are referred to in SC code analysis tools. They found that not all SCs with vulnerabilities are exploited and that the severity of these vulnerabilities doesn't necessarily impact transaction behavior. However, a correlation exists between certain types of malicious activities and specific vulnerabilities. Utilizing unsupervised machine learning algorithms, the research identified 1094 benign SCs behaving similarly to malicious ones when including vulnerability severity scores in the feature set.
Address clustering heuristics for Ethereum TLDR This paper presents novel approaches to cluster Ethereum addresses, identifying entities likely controlling multiple addresses. It addresses a gap in existing heuristics that were largely focused on Bitcoin's UTXO model and not directly applicable to Ethereum's account model. The paper proposes three heuristics: exploiting patterns related to deposit addresses, multiple participation's in airdrops, and token authorization mechanisms.
SourceP: Detecting Ponzi Schemes on Ethereum with Source Code TLDR The paper proposes SourceP, a novel method to detect smart Ponzi schemes on Ethereum. This method utilizes pre-training models and data flow, significantly simplifying data acquisition and enhancing interpretability compared to existing detection techniques that rely on bytecode, opcode, account features, and transaction behavior. SourceP converts smart contract source code into a data flow graph, then uses a pre-training model for code representation to classify Ponzi schemes. It outperforms current methods with 87.2% recall and 90.7% F-score, demonstrating strong performance and sustainability.
Detecting Ponzi Schemes on Ethereum: Towards Healthier Blockchain Technology TLDR The paper discusses the increasing popularity of blockchain technology and the concurrent rise of scams like Ponzi schemes on the Ethereum platform. It introduces a method to detect these schemes using data mining and machine learning techniques. This approach involves extracting features from user accounts and operation codes of Ethereum smart contracts to build a classification model. The model effectively identifies potential Ponzi schemes, even at the moment of their creation, with high accuracy. The study estimates over 400 active Ponzi schemes on Ethereum and suggests developing a uniform platform for evaluating and monitoring smart contracts to provide early warnings of scams.
Tracing Transactions Across Cryptocurrency Ledgers TLDR The paper titled presented at the USENIX Security Symposium focuses on the interconnection between different cryptocurrencies. It introduces techniques to trace transaction flows across multiple cryptocurrencies, primarily Bitcoin and Ethereum, which are otherwise considered separate and disconnected. The research demonstrates how cross-currency trades on non-custodial cryptocurrency exchanges can be tracked. By leveraging unique transactional patterns and behaviors, the study reveals insights into user activities and cryptocurrency flows across different blockchain ecosystems. The findings have significant implications for understanding the broader landscape of cryptocurrency movements and can be used to enhance security and anti-money laundering measures in the digital currency domain.
An Overview on Smart Contracts: Challenges, Advances and Platforms TLDR The paper discusses the transformative impact of smart contract technology on traditional industries and business processes. Smart contracts, embedded in blockchains, automate the enforcement of contractual terms without needing a trusted third party. This automation reduces administrative costs, enhances business process efficiency, and lowers risks. However, the paper also highlights several challenges that need addressing to fully harness the potential of smart contracts. It includes a survey on smart contracts, detailing their challenges, technical advances, a comparison of smart contract platforms, and a categorization of smart contract applications with examples.
Modelling, Analysis, and Performance Evaluation of Cross-Chain Transactions TLDR This paper focuses on the development of a cross-chain model generator called Hephaestus to mitigate risks in blockchain interoperability (BI) and cross-chain transactions. It addresses the vulnerability of cross-chain bridges to attacks, which have led to significant financial losses. Hephaestus captures local transactions and generates cross-chain models, assisting in monitoring and identifying potential malicious activities or deviations from expected behavior. The system has shown promising results in processing cross-chain transactions efficiently and provides a framework for evaluating the state and security of cross-chain applications.
An overview on cross-chain: Mechanism, platforms, challenges and advances TLDR This paper explores the development and application of blockchain cross-chain technology, emphasizing the importance of cross-chain technology in enhancing blockchain interoperability and scalability. It presents a comprehensive examination of current cross-chain technologies and projects, including detailed analyses and comparisons. The paper also discusses the challenges faced by current cross-chain technologies and offers potential solutions, contributing to the ongoing development of cross-chain technology.
A review of blockchain cross-chain technology TLDR This article examines the development, significance, and current research status of blockchain cross-chain technology, focusing on methods for data interaction and value transfer between different blockchains. It proposes an interoperability architecture to address security, privacy, and effectiveness issues, categorizing various cross-chain technologies and techniques. The paper highlights the importance of cross-chain technology in improving blockchain interconnectivity, interoperability, and scalability, offering a systematic overview of mainstream technologies and projects in this field.
Xscope: Hunting for Cross-Chain Bridge Attacks TLDR This article presents the first comprehensive study on the security of cross-chain bridges, which have emerged as a popular solution for asset interoperability between heterogeneous blockchains. Despite their efficiency and flexibility, these bridges have faced over ten severe attacks in the past year due to complex workflows involving on-chain smart contracts and off-chain programs, leading to significant financial losses. The paper introduces three new classes of security bugs and a set of security properties and patterns to characterize them. Additionally, it presents Xscope, an automatic tool developed to identify security violations in cross-chain bridges and detect real-world attacks. This tool was evaluated on four popular cross-chain bridges, successfully detecting all known attacks and identifying previously unreported suspicious attacks.
SoK: Security of Cross-chain Bridges: Attack Surfaces, Defenses, and Open Problems TLDR This research paper focuses on the security aspects of cross-chain bridges, which are critical for token and data exchanges across different blockchains. The authors categorize cross-chain attacks from the past two years into 10 distinct types, each accompanied by explanations and Solidity code examples. The paper also explores existing and potential defenses against these security vulnerabilities and discusses open questions and future research directions in the realm of cross-chain bridge security.
TIME-TRAVEL INVESTIGATION: TOWARDS BUILDING A SCALABLE ATTACK DETECTION FRAMEWORK ON ETHEREUM TLDR In this paper, the authors address the challenge of efficiently detecting and investigating attacks on the Ethereum blockchain. They introduce a scalable framework that stores Ethereum's state in a database, facilitating the efficient identification of suspicious transactions and allowing for the replay of any transaction with fine-grained state data. Their prototype, EthScope, overcomes issues of incomplete Ethereum state, scalability, and extensibility, demonstrating significant improvements in transaction replay speed and storage efficiency. The system enables analysts to better understand attack behaviors and detect more attacks, and the authors plan to release both the system and a dataset of detected attacks to the community.
Forerunner: Constraint-based Speculative Transaction Execution for Ethereum TLDR This paper introduces a new approach for speculative execution on Ethereum. Unlike traditional methods that predict a single future with high accuracy, Forerunner speculates on multiple futures and utilizes speculative results from imperfect predictions when certain constraints are met. This results in a significant acceleration of transaction execution through a unique multi-trace program specialization and a new form of memoization. In real-time tests with the worldwide Ethereum network, Forerunner processed 13 million transactions, achieving an 8.39x speedup for transactions heard during the dissemination phase and a 6.06x overall end-to-end speedup.
Dark side of decentralised finance: a call for enhanced AML regulation based on use cases of illicit activities TLDR The paper examines the risks and challenges of Decentralised Finance (DeFi), particularly in the context of anti-money laundering (AML). It explores the criminal exploitation of DeFi, such as money laundering, and stresses the difficulty in tracking illicit activities due to its decentralized nature. The study advocates for a balanced regulatory framework, emphasizing international cooperation and a focus on enhancing AML regulations to mitigate these risks.
Decentralized Model to Protect Digital Evidence via Smart Contracts Using Layer 2 Polygon Blockchain TLDR The research presents a novel model for managing digital evidence in legal proceedings using smart contracts and Layer 2 Polygon Blockchain, aiming to enhance security and integrity. This decentralized approach addresses vulnerabilities like data manipulation and unauthorized access inherent in centralized systems. The study demonstrates the model's effectiveness through simulations, showcasing its potential to revolutionize evidence management in digital forensics.
Demystifying Exploitable Bugs in Smart Contracts TLDR This analyzes 516 unique smart contract vulnerabilities from 2021-2022, categorizing them into seven types and assessing their exploitability against existing detection tools. It reveals that 80% of these vulnerabilities are undetectable by current automated methods, highlighting significant gaps in smart contract security. The research offers detailed insights into the nature of these bugs, their auditing challenges, and proposes abstract models for better detection and prevention strategies.
Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract TLDR This paper introduces STING, a novel defense mechanism for Ethereum smart contracts that synthesizes counterattack contracts to intercept funds from attacking transactions. Leveraging Maximal Extractable Value, STING detects and counters real-world exploits by front-running attackers in the blockchain's mempool. Tested against 62 real-world exploits, STING successfully neutralized 54, demonstrating a promising new approach to blockchain security.
GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis TLDR The research paper introduces GPTScan, a novel tool that integrates Generative Pre-training Transformer (GPT) with static analysis for detecting logic vulnerabilities in smart contracts. This approach addresses the limitation of current tools that fail to audit about 80% of Web3 security bugs. GPTScan uses GPT as a versatile code understanding tool, breaking down vulnerabilities into scenarios and properties for effective detection. It has shown high precision in identifying vulnerabilities, including those missed by human auditors, and is both fast and cost-effective.
Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study TLDR This study investigates the effectiveness of existing vulnerability scanners in detecting security issues in Ethereum smart contracts. It highlights that despite the development of various tools for security analysis, significant discrepancies exist in their findings, leading to poor overall performance in vulnerability detection. The study employs extensive datasets, including over 77,000 source codes and 4 million bytecodes, and tests 17 different scanners. It finds that these tools often fail to agree on the presence of vulnerabilities, raising questions about their reliability and the current state of smart contract security analysis.
Chatgpt for cybersecurity: practical applications, challenges, and future directions TLDR The research paper "ChatGPT For Cybersecurity" examines the dual role of ChatGPT in cybersecurity, highlighting its potential for both enhancing security measures and posing new threats. It delves into ChatGPT's capabilities in creating complex cybersecurity scenarios, including both defensive strategies like honeypots and offensive tactics like malware development, while emphasizing the ethical and legal challenges posed by this AI technology.
From ChatGPT to ThreatGPT: Impact of Generative AI in Cybersecurity and Privacy TLDR This research paper delves into the evolving landscape of Generative AI (GenAI) models in 2022, particularly focusing on their impact on cybersecurity and privacy. It explores the growing complexity and capabilities of GenAI models like ChatGPT and Google Bard, highlighting the social, ethical, and privacy implications they pose. The paper identifies vulnerabilities in ChatGPT that could be exploited by malicious actors, showcasing example attacks such as Jailbreaks, reverse psychology, and prompt injection. Additionally, it investigates how cyber offenders might use GenAI tools for various cyber attacks, including social engineering, phishing, automated hacking, and malware creation.
The Devil Behind the Mirror: Tracking the Campaigns of Cryptocurrency Abuses on the Dark Web TLDR This research paper presents a comprehensive investigation into the use of the dark web for cryptocurrency-related illicit activities. The study involves the collection of data from thousands of cryptocurrency-related onion sites and the detection of illicit blockchain transactions, shedding light on the characteristics and dynamics of cryptocurrency abuses in this hidden online ecosystem. The findings reveal the existence of numerous illicit sites, blockchain addresses, and campaigns, highlighting the interconnected nature of illicit activities on the dark web and the potential for early detection and prevention of such activities.

Cybercrime

Understanding cybercrime in ‘real world’ policing and law enforcement TLDR This paper provides an in-depth exploration of cybercrime, highlighting its growing prevalence and the challenges faced by law enforcement in addressing these crimes. It delves into the technological, individual, social, and situational aspects that foster cybercrime, offering insights into how this knowledge can inform more effective policing strategies. The study emphasizes the complexity and evolving nature of cybercrime, underscoring the need for specialized knowledge and approaches in both investigation and prevention.
Cybercrimes: A Proposed Taxonomy and Challenges TLDR This paper presents an extensive survey on cybersecurity, proposing a new taxonomy for cybercrime that encompasses various types of cyberattacks. It categorizes recent incidents based on fundamental cybersecurity principles like confidentiality, integrity, and availability, and analyzes these incidents to identify challenges in the field. The study also discusses the evolution and increasing complexity of cybercrimes, highlighting the need for updated security strategies and future research directions in cybersecurity.
Conceptualizing Cybercrime: Definitions, Typologies and Taxonomies TLDR This paper addresses the complexities and inconsistencies in defining and understanding cybercrime across different jurisdictions, highlighting the impact on legal, policy, and academic spheres. Through a structured literature review, it identifies key definitions, typologies, and taxonomies of cybercrime from both academic and non-academic sources, culminating in a new classification framework to better understand cybercrime and cyberdeviance. The review acknowledges ongoing challenges in conceptualizing cybercrime but offers recommendations for future work towards a universal understanding and a comprehensive classification system.
Analyzing the Performance of the Inter-Blockchain Communication Protocol TLDR This paper introduces a novel framework for empirically evaluating cross-chain communication protocols, with a focus on the Cosmos Network's Inter-Blockchain Communication Protocol (IBC). It aims to identify and analyze the limitations of these protocols, addressing the growing demand for effective blockchain interconnectivity. The comprehensive evaluation of the Cosmos Network's IBC exemplifies the paper's approach towards enhancing the performance and understanding of cross-chain communication in the blockchain sector.
A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate TLDR This article examines the rapidly evolving threat landscape of cyberattacks and the challenges organizations face in measuring and understanding the harm caused by such incidents. It presents a taxonomy of cyber-harms based on extensive literature review and case studies, categorizing them into physical/digital, economic, psychological, reputational, and social/societal harms. The article also analyzes real-world cases, including incidents at Sony, JPMorgan, and Ashley Madison, to illustrate how different types of cyber-harm interconnect and propagate, ultimately advocating for analytical tools to help organizations assess and manage these harms effectively.
SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX TLDR This paper addresses security concerns in SGX (Software Guard Extensions) systems, which often assume enclaves to be trusted and overlook risks posed by untrusted enclaves. The authors propose a mechanism to confine an untrusted enclave's behavior, targeting the asymmetries between enclave and host that could be exploited for unauthorized memory access and manipulation. Their solution employs Intel MPK for memory isolation and x86 single-step debugging for exit event capturing, ensuring mutual distrust and integrity checks. A prototype demonstrated the system's effectiveness with less than 4% performance overhead, proving its viability for real-world applications.
Architectural Design for Secure Smart Contract Development TLDR This research paper by Myles Lewis and Chris Crawford proposes a novel security model for smart contract development on blockchain networks, particularly Ethereum. It emphasizes a dual approach combining static and dynamic analysis to identify vulnerabilities, and introduces a security rating certificate to certify smart contracts that meet high security standards. This comprehensive model aims to enhance trust and security in blockchain applications, potentially setting new industry benchmarks.

Resources

General

CoinGecko 🟡 TLDR CoinGecko is the world's largest independent cryptocurrency data aggregator, tracking over 11,000 cryptoassets across more than 900 exchanges globally. It functions as a website and mobile app, aggregating information on the performance of a vast array of cryptocurrencies and providing real-time data on prices, trading volumes, and price fluctuations. CoinGecko distinguishes itself by offering a comprehensive 360-degree overview of the crypto market, including features like market cap, contract addresses, and exchange support for a large number of tokens, along with additional customization options not found in similar platforms.

Glassnode 🟡 TLDR Glassnode is a leading blockchain data and intelligence platform, offering a comprehensive library of on-chain and financial metrics to provide a holistic and contextualized view of the cryptocurrency markets. Founded in Germany in 2018 and headquartered in Zug, Switzerland, Glassnode specializes in cryptanalysis, utilizing on-chain indicators to generate intelligent data and insights, thereby bringing transparency to blockchain activities and enabling informed decisions in the crypto space.

DefiLlama 🟡 TLDR DefiLlama is the largest Total Value Locked (TVL) aggregator for decentralized finance (DeFi), known for its commitment to providing accurate, ad-free, and transparent data. As a comprehensive DeFi analytics dashboard, it tracks TVL across various projects, decentralized exchanges, lending protocols, yield farming, and staking pools, covering over 1500 DeFi protocols from more than 80 different blockchains. DefiLlama's data is fully open-source, maintained by a dedicated team and contributors from numerous protocols, emphasizing a transparent and accurate data methodology.

CryptoPanic 🟢 TLDR CryptoPanic is a comprehensive news aggregator platform tailored for traders and cryptocurrency enthusiasts, providing critical insights on price and market impacts. It offers features like portfolio tracking, media feeds, and blogs, and allows users to vote on important news items, marking them as bullish or bearish signals. This platform is especially useful for understanding the reasons behind cryptocurrency price movements, making it a valuable tool for day traders and those seeking to stay informed about the dynamic crypto market.

Blockchain Threat Intelligence 🟢 TLDR The "Blockchain Threat Intelligence" newsletter, authored by Peter Kacherginsky, is a weekly, independent publication that provides comprehensive coverage of the latest security news, tools, events, vulnerabilities, and threats in the cryptocurrency landscape. It focuses on blockchain, DeFi, and exchange threat intelligence, offering valuable insights into hacks and security developments, and has garnered a substantial subscriber base interested in staying informed about the dynamic and rapidly evolving field of blockchain security.

Rekt 🟢 TLDR Rekt News is an anonymous platform where whistleblowers and DeFi detectives can present their findings to the community. It focuses on analyzing major hacks and exploits in the crypto and DeFi space, providing creative commentary aimed at both educating and entertaining its readers. The content on Rekt News delves into the darker side of DeFi journalism, offering detailed accounts and analysis of various cryptocurrency exploits and security breaches, making it a go-to source for those looking to understand the risks and vulnerabilities inherent in the DeFi sector.

Web3Sec 🟢 TLDR Web3Sec is a community-driven platform aimed at keeping users informed about the latest in web3 security, blockchain technology, and audits. It's designed as a resource for professionals to stay ahead of breaches and hacks, offering news and insights conveniently. The platform also provides a means to join a like-minded community to learn and contribute to a secure web3 future, with features like an all-in-one security resource center that includes a search and date filter for tracking web3 hacks and trends.

Week in Ethereum News TLDR Week in Ethereum News is an online newsletter providing weekly updates and insights on Ethereum-related developments. It covers a wide range of topics including Ethereum network upgrades, decentralized finance (DeFi), layer 1 and layer 2 developments, security issues, ecosystem news, and updates for developers. The site is a valuable resource for anyone interested in staying informed about the latest trends, technological advancements, and changes in the Ethereum blockchain and its growing ecosystem.

HashingBits TLDR HashingBits, provided by QuillAudits on Substack, is a weekly newsletter focused on Web3.0 cybersecurity. It shares the latest information on hacks, research, tools, and career opportunities related to the Web3.0 space. The newsletter aims to keep its subscribers informed and ahead in the rapidly evolving field of Web3.0 security and related technologies.

ShapeShift TLDR ShapeShift is a comprehensive, community-owned, and non-custodial multichain crypto platform that allows users to trade, track, buy, and earn cryptocurrencies across various blockchains. Transitioning from a centralized entity to a decentralized autonomous organization (DAO) in July 2021, ShapeShift has been pivotal in building a borderless, self-custodial, multi-chain financial system founded on open, decentralized protocols. The launch of the ShapeShift v2 platform signifies its commitment to being open-source, non-custodial, and blockchain agnostic, providing a gateway into decentralized finance (DeFi) for crypto enthusiasts, enabling them to manage their digital assets across multiple chains without compromising privacy or incurring additional fees.

DappRadar TLDR DappRadar, known as the World's Dapp Store, serves as a comprehensive platform for discovering and analyzing decentralized applications (dapps) across various blockchains and product categories. It offers tracking and insightful performance analysis of dapps on networks like Ethereum, BNB Chain, Avalanche, Polygon, and Solana. As the largest Web3 dapp distribution platform, DappRadar attracts over a million users monthly who utilize it to explore new dapps, gain insights into DeFi and NFT collections, and learn about GameFi and play-to-earn gaming. Established in 2018, DappRadar has become a key destination for developers to submit their dapps, with over 8,255 dapps submitted in 2022 alone, reflecting its significant role in aggregating and organizing global blockchain data and providing reliable, data-driven insights to the community.

Flipside TLDR Flipside Crypto, founded in 2017, is a data analytics company providing blockchain analytics and business intelligence for crypto organizations. The company offers an array of services including cryptocurrency investment, stock market data, audience data, and updates on 17 blockchains, and has raised significant funding, underscoring its impact in the blockchain analytics space.

Dune Analytics TLDR Dune Analytics is a community-first Web3 analytics platform that focuses on making crypto data accessible to a broad audience. Founded in Oslo, Norway in 2018 by Fredrik Haga and Mats Olsen, the platform provides tools for users to query, extract, and visualize data from various public blockchains, including Ethereum, Bitcoin, BNB Chain, Arbitrum, Solana, Gnosis Chain, Polygon, Avalanche, Fantom, Goerli, and Optimism. It allows users, including crypto-asset analysts and investors, to explore and share blockchain ecosystem analytics, research specific projects like NFTs and DeFi platforms, and create visualizations using the data.

Nansen 🟡 TLDR Nansen is a blockchain analytics platform renowned for enriching on-chain data with millions of wallet labels, assisting crypto investors in discovering opportunities, conducting due diligence, and protecting their portfolios through real-time dashboards and alerts.

Ultimate DeFi & Blockchain Research Base 🟡 TLDR The Ultimate DeFi Research Database is a comprehensive resource compiling information and analysis on various decentralized finance (DeFi) projects, protocols, and technologies. It serves as a valuable tool for investors, developers, and enthusiasts to stay informed and conduct in-depth research on the rapidly evolving DeFi landscape, including trends, risks, and opportunities.

Security

OpenZeppelin 🟢 TLDR OpenZeppelin is a leading library for smart contract development on the Ethereum blockchain, offering secure, audited, and reusable code modules like ERC20 and ERC721 tokens, access control, and security features. It's widely used by developers to build decentralized applications, ensuring best practices and reducing the risk of vulnerabilities in smart contract code.

Audit Wizard 🟢 TLDR Audit Wizard is a unique platform designed for the auditing of smart contracts. It integrates all essential tools required for this purpose, facilitating seamless code security. The platform addresses the complexities of the web3 security landscape by offering an all-in-one solution that includes static code analysis, proof-of-concept (PoC) testing, AI threat modeling, and automatic audit report generation, all accessible through a user-friendly interface without the need for downloads. Additionally, Audit Wizard provides comprehensive web3 security tools, such as vulnerability scanning, AI-driven vulnerability detection, and PoC testing, enhancing the overall security and reliability of smart contracts.

Forta 🟢 TLDR Forta is a real-time monitoring and security platform designed for the decentralized finance (DeFi) ecosystem, providing tools to detect and prevent threats in smart contracts and blockchain protocols. It leverages a decentralized network of independent node operators and a suite of detection bots to ensure the security and integrity of on-chain activities, enhancing the resilience of DeFi applications against attacks and vulnerabilities.

BLOCKSEC Phalcon Explorer 🟢 TLDR The Phalcon Explorer is a sophisticated tool designed to aid developers, traders, and researchers in intuitively understanding and dissecting complex transactions on blockchain platforms. It is known for its ability to handle complicated transactions with thousands of internal transactions, providing reliable results and analyzing over 500K transactions per month.

BLOCKSEC MetaSleuth 🟢 TLDR MetaSleuth is a crypto tracking and investigation platform. It provides a visual flow of funds map to help users analyze and track fund transfers, which can be particularly useful for compliance services by exchanges, wallets, and Virtual Asset Service Providers (VASPs). It's designed to allow users to investigate and share findings about fund transfers, which could be a valuable tool for addressing and understanding blockchain transactions and potential security incidents.

BLOCKSEC MetaDock 🟢 TLDR MetaDock is a browser extension offered by BlockSec designed to enhance the experience of crypto users navigating the blockchain. It offers features such as viewing fund flows with one click, gaining insights from high-value correlated addresses, and understanding risks associated with NFT collections via a comprehensive radar chart. Additionally, MetaDock provides enhanced labels, compliance scores, and security alerts for addresses and transactions, interacts with popular blockchain tools, and aims for a more user-friendly blockchain exploration experience. It emphasizes user privacy, not collecting or uploading user information, and allows users to opt-out of features at any time.

Slither 🟢 TLDR Slither is a static analysis tool for Solidity, the primary programming language used for Ethereum smart contracts. Developed by Trail of Bits, it's designed to help developers identify vulnerabilities and code issues in smart contracts before they are deployed on the Ethereum network. Slither analyzes the contract's source code, detecting a wide range of security issues, code optimizations, and best practice violations. It's widely used in the Ethereum development community for enhancing the security and quality of smart contract code. Slither is an important tool for any developer looking to ensure the safety and efficiency of their Ethereum-based applications.

EthTx Transaction Decoder 🟡 TLDR EthTx.info is a platform that provides detailed information about Ethereum transactions. It allows users to explore and analyze Ethereum blockchain transactions, offering insights into the specifics of each transaction, such as the sender, receiver, amount, gas used, and other relevant data. If you need information about a particular transaction, you can use EthTx.info by entering the transaction hash in their search bar.

Immunefi 🔴 TLDR Immunefi is a cybersecurity platform specializing in blockchain and smart contract security, primarily known for hosting bug bounty programs to identify and resolve vulnerabilities in crypto projects. It acts as a bridge between whitehat hackers and blockchain projects, incentivizing the discovery of security flaws to enhance the overall safety and integrity of the DeFi and crypto ecosystem.

Spearbit TLDR Spearbit is a technology company founded in 2021, specializing in Web3 security services. It operates as a decentralized network of security experts, providing consulting services focused on scoping, information gathering, platform security, fix recommendations, and security review updates. Spearbit's unique approach involves sourcing top talent from across the Web3 ecosystem and investing in the mentorship of new security researchers, facilitating their collaboration with industry leaders.

Sherlock 🔴 TLDR Sherlock.xyz offers comprehensive security auditing services for blockchain protocols, specializing in smart contracts. They boast a combination of legacy audit techniques and audit contests to create robust security audits in Web3. Their services include thorough security audits, allowing participants to find bugs and earn rewards, and the opportunity to stake USDC for yields, backed by secure protocols. Sherlock differentiates itself with a deep expertise in auditing, being recognized as an effective underwriter in Web3. They provide up to $5 million in reimbursement in the event of a hack and a $500,000 bug bounty for covered exploits, with a trustless claims process ensuring payouts are executed entirely through smart contracts without the possibility of claim blocking.

Code4rena 🔴 TLDR Code4rena is a competitive audit platform founded in 2021, known for efficiently identifying high-severity vulnerabilities in smart contracts faster than other auditing methods. It operates as a decentralized, open organization comprising security researchers, auditors, developers, and individuals with smart contract expertise, focusing on a community-driven approach to competitive smart contract audits.

CodeHawks TLDR CodeHawks is a platform specializing in smart contract auditing. It allows individuals to register as auditors, enabling them to participate in security contests and challenges. These contests include both competitive and private audits. In competitive audits, auditors attempt to find vulnerabilities within a set time, with their identities hidden until rewards are distributed. A final audit report is produced after evaluating all findings. Private audits function like UpWork for auditors, where auditors bid on projects or are invited by protocols. The platform serves as a bridge connecting protocol developers, who submit codebases for auditing, with security-focused researchers.

Hats.finance TLDR Hats.finance is a platform aiming to become the decentralized infrastructure of choice for Web3 security. It builds self-sufficient and autonomous security infrastructure, integrating with major DeFi protocols to enhance security. The platform offers various proactive distributed security mechanisms including a decentralized bug bounty ecosystem, skin-in-the-game audits, and audit competitions. Audit competitions are time-based events where high-quality auditors compete to secure smart contracts quickly. Skin-in-the-game audits require auditors to deposit a portion of their fee into a project's bug bounty, aligning incentives for ongoing project security. Additionally, the bug bounty ecosystem operates fully on-chain, supporting liquidity contributions to vaults, with a decentralized arbitration mechanism to resolve disputes.

Ethernaut 🟢 TLDR Ethernaut is a Web3/Solidity-based war game inspired by overthewire.org, primarily used for educational purposes. It's designed to help developers learn Ethereum coding and smart contract security through interactive problem-solving. The game consists of various levels, each presenting a smart contract with a vulnerability. The player's goal is to exploit these vulnerabilities to progress.

Damn Vulnerable DeFi 🟡 TLDR Damn Vulnerable DeFi" is an educational platform offering a series of challenges designed to teach the offensive security of decentralized finance (DeFi) smart contracts on Ethereum. It serves as an interactive learning resource for the community, focusing on how to exploit vulnerabilities in smart contracts. The challenges encompass a wide range of DeFi-related topics, including flash loans, price oracles, governance, NFTs, decentralized exchanges (DEXs), lending pools, smart contract wallets, and timelocks, and require the creation of attacker contracts and execution of JavaScript code.

Capture the Ether TLDR Capture the Ether" is a game designed to teach the security aspects of Ethereum smart contracts through a series of engaging and educational challenges. Players hack into various Ethereum contracts, earning points for each successfully completed challenge. Aimed at both fun and education, it provides an opportunity for participants to enhance their hacking skills and gain deeper insights into Ethereum smart contract security. The game, which has been active for over two years, also features a leaderboard, adding a competitive element to the learning experience.

CryptoZombies TLDR CryptoZombies is renowned as the largest and most interactive education platform for blockchain development, particularly focused on Ethereum and Solidity. It offers a unique learning experience where users can learn to write smart contracts by building their own crypto-collectibles game. Having been operational for over four years, CryptoZombies has amassed over 400,000 registered users who have completed multiple courses, making it a pioneering tutorial for NFTs on the internet. The platform is not only popular among those new to web3 development but also continues to be relevant to experienced developers, with over 1 million classes completed. Additionally, CryptoZombies is exploring content expansion to cover other blockchain networks like Binance, TRON, and Chainlink, further broadening its educational scope.

openchain.xyz 🟢 TLDR OpenChain.xyz is a versatile tool offering a signature database for identifying unknown function selectors or event topics, and a transaction tracer for in-depth analysis of EVM-compatible transactions. It also includes ABI tools for encoding and decoding ABI data. OpenChain itself is an open-source distributed ledger technology designed for organizations to issue and manage digital assets securely, efficiently, and scalably. It features instant transaction confirmation, no mining fees, and high scalability, making it well-suited for a variety of applications in digital asset management.

etherface.io TLDR Etherface is a comprehensive platform that meticulously documents the signatures of Ethereum transactions conducted through smart contracts, leveraging hashes to enable easy searching for specific smart contracts, accessing their corresponding hashes, and gaining insights into transaction history and associated signatures. With an extensive collection of over 7.5 million signatures gathered from various sources including Etherscan, GitHub, and custom Solidity DApps, Etherface serves as a valuable resource for developers, facilitating seamless access to project repositories associated with smart contracts.

4byte.directory 🟢 TLDR 4byte.directory is a comprehensive database that contains over 1.3 million Ethereum function call signatures, essential for mapping byte signatures of Ethereum transactions to their human-readable versions. It primarily assists in identifying the first four bytes of data sent with a transaction in the Ethereum Virtual Machine, defined as the Keccak hash (SHA3) of the canonical representation of the function signature, and also includes mappings for event signatures. This valuable resource for developers processes close to 8.6 million daily requests and offers an API for retrieving and filtering signatures, enhancing the understanding and tracking of Ethereum blockchain transactions.

ZIION TLDR ZIION 23.2, the latest version of the world's first operating system dedicated to blockchain development and security auditing, marks a significant advancement in tools for Web3 developers and auditors. This release includes enhanced capabilities for Cloud, Web, and IoT auditing, reinforcing ZIION's position as a comprehensive VM for the Web3 domain and beyond. By integrating a wide range of resources for auditing across multiple platforms, ZIION 23.2 offers over 100 pre-installed tools, catering to the diverse needs of blockchain developers and security auditors in a rapidly evolving digital landscape.

secureum TLDR Secureum Bootcamp is a flagship community event specifically focused on Ethereum security. It serves as a significant educational and collaborative platform in the Ethereum security ecosystem, often in collaboration with entities like EFDevconnect. The event represents a vital initiative for enhancing security awareness and practices within the Ethereum community, playing a critical role in the ongoing development and stabilization of Ethereum's security infrastructure.

Foundry Fuzz TLDR Foundry Fuzz is a tool that is used for testing applications (in this case, smart contracts) by inputting large amounts of random data ("fuzz") to the contract and observing for any crashes, vulnerabilities, or unexpected behavior. Fuzzing is a common technique in software testing to find security vulnerabilities, and it's particularly useful in the context of smart contracts due to their immutable nature and the high financial stakes often involved in blockchain and cryptocurrency applications.

Echidna 🟢 TLDR Echidna is a sophisticated tool used for fuzzing Ethereum smart contracts to identify vulnerabilities and bugs. It employs property-based testing where developers define the properties that a contract should always satisfy, and Echidna generates various inputs to test these properties. This tool is essential in the Ethereum development ecosystem for ensuring smart contract security and reliability, as it helps detect potential exploits like reentrancy and integer overflows before deployment on the blockchain.

SlowMist Hacked 🟢 TLDR SlowMist Hacked is a website that tracks and reports on various hacking incidents in the blockchain and cryptocurrency domains. The site details different types of security breaches and attacks on blockchain platforms and digital wallets, providing insights into the methods used by hackers and the impact of these incidents on the blockchain ecosystem. It serves as a resource for understanding the vulnerabilities and security challenges in the rapidly evolving world of blockchain technology.

Recovery

Web3 Antivirus (W3A) TLDR Web3 Antivirus (W3A) is a security browser extension that provides robust protection against malicious smart contracts and phishing websites in the Web3 ecosystem. It is designed to give users full confidence while exploring Web3 by proactively alerting them to potential scams and dangerous actions. The extension includes features such as smart contract analysis, where it audits smart contracts to identify dangerous logic, critical vulnerabilities, and permissions that could compromise user assets.

Revoke.cash TLDR Revoke.cash is a platform designed to enhance the security of your digital assets on decentralized applications (dApps) like Uniswap or OpenSea by allowing you to revoke previously granted token approvals. This feature is crucial because without revoking these permissions, the dApps retain the ability to spend your tokens indefinitely.

cointool.app

app.unrekt.net TLDR The website app.unrekt.net features a Smart Contract Allowance Checker that is compatible with multiple blockchain networks including ETH, BSC, ARB, AVAX, FTM, MATIC, KAVA, BASE, HECO, CRONOS, MOONBEAM, ASTAR, DOGECHAIN, and CANTO. Its primary function is to help users find and revoke permissions granted to various addresses, allowing them to spend the user's tokens on these networks.

HackedWalletRecovery

Development

Alchemy 🟢 TLDR Alchemy is a blockchain development platform that provides tools for developers to build, scale, and operate decentralized applications (dApps) on the Ethereum network. It offers enhanced APIs, real-time data, powerful analytics, and other features to facilitate the development process.

Infura 🟢 TLDR Infura is a service that provides Ethereum and IPFS infrastructure and developer tools. It offers an easy-to-use API that allows developers to connect to Ethereum nodes without having to set up and maintain their own blockchain infrastructure. Infura is widely used for its reliability and scalability in handling Ethereum network requests.

Moralis TLDR Moralis is a platform that provides tools and services to simplify the development of decentralized applications (dApps) on various blockchain networks, including Ethereum. It offers a suite of features such as a fully managed, infinitely scalable backend infrastructure, real-time database synchronization, user authentication, and easy-to-use SDKs.

ZettaBlock TLDR ZettaBlock is an enterprise-grade, full-stack Web3 infrastructure platform that specializes in indexing and analytics, effectively merging on-chain and off-chain data. Designed to support real-time, public-facing applications, it allows developers to build reliable GraphQL APIs using SQL in a matter of minutes, without the need to focus on data processing at the frontend or backend. Positioned as an institutional-grade platform, ZettaBlock offers infinite scalability and the ability to unify private and on-chain data, apply custom logic, and instantly generate APIs. This infrastructure-as-code tool significantly reduces the time and resources needed for customers to orchestrate modern data platforms, making it a vital asset in the Web3 development space.

Tenderly 🟢 TLDR Tenderly is an all-in-one Web3 development platform designed to streamline the entire lifecycle of smart contract development, from initial creation to widespread adoption. It provides an integrated environment for building, testing, monitoring, and operating smart contracts, significantly enhancing the development process. The platform includes an open-source Command Line Interface (CLI) tool, which allows developers to see stack traces of their local smart contract execution, quickly identifying the exact line of code where any issues occur, thereby accelerating development efforts. Tenderly's comprehensive set of tools and features make it an essential resource for Web3 developers seeking to optimize smart contract development and deployment.

BuidlGuidl TLDR BuidlGuidl is a collaborative group focused on building tools with Scaffold-ETH, aiming to empower builders in creating resources and prototypes for the Ethereum ecosystem. The group focuses on developing forkable components with Scaffold-ETH, offering builders the flexibility to work on various projects, including new voting system components and challenges for SpeedRunEthereum. Members can join BuidlGuidl after completing the first four challenges on SpeedRunEthereum.

REMIX 🟢 TLDR Remix is an open-source web and desktop application used for writing, deploying, and testing smart contracts for Ethereum. It's commonly used by developers working with Ethereum's blockchain technology. Remix provides a user-friendly interface and a suite of tools that make it easier to write and debug Solidity code (Ethereum's smart contract language), interact with smart contracts, and manage Ethereum transactions.

Foundry TLDR The Foundry framework is a fast, portable, and modular toolkit for Ethereum application development, written in Rust. It includes Forge for testing smart contracts, written in Solidity or Vyper, and Cast for interacting with Ethereum nodes. Designed for efficiency and reliability, Foundry aims to provide developers with robust tools for building, testing, and deploying Ethereum-based applications effectively.

Hardhat TLDR Hardhat is an Ethereum development environment and framework designed for professionals. It provides developers with a comprehensive set of tools to easily set up, test, debug, and deploy smart contracts on the Ethereum network. Key features include a built-in Ethereum Virtual Machine (EVM), smart contract debugging capabilities, and network management for deploying to both public and private networks, enhancing the overall Ethereum development proces.

Brownie 🟢 TLDR Brownie is a Python-based development and testing framework for smart contracts on the Ethereum network. It integrates seamlessly with the Python programming environment, offering features like automated contract testing, interactive console, and built-in debugging tools. Brownie aims to simplify the development process for Ethereum developers by providing a straightforward and Pythonic interface, making it particularly suitable for those already familiar with Python programming.

ApeWorX TLDR The Ape Framework as a user-friendly Web3 development tool for compiling, testing, and interacting with smart contracts through a single command-line interface. It supports a variety of contract languages and blockchain networks, thanks to its modular plugin system. The framework, compatible with Linux, macOS, and Windows via WSL, can be installed using methods like pipx, pip, or Docker, and offers both a CLI tool and a Python SDK for comprehensive smart contract development and interaction.

Vyper TLDR Vyper is a contract-oriented, pythonic programming language designed for the Ethereum Virtual Machine (EVM). Its primary principles include security, aiming to make building secure smart-contracts both possible and natural; simplicity in language and compiler design; and high auditability, ensuring the code is human-readable and challenging to write misleadingly. Unlike Solidity, Vyper deliberately avoids features like modifiers, class inheritance, inline assembly, function and operator overloading, recursive calling, and infinite-length loops to enhance security and readability. Vyper doesn't seek to replace Solidity entirely but focuses on security, sometimes at the expense of functionality.

Truffle 🟢 TLDR Truffle is a popular development framework for Ethereum, designed to make life easier for blockchain developers. It provides a suite of tools for writing, testing, and deploying smart contracts, with built-in support for custom migrations and network management. Truffle also integrates seamlessly with other blockchain development tools and has a user-friendly interface, making it a go-to choice for developers building on Ethereum.

Forefy Smart Contract Auditors Space TLDR Forefy Smart Contract Auditors Space is a gamified platform designed to train and promote expert Smart Contract Security Auditors. It aims to address the limitations of traditional leaderboards in evaluating auditor skills by considering factors overlooked in these rankings, such as private audits, unique findings, customer satisfaction, and time efficiency. The platform features a structured level system where participants engage in various tasks, each with a storyline and specific goals. Their unique scoring system combines automated calculations with human oversight to evaluate solutions based on criteria like professional writing, originality, efficiency, and rarity of findings.

Covalent TLDR Covalent provides a unified API that simplifies access to fast, scalable historical blockchain data across over 200 chains. It addresses challenges in Web3 development by offering structured schemas, ease of switching chains, and high-speed, scalable APIs for better user experiences. Covalent's solutions are designed for both individual developers and enterprises, ensuring long-term data availability, enterprise support, and full scalability for applications of various sizes. For more detailed information, you can visit their website here.

OSINT

MALTEGO 🟢 TLDR Maltego is a highly efficient tool for cybercrime investigation, known for seamlessly integrating data from multiple sources, including OSINT databases, commercial vendors, and internal platforms. Its unique "Transforms" feature automates data retrieval, presenting results visually, thereby enhancing the capabilities of researchers and investigators in fields like internet infrastructure mapping and cryptocurrency transaction analysis.

SpiderFoot 🔴 TLDR SpiderFoot is an open-source intelligence (OSINT) automation tool designed to integrate with nearly every data source available, facilitating a range of data analysis methods. It provides an intuitive web-based interface and command-line usage, making data navigation efficient and user-friendly. SpiderFoot is developed in Python 3 and is MIT-licensed, ensuring broad accessibility and adaptability for various OSINT purposes.

Recon-ng 🟢 TLDR Recon-ng is a open-source intelligence gathering tool designed to optimize the process of harvesting information from various open sources. It is a full-featured reconnaissance framework, offering a powerful environment for conducting web-based open-source reconnaissance efficiently and comprehensively.

theHarvester 🟢 TLDR TheHarvester, hosted on GitHub, is a straightforward yet effective open-source intelligence (OSINT) tool used primarily in the reconnaissance phase of red team assessments and penetration tests. It is designed to assist in evaluating a domain's external threat landscape by gathering data such as names, emails, IPs, subdomains, and URLs. This tool incorporates various passive modules like Anubis-DB, CloudSEK's BeVigil for mobile application OSINT, Baidu's search engine, and BinaryEdge's subdomain listings, each contributing uniquely to the intelligence gathering process.

FOCA (Fingerprinting Organizations with Collected Archives) 🟡 TLDR FOCA is a specialized tool primarily used for extracting metadata and hidden information from various documents found on web pages. It supports a wide range of document formats, including Microsoft Office, Open Office, PDF, Adobe InDesign, and SVG files. FOCA leverages search engines like Google, Bing, and DuckDuckGo to find documents, and it also has the capability to analyze local files for EXIF information from graphic files. The tool conducts a thorough analysis of the information discovered through URLs before downloading the file, making it a comprehensive tool for uncovering hidden data in documents.

Shodan 🟢 TLDR Shodan is a specialized search engine for the Internet of Things (IoT), often referred to as a search engine for internet-connected devices. Unlike traditional search engines that index web content, Shodan scans for various types of devices connected to the Internet, including servers, webcams, printers, security systems, and more. It indexes the information these devices expose publicly, such as banners and metadata, which can reveal software versions, configurations, and other details.

Metagoofil 🔴 TLDR Metagoofil is a tool used for information gathering and data mining. It's primarily used to extract metadata of public documents (such as PDFs, DOCs, PPTs) available on target websites. This metadata can include information like usernames, software versions, and system information, which might be useful for someone conducting a cybersecurity analysis or penetration testing. Metagoofil operates by searching for specific file types hosted on a given domain, downloading them, and then extracting and analyzing their metadata, which can often reveal sensitive or insightful information about the organization or infrastructure behind the website.

grep.app TLDR grep.app is a powerful code search tool that allows users to search across half a million Git repositories. It supports case-sensitive searches, regular expressions, and whole word searches, making it a comprehensive resource for developers and coders looking to find specific pieces of code across numerous projects and platforms.

lampyre TLDR Lampyre is a data analysis and OSINT (Open Source Intelligence) tool used for a variety of purposes including cyber security, law enforcement, financial analytics, and due diligence. It offers efficient solutions for obtaining, visualizing, and analyzing data in one place, enabling users to see connections and details that might otherwise be overlooked. Lampyre is particularly user-friendly for beginners in OSINT, as it simplifies the visualization of data and does not require extensive technical knowledge or API manipulation.

Have I Been Pwned 🟡 TLDR Have I Been Pwned (HIBP) is a website and service that allows individuals to check if their personal data has been compromised in data breaches. Users can enter their email addresses or phone numbers, and HIBP checks against a database of known breached accounts. It provides information on which breaches the data was exposed in and what type of data was compromised.

OWASP Amass 🟢 TLDR OWASP Amass is an advanced tool developed by the Open Web Application Security Project (OWASP) for network mapping and external asset discovery. OWASP Amass utilizes a variety of techniques such as DNS enumeration, scraping web pages, and querying data sources to gather information about a target's external assets and internet footprint. It's particularly useful in the field of cybersecurity for understanding the attack surface of an organization by identifying domains, subdomains, IP addresses, and associated services.

Sherlock 🟡 TLDRSherlock is a powerful command line tool provided by the Sherlock Project, designed for use in OSINT (Open Source Intelligence) research. It functions by scouring the web to find profiles that match a subject's username across various social networks. Sherlock automates the process of checking whether a profile with a particular username exists on different websites, making it a useful tool for gathering information about a subject.

Cybersecurity

For ethical hackers and pen testers seeking to familiarize themselves with various legal requirements and regulations, the following resources can be highly beneficial:

International Association of Privacy Professionals (IAPP): IAPP offers resources on global privacy laws and regulations, which can be invaluable for understanding the legal landscape in different jurisdictions. Their website provides up-to-date information, training, and certifications in data protection.
SANS Institute : SANS is a trusted source for cybersecurity training and certifications. They offer courses and materials specifically focused on legal issues in cybersecurity. Visit their website for more information.
Cybersecurity and Infrastructure Security Agency (CISA): CISA provides guidelines and resources on cybersecurity best practices and compliance with U.S. laws. Their website is a valuable resource for staying informed about U.S. cybersecurity regulations.
EFF's Electronic Frontier Foundation: EFF offers insights into privacy laws, digital rights, and related legal matters. Visit their site for resources and updates on legal issues in the digital world.
Cyber Law Blogs and News Sites: Websites like Cybersecurity Law Report and Lawfare provide articles, analysis, and updates on cybersecurity law and policy.
OWASP Threat Dragon: OWASP Threat Dragon allows users to create diagrams of their software architecture and visually map out potential security threats. It also includes a rule engine to suggest common threats and mitigations based on the elements present in the diagrams. This tool is useful for security analysts, software developers, and system architects to understand and address security risks early in the software development lifecycle.
Check Point Research: CPR offers a range of resources related to cybersecurity and web security trends. The website features the latest publications, a podcast channel, and focuses on key topics like Web 3.0 security, threat intelligence, zero-day protection, and more. CPR covers a wide range of topics including the rising threat of phishing attacks with crypto drainers, deep dives into malware components, and comparative studies on ransomware attacks. Trending topics include ChatGPT, the Russo-Ukrainian War, cloud security, artificial intelligence, ransomware, and their CPRadio podcast. Additionally, CPR is featured in the news for topics such as the rise in cyberattacks fueled by AI and other cybersecurity issues.

VirusTotal 🟢 TLDR VirusTotal is a website that allows users to analyze suspicious files and URLs for malware detection. It provides a platform for automatic sharing of these threats with the security community. The website requires JavaScript for full functionality and offers a minimal interface for older browsers.

Repositories

Blockchain

GitHub Immunefi PoC Templates The GitHub repository "immunefi-team/forge-poc-templates" is a collaborative project designed to provide reusable and modifiable Proof of Concept (PoC) examples for various Ethereum Virtual Machine (EVM) based vulnerabilities. The goal of this repository is to enhance the quality of bug reports and facilitate a more efficient and straightforward process for white-hat hackers to create PoCs and validate their findings. These templates are specifically created for testing PoCs in local environments and then submitting them to bug bounty programs, with any other usage being explicitly prohibited.

GitHub Pickle Finance Contract Directory The GitHub repository for Pickle Finance's contracts includes a variety of Ethereum-based contracts related to the Pickle Finance ecosystem. These contracts encompass different functionalities, such as DILL contracts, main contracts, gauges, and various Pickle Jars (pJars) for different blockchain platforms like Ethereum, Polygon, OKEx, Arbitrum, Moonriver, Cronos, Aurora, Metis, Moonbeam, Optimism, Fantom, Gnosis, and Kava. The repository is a comprehensive collection of deployed contracts for Pickle Finance, detailing the architecture and tools essential for the platform's operation across multiple blockchains.

GitHub DIRP - DEFI Incident Response Playbooks 🟡 The GitHub repository 0xKoda/DIRP focuses on DeFi (Decentralized Finance) Incident Response Playbooks. It addresses the lack of incident response plans among DeFi protocols by providing adaptable playbooks for various scenarios. These resources include detailed flowcharts, step-by-step instructions, and additional references for effective incident management. The community is encouraged to contribute by reviewing existing content, identifying gaps, and submitting detailed, well-researched contributions to enhance the repository's effectiveness and coverage.

Google Docs Crisis Handbook - Smart Contract Hack 🟡 The Crisis Handbook - Smart Contract Hack by SEAL Team is a comprehensive guide for managing smart contract security incidents. It includes a detailed actions checklist, covering immediate steps like notifying relevant parties, creating a 'War Room' for collaboration, and duplicating essential documents for shared access. The handbook emphasizes the importance of assigning key roles, conducting thorough analysis and investigations, implementing protocol and web actions, and maintaining effective communication throughout the incident. Post-incident actions focus on confirming resolution, preparing for future events, and conducting a post-mortem analysis. The guide also provides advice, suggested tools, and platforms for efficient incident management and recovery efforts.

GitHub List of Tornado Cash Contracts on Ethereum 🟡 This repo is a compilation of Tornado Cash contracts on the Ethereum blockchain. It is designed to provide easy access for investigative and research purposes, offering a detailed list of contracts with specifics such as deposit amounts, deposit and withdrawal contract addresses. This resource is particularly useful for those looking to study or analyze Tornado Cash transactions and their impacts on the Ethereum network.

Artificial Intelligence

Blockchain

Bittensor TLDR Bittensor aims to revolutionize the field of decentralized AI by providing an alternative to the dominant, top-down approach of current technology giants. It is a platform that facilitates the creation of various decentralized commodity markets, or 'subnets', under a unified token system, functioning through Bittensor's blockchain. This allows for the interconnection and integration of these markets into a single computing infrastructure.

Autonolas TLDR Autonolas offers an open-source software stack designed to decentralize off-chain processes, particularly useful for DAO operations. This platform aims to unify off-chain code and consolidate existing data, computation, and transaction automation processes, thereby enhancing control and reducing dependency on individual humans and bots.

Nonprofits

Blockchain

Blockchain Research Institute TLDR The Blockchain Research Institute (BRI) is a global independent think tank dedicated to exploring and disseminating knowledge about the strategic implications of blockchain technology for business, government, and society. Co-founded by Don and Alex Tapscott, BRI is supported by a consortium of international corporations and government agencies, making it a prominent and collaborative center for blockchain research and knowledge-sharing.

Blockchain Association TLDR The Blockchain Association serves as the collective voice of the cryptocurrency industry, with a mission to advance the future of crypto in the United States. It focuses on promoting the potential of blockchain technology and shaping policies to ensure its success. The association, comprised of nearly 100 members including sector-leading investors, companies, and projects, collaborates to support a pro-innovation national policy and regulatory framework for the crypto economy. Established in 2018 under the leadership of CEO Kristin Smith, the Blockchain Association annually reviews the challenges and accomplishments in the cryptocurrency industry, emphasizing its commitment to fostering a progressive and innovation-friendly national policy framework for the crypto economy.

Global Blockchain Business Council (GBBC) TLDR The Global Blockchain Business Council (GBBC) is the world's largest and leading industry association for the blockchain technology and digital assets community. Established in 2017 in Davos as a Swiss-based non-profit, GBBC comprises over 500 institutional members and 231 ambassadors from 109 jurisdictions and disciplines. The council is committed to advocating for the advancement and implementation of blockchain technology across various industries and sectors.

The American Blockchain and Cryptocurrency Association TLDR The American Blockchain and Cryptocurrency Association (ABCA) is a non-profit trade association dedicated to the educational and advocacy needs of the blockchain and cryptocurrency community. Representing a diverse group that includes crypto miners, investors, innovators, and entrepreneurs, ABCA focuses on shaping and advancing the interests of this rapidly evolving sector. The organization's initiatives and efforts are geared towards fostering a deeper understanding and more robust development within the blockchain and cryptocurrency fields.

Cybersecurity

Open Web Application Security Project (OWASP) TLDR OWASP is a nonprofit foundation that works to improve the security of software. It's known for its community-led open source software projects, extensive documentation, guidelines, tools, and forums. The OWASP Top 10, a standard awareness document for developers and web application security, is one of their most well-known publications, listing the most critical security risks to web applications.

National Institute of Standards and Technology (NIST) TLDR NIST is a non-regulatory federal agency within the U.S. Department of Commerce. Its mission is to promote innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST is also known for developing cybersecurity guidelines, frameworks, and standards to help organizations manage cybersecurity risks.

Common Vulnerabilities and Exposures (CVE) TLDR CVE is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities. The purpose of the CVE program is to facilitate the sharing of data and to alert users about vulnerabilities that have been identified in various products and services. This system provides a standardized method for assessing and sharing information on vulnerabilities and exposures, and helps to coordinate the response to security threats across platforms and organizations.

CVE Numbering Authority (CNA) TLDR CNAs are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, and to publish information about those vulnerabilities. CNAs include software vendors, open-source projects, coordination centers, bug bounty service providers, and research groups. They play a crucial role in the CVE program by ensuring that each identified vulnerability receives a unique identifier, which is essential for tracking and managing cybersecurity issues across various platforms and systems.

NATIONAL VULNERABILITY DATABASE (NVD) TLDR The NVD is a U.S. government repository of standards-based vulnerability management data. It provides information on vulnerabilities and exposures, and integrates all of the publicly available U.S. Government vulnerability resources and provides references to industry resources. It is maintained by the National Institute of Standards and Technology (NIST) and is a comprehensive database that includes security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Homeland Infrastructure Foundation-Level Data (HIFLD) TLDR HIFLD provides national foundation-level geospatial data within the open public domain that can be used to support community preparedness, resiliency, research, and more. HIFLD data is used for a variety of purposes including emergency response, national security-related efforts, and other applications where infrastructure data is vital. This initiative involves collaboration among different U.S. government agencies to enhance the quality and accessibility of critical infrastructure data to support homeland security and emergency management.

VIRUSTOTAL TLDR VIRUSTOTAL is a website that provides a free service for scanning suspicious files and URLs to detect types of malware and automatically shares them with the security community. It uses a variety of antivirus engines and website scanners to check for viruses and other types of malware and malicious activity. Users can submit files or links for analysis and receive reports detailing the results from many different antivirus scanners. It's a valuable tool for security professionals and the general public to assess the safety of files and websites.

EXPLOIT DATABASE TLDR Exploit Database is a non-profit project that is provided as a public service by Offensive Security. The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its purpose is to provide information about vulnerabilities and their exploits to help security professionals test the security of their systems and to promote the responsible disclosure of security vulnerabilities. The database includes entries for various types of exploits, including remote exploits, web application exploits, and local & privilege escalation exploits, among others.

Schneier on Security TLDR The website "Schneier on Security" is a personal blog by Bruce Schneier, a well-known security expert. The site features a variety of content including blog posts, essays, and links to his books, covering a wide range of topics related to security, technology, and privacy. The posts often delve into current security issues, technological developments, and Schneier's perspectives on various topics, reflecting his expertise in cybersecurity and technology policy. The website also includes information about his speaking engagements and links to his newsletter.

Reports

Private Reports

TRM Labs Global Crypto Policy Review &Outlook 2023/24
TRM Labs Tackling Crypto Crime
TRM Labs Illicit Crypto Ecosystem Report
ELLIPTIC How to Defend Your Business Against Crypto Crime
ELLIPTIC The state of cross-chain crime
ciphertrace Your go-to guide to the FATF’s crypto Travel Rule
ciphertrace Crypto Crimes & Anti-Money Laundering (AML) Report March 2023
Chainalysis The Chainalysis 2023 Geography of Cryptocurrency Report
Chainalysis The 2023 Crypto Crime Report
Chainalysis The 2022 Crypto Crime Report
ciphertrace Crime and Anti-Money Laundering Report October 2022
CertiKHack3d: The Web3 Security Quarterly Report - Q3 2023
CYBERSECURITY VENTURES Cyberwarfare In The C-Suite
Apple The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase
Apple 2022 The Rising Threat to Consumer Data in the Cloud
KelleyDrye Winning the Wild West: Cryptocurrency, WEB3, and the New UCC Article 12
PwC PwC Global Crypto Regulation Report 2023
SANCTION SCANNER 2023–2024 Financial Crime and Compliance Report The "2023-2024 Financial Crime and Compliance Report" by Sanction Scanner is a comprehensive analysis of current and emerging trends in anti-money laundering and financial crime prevention.

Government Reports

Federal Bureau of Investigation (FBI) Crime Data Explorer TLDR This website aims to provide transparency, create easier access, and expand awareness of criminal, and noncriminal, law enforcement data sharing; improve accountability for law enforcement; and provide a foundation to help shape public policy with the result of a safer nation. Use the CDE to discover available data through visualizations, download data in .csv format, and other large data files.
Federal Bureau of Investigation (FBI) 2022 INTERNET CRIME REPORT
Federal Bureau of Investigation (FBI) 2021 INTERNET CRIME REPORT
Federal Trade Commission (FTC) Consumer Sentinel NetworkTLDR Consumer Sentinel is a unique investigative cyber tool that gives members of the Consumer Sentinel Network access to millions of reports.
Federal Trade Commission (FTC) Consumer Sentinel Network Data Book 2022
United States Government Accountability Office (GAO) Reporting Mechanisms Vary, and Agencies Face Challenges in Developing Metrics
Congressional Research Service NIBRS Participation Rates and Federal Crime Data Quality
Congressional Research Service The National Incident-Based Reporting System (NIBRS): Benefits and Issues
FATF TARGETED UPDATE ON IMPLEMENTATION OF THE FATF STANDARDS ON VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS
FATF VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS
FATF Report to the G20 Finance Ministers and Central Bank Governors on So-called Stablecoins
Basel Institute on Governance Combating virtual assetsbased money laundering and crypto-enabled crime
INTERPOL Combatting Cyber-enabled Financial Crimes in the era of Virtual Asset and Darknet Service Providers
International Monetary Fund (IMF) New Evidence on Spillovers Between Crypto Assets and Financial Markets
Organisation for Economic Co-operation and Development (OECD) Institutionalisation of crypto-assets and DeFi–TradFi interconnectedness
Finabel Blockchain in defence: a breakthrough?
Department of Defense (DoD) Summary 2023 Cyber Stategy of The Department of Defence
Value Technology Foundation Potential Uses of Blockchain Technology in DoD
CSIAC Blockchain Applications for Federal Government
UNODC Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat
GAO Economic Sanctions: Agency Efforts Help Mitigate Some of the Risks Posed by Digital Assets

Regulation

Cryptocurrency Regulation

Atlantic Council TLDR The Atlantic Council's Cryptocurrency Regulation Tracker is a comprehensive research project examining how 60 countries, including G20 members and those with high rates of cryptocurrency adoption, regulate cryptocurrencies. The research categorizes regulations based on legal status, tax policy, anti-money laundering and terrorist financing requirements, consumer protection rules, and licensing obligations. It provides insights into the legal status of cryptocurrencies across these countries, revealing varying degrees of regulation, ranging from full legality to partial or general bans, and highlights the rapid evolution and experimentation in cryptocurrency regulations worldwide.
IMF - Elements of Effective Policies for Crypto Assets TLDR This paper addresses inquiries from Fund members regarding the emergence of crypto assets and related risks, providing a detailed overview and classification of crypto assets based on their characteristics, along with their perceived advantages and potential dangers. It proposes a policy framework targeting essential goals like macroeconomic and financial stability, consumer safety, and maintaining market and financial integrity. While outlining crucial components for achieving these goals, the paper also notes that the framework cannot rectify inherent design issues in cryptocurrencies, such as the absence of a reliable nominal anchor or issues with payments finality and scalability.
GLI - Blockchain & Cryptocurrency Laws and Regulations 2024 TLDR The "Blockchain & Cryptocurrency Laws and Regulations" page on Global Legal Insights provides a detailed overview of the legal and regulatory environment for blockchain and cryptocurrency in the United States. It covers federal and state-level regulatory approaches, including the roles of various agencies like the SEC and CFTC, and differing state strategies ranging from supportive to restrictive measures.
Non-EU countries' regulations on crypto-assets and their potential implications for the EU
(EU) 2023/1114 on Markets in Crypto-Assets (“MiCAR” or “Act”)

Cybersecurity Regulation

BETTER CYBERCRIME METRICS ACT TLDR This law aims to establish improved cybercrime reporting mechanisms and develop a comprehensive taxonomy for categorizing various types of cybercrime and cyber-enabled crime, enhancing the United States' capability to understand and address these growing threats.
Federal Trade Commission Act TLDR This law prohibits deceptive acts and practices in business, including those related to data security.
Gramm-Leach-Bliley Act (GLB) TLDR This law requires companies to protect the customer data they collect.
Cybersecurity Information Sharing Act (CISA) TLDR This law allows companies to monitor network traffic, including taking defensive measures on their own systems. And, it encourages the sharing of cyber-threat information between companies and with the government.
Health Insurance Portability and Accountability Act (“HIPAA”) TLDR This law includes cybersecurity requirements applicable to protected health information in the possession of certain “covered entities” and their “business associates”.

Privacy Regulation

This section provides an overview of various global privacy regulations, highlighting key legislation from different regions and countries. It includes information on comprehensive data protection acts such as Brazil's LGPD, California's CCPA, China’s PIPL, the EU's GDPR, and Singapore's PDPA, among others. Each link directs to detailed resources about the specific acts, offering insights into the legal frameworks established to protect personal data and privacy across diverse jurisdictions worldwide.

ez TLDR

Explore a collection of short articles summarizing the latest developments in cryptocurrency regulations, including updates on new tax laws, international cybercrime treaties, and regulatory proposals by agencies like FinCEN. Stay informed about the evolving landscape of cryptocurrency regulations, from privacy concerns to compliance challenges, and their impact on financial institutions, individual users, and the broader digital currency space.

Top

Name		Name	Last commit message	Last commit date
Latest commit History 83 Commits
assets		assets
README.md		README.md

nemo-nesciam/Blockchain-Insights-Hub

Folders and files

Latest commit

History

Repository files navigation

Blockchain Insights Hub

Table of Contents

Personal Resource Usage Key

Research

Blockchain

Cybercrime

Resources

General

Security

Recovery

Development

OSINT

Cybersecurity

Repositories

Blockchain

Artificial Intelligence

Blockchain

Nonprofits

Blockchain

Cybersecurity

Reports

Private Reports

Government Reports

Regulation

Cryptocurrency Regulation

Cybersecurity Regulation

Privacy Regulation

ez TLDR

About

Resources

Stars

Watchers

Forks