ZachXBT @zachxbt -- investigator on X.com -- made a list of OSINT tools he uses for blockchain investigations, but only included name and a short description. This was posted in a telegram group. From his message: "Note: I am not paid by these platforms to mention them and do not have referral links to share. I regularly have people ask me about tools I use in my investigations so here’s a comprehensive list: "

I added urls for each, best I could figure out and extra info. I will probably add more tools here soon below the list (I know a few others).

⚠️ Warning: Double-check all info here before using with anything private, wallet etc. There could be changes, updates or errors or changed/incorrect urls. Use these tools at your own risk. This is not an endorsement of any particular tool, app or site, some I have not used.

• Website: https://cielo.finance/
• Description: Cielo provides wallet tracking across multiple blockchains like EVM, Bitcoin, Solana, and Tron.

• Website: https://www.trmlabs.com/
• Description: TRM Labs offers blockchain analytics tools, including address and transaction graphing for forensics and compliance. This is a commercial service, and the website is their main entry point.

• Website: No official standalone website found. Available via Chrome Web Store. https://chromewebstore.google.com/
• Description: MetaSuites is a Chrome extension enhancing block explorers with additional data. The Chrome Web Store is believed to be the primary distribution point.

• Website: https://osint.industries/
• Description: OSINT Industries provides lookup services for emails, usernames, and phone numbers.

• Website: https://leakpeek.com/
• Description: LeakPeek is a service for database lookups, focusing on breach data.

• Website: https://snusbase.com/
• Description: Snusbase offers database lookup services for breach and leaked data. Intelx - db lookups
• Website: https://intelx.io/
• Description: Intelligence X provides database lookups for various data types, including emails and IPs.

• Website: https://spur.us/
• Description: Spur provides IP intelligence and lookup services. The website is their primary online presence.

• Website: https://cavalier.hudsonrock.com/
• Description: Cavalier by Hudson Rock provides infostealer lookup services to check for compromised credentials.

• Chrome Web Store Link: https://chromewebstore.google.com/
• Description: Impersonator is a Chrome extension that allows spoofing Ethereum address logins for dApps. Available via the Chrome Web Store.

• Website: https://metasleuth.io/
• Description: MetaSleuth offers blockchain analytics tailored for retail users, similar to TRM but more accessible.

• Website: https://intel.arkm.com/
• Description: Arkham provides a multichain block explorer with entity labeling, graphing, and alert features.

• Website: https://obsidian.md/
• Description: Obsidian is a note-taking and diagramming tool that supports flow charts via plugins like Obsidian Mermaid. This is the official site; no blockchain-specific focus, but widely used for such purposes.

• Website: https://archive.org/web/
• Description: The Wayback Machine by the Internet Archive allows archiving and viewing historical web pages.

• Website: https://archive.today/
• Description: Archive Today provides a service to archive and retrieve web pages. This is their primary URL.

• Etherscan Website: https://etherscan.io/
• Solscan Website: https://solscan.io/
• Description: Etherscan is the leading block explorer for EVM chains, while Solscan serves Solana.

• Website: https://blockchair.com/
• Description: Blockchair is a versatile block explorer supporting Bitcoin and other chains.

• Website: https://app.range.org/
• Description: Range is a Circle CCTP (Cross-Chain Transfer Protocol) bridge explorer.

• Website: https://explorer.pulsy.app/
• Description: Pulsy aggregates data from blockchain bridges, serving as an explorer.

• Website: https://socketscan.io/
• Description: Socketscan is an explorer for EVM bridge transactions.

• Website: https://dune.com/
• Description: Dune is a blockchain analytics platform allowing custom queries.

• Website: unknown
• Description: Mugetsu tracks X/Twitter username history and meme coin data.

• Website: https://telegramdb.org/
• Description: TelegramDB offers a search bot for basic Telegram OSINT. This is the official site; the bot is accessible via Telegram.

• Website: https://discord.id/
• Description: Discord.ID provides basic lookup for Discord account information using IDs.

• Website: https://cryptotaxcalculator.io/
• Description: CryptoTaxCalculator tracks profit and loss (PNL) for crypto addresses and portfolios.

⚠️ Warning: Double-check all info here before using with anything private, wallet etc. There could be changes, updates or errors or changed/incorrect urls. Use these tools at your own risk. This is not an endorsement of any particular tool, app or site, some I have not used.

Here is a selection of security articles I have authored.

I write articles on a mix of Cloud Engineering/Architect/Dev, Solana Blockchain and related topics.

Security researchers say Feb. 21 hack likely biggest in history. Technical details,…and solutions we can learn from it.

https://medium.com/@csjcode/how-hackers-stole-1-5-billion-crypto-in-an-aws-s3-bucket-exploit-f0a0ce39ccd0

Find your AWS S3 bucket security leaks before hackers do

https://medium.com/@csjcode/11-aws-s3-security-leaks-hackers-look-for-26e5572fe08a

Identify red flags and better quality tokens. Gain confidence about token quality.

https://medium.com/solana-dev-tips/solana-token-quality-checklist-0a4391026d93

Ways to keep secrets on AWS + 4 non-AWS alternatives

https://awstip.com/10-ways-to-store-secrets-on-aws-b7616d7db3ef

Confidentiality controls for a more secure cloud platform using the CIA Triad model (checklist)

https://medium.com/@csjcode/cia-triad-in-cloud-security-part-1-confidentiality-b7ec5dcf21a2

Data Integrity controls for a more secure cloud platform using the CIA Triad model (checklist)

https://systemweakness.com/cia-triad-in-cloud-security-part-2-integrity-6f60a2a79187

Availability tools and strategies for a more secure cloud platform using the CIA Triad model (checklist)

https://aws.plainenglish.io/cia-triad-in-cloud-security-part-3-availability-97bb5f4af7fa

23 EC2 security measures including CLI shortcuts for checking status for security — part 1 of 2

https://medium.com/@csjcode/aws-ec2-security-best-practices-w-cli-checklist-1-of-2-31257a69555f

23 EC2 security measures including CLI commands for checking status for security — part 2 of 2

https://medium.com/@csjcode/aws-ec2-security-best-practices-w-cli-checklist-2-of-2-928400751a18

Easy security-related stacks to secure your cloud platform

https://aws.plainenglish.io/14-aws-security-microstacks-95d120d57089

https://medium.com/@csjcode/the-worst-cloud-software-disasters-in-history-lessons-learned-solutions-4d6d9f03073d

Secure your DynamoDB databases with this best practices checklist

https://medium.com/@csjcode/aws-dynamodb-security-audit-best-practices-f3b23232ec9c

Authentication (AuthN) vs. Authorization (AuthZ) demystified (w/checklist)

https://medium.com/@csjcode/auth-vs-auth-7f1b43e25c71

By various authors and websites

"This article explores common vulnerabilities that developers will encounter when creating Solana programs. We start with an introduction to the attacker mindset for exploiting Solana programs, covering topics such as Solana’s programming model, how Solana’s design is inherently attacker-controlled, potential attack vectors, and common mitigation strategies. Then, we cover a variety of different vulnerabilities, giving an explanation of the vulnerability as well as insecure and secure code examples where applicable."

https://www.helius.dev/blog/a-hitchhikers-guide-to-solana-program-security

"Rust has a second language hidden inside it that doesn’t enforce these memory safety guarantees: it’s called unsafe Rust and works just like regular Rust, but gives us extra superpowers."

https://doc.rust-lang.org/book/ch20-01-unsafe-rust.html

"Metrics are updated daily, with a 2-week delay after reports are resolved to maintain confidentiality."

https://immunefi.com/bug-bounty/?filter=ecosystem%3DSolana

"Examples of common exploits unique to the Solana programming model and recommended idioms for avoiding these attacks using the Anchor framework."

https://github.com/coral-xyz/sealevel-attacks

"A security focused introduction to Solana, exploring the underlying runtime environment, security boundaries, and implications. An important resource for all developers who want to write more secure code."

https://osec.io/blog/2022-03-14-solana-security-intro

"Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. We explore vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups."

"What can teams do if their multisig signers are compromised? We explore Solana's transaction signing model and present a procedure for safe signing in the presence of malicious signers on Solana."

https://osec.io/blog/2025-02-22-multisig-security

"We present a novel framework for formal verification of Solana Anchor programs — and a case study application to the Squads multisig."

https://osec.io/blog/2023-01-26-formally-verifying-solana-programs

"Rust is safe.. right? Not if your dependencies are unsafe.. A deep dive into a subtle Solana SDK bug, Rust internals, and how we found it all."

https://osec.io/blog/2022-12-09-rust-realloc-and-references