Services
What you get when you call us.
Six service lines, all free to constituents during active incidents, all designed for the operational realities of public blockchains.
0xCERT/ir
Incident Response
24/7 triage and containment for active blockchain incidents.
When a protocol is being drained, a bridge is compromised, or a key is leaked, every block matters. Our on-call team coordinates containment with affected projects, validators, sequencers, and centralized off-ramps in real time.
- ›60-minute initial triage, 24/7/365
- ›Coordination with exchanges, custodians, and bridge operators to freeze flows
- ›Forensic analysis of on-chain trace, calldata, and storage state
- ›War-room coordination with the affected project and downstream protocols
0xCERT/advisories
Advisories & Vulnerability Disclosure
CVE-style advisories for smart contracts and Web3 infrastructure.
0xCERT issues numbered advisories (0xCERT-YYYY-NNNN) for vulnerabilities affecting smart contracts, wallets, RPC providers, bridges, and node software, coordinating disclosure between researchers and maintainers.
- ›Embargoed coordinated disclosure with maintainers
- ›Public advisories with severity, affected versions, and remediation
- ›Cross-references to CVE, GHSA, and chain-specific identifiers
- ›Researcher acknowledgment and safe-harbor coordination
Recent advisories
all advisories ›Reentrancy via fallback in cross-chain settlement adapter
An unchecked external call in a widely deployed settlement adapter allows attacker-controlled tokens to re-enter and double-spend settlement messages. Patched in v2.4.7.
Front-end takeover of a top-50 DEX via compromised CDN bucket
Attackers replaced bundle.js to inject a wallet drainer for ~3.5 hours. Affected users were re-routed to a malicious permit2 signer. IOCs published.
Phishing campaign abusing legitimate ENS subdomains
Coordinated phishing campaign using purchased ENS subdomains pointing to drainer kits. Domain list distributed to wallet vendors.
0xCERT/ioc
Threat Intelligence & IOC Feeds
Curated indicators of compromise for the Web3 attack surface.
We publish machine-readable feeds of malicious addresses, contracts, phishing domains, drainer signatures, and compromised front-ends so wallets, RPCs, and security tools can block known threats at the edge.
- ›Live feeds of drainer contracts and known-bad EOAs
- ›Phishing domain blocklists for wallet vendors and DNS providers
- ›Tagged on-chain entities (mixer hops, sanctioned addresses, exploit deployers)
- ›STIX/TAXII export for SIEM integration
0xCERT/takedown
Phishing & Drainer Takedowns
Coordinated takedown of malicious sites and front-end takeovers.
We work with registrars, hosting providers, CDNs, and wallet vendors to remove wallet-drainer infrastructure, fake airdrop sites, and compromised dApp front-ends as fast as possible.
- ›Registrar and hosting abuse coordination
- ›Direct lines into wallet vendor blocklists (MetaMask, Rabby, Phantom, etc.)
- ›Front-end integrity monitoring for high-value dApps
- ›DNS, IPFS, and ENS abuse handling
0xCERT/tracing
Stolen-Fund Tracing & Recovery Support
On-chain forensics to follow stolen assets across chains and mixers.
Our analysts produce evidentiary tracing reports usable by exchanges, law enforcement, and civil recovery teams, covering cross-chain bridges, mixers, and CEX off-ramps.
- ›Cross-chain attribution across L1/L2 ecosystems
- ›Mixer demixing where chain analytics permit
- ›Evidence packages for law enforcement and exchange compliance
- ›Liaison with major exchanges' financial crimes desks
0xCERT/training
Awareness & Training
Tabletop exercises and IR training for protocol and infra teams.
0xCERT runs incident response tabletops, key compromise drills, and threat-model workshops for protocol teams, foundations, DAOs, validators, and security service providers.
- ›Tabletop scenarios (key compromise, bridge exploit, governance attack)
- ›Runbook authoring and review for protocol teams
- ›Threat intel briefings for foundations and DAOs
- ›Public quarterly threat landscape reports