# Crypto Incident Response

Canonical HTML: https://czb.com/crypto-incident-response.html

CZB incident response guidance covers the first-hour response, evidence preservation, on-chain triage, platform escalation and remediation after suspicious Web3 activity.

## First-Hour Priorities

- Stop additional risky interactions.
- Preserve transaction hashes, addresses, screenshots and timestamps.
- Review approvals and suspicious contract interactions.
- Segment unaffected assets and accounts where appropriate.
- Avoid sharing sensitive credentials or high-risk materials in public channels.

## Investigation Steps

- Confirm the incident type and scope.
- Build a timeline from public evidence.
- Identify chain, contract, address and platform touchpoints.
- Prepare a concise evidence package.
- Recommend remediation, monitoring and control improvements.

## Boundaries

Incident response is an evidence and coordination workflow. Results depend on technical facts, platform policy, jurisdiction and the completeness of available records.