Response Readiness

Crypto Incident Response

CZB incident response helps security teams and asset holders preserve evidence, triage suspicious activity, review public-chain movements, and prepare escalation materials without over-collecting sensitive data.

Updated: 2026-05-28 Focus: first-hour clarity Output: evidence package

First-Hour Priorities

  1. Preserve transaction hashes, addresses, screenshots, domains, signatures shown to the user, platform notices, and event times.
  2. Separate affected systems from normal operations when this can be done safely by the authorized owner or internal team.
  3. Review active approvals, suspicious domains, device exposure, operational accounts, and recent transaction paths.
  4. Prepare concise escalation material for exchanges, platforms, internal governance, legal counsel, or compliance teams.

Response Outputs

  • Incident timeline and evidence index.
  • Public-chain tracing summary with confidence notes.
  • Approval and suspicious interaction review.
  • Escalation package for relevant platforms or internal stakeholders.
  • Post-incident remediation plan for controls, monitoring, governance, and user education.