# CZB Service Methodology

Canonical HTML: https://czb.com/en/methodology.html

This page explains how CZB handles authorized Web3 security requests.

## Workflow

1. Confirm authorization, requester role, and scope.
2. Collect event timeline, transaction hashes, public addresses, domains, screenshots, platform records, and relevant non-sensitive context.
3. Classify risk type, including phishing approval, mobile wallet app password boundaries, key-material exposure, evidence quality, and response urgency.
4. Review public-chain data, address relations, approval state, suspicious domains, and platform touchpoints.
5. Deliver a report with evidence summary, assumptions, limitations, risk rating, and recommended next actions.

## Deliverables

- On-chain evidence summary.
- Risk classification and response checklist.
- Mobile wallet access assessment notes when forgotten app passwords, keystore files or backup clues are involved.
- Timeline and address relation notes.
- Platform or internal escalation package.
- Post-incident remediation recommendations.

## Boundaries

All work must remain within legal authorization and evidence-review boundaries. CZB avoids deterministic claims when evidence is incomplete.

## Related

- https://czb.com/en/mobile-wallet-payment-password.html
- https://czb.com/en/crypto-incident-response.html
- https://czb.com/en/security-lab.html