Mark Nichols
Role: Tracks and analyzes blockchain transactions to trace stolen or lost funds. Tools Used: Chainalysis, CipherTrace, Elliptic, TRM Labs. Responsibilities: Identify wallet addresses involved in the incident Track movement of funds across exchanges and mixers Map blockchain data to real-world identities (if possible)
Edward Blankenship
Role: Investigates how the compromise occurred (e.g., phishing, malware, hacking). Responsibilities: Analyze system breaches Secure compromised devices and wallets Prevent future attacks with security hardening Perform incident response
Richard Norman
Role: Reviews and analyzes smart contracts involved in the theft (especially for DeFi-related hacks). Responsibilities: Detect vulnerabilities in contract logic Determine if a vulnerability was exploited Provide a report for legal or insurance claims
Paul Garrett
Role: Extracts and analyzes digital evidence from devices, networks, or cloud services. Responsibilities: Recover wallet keys, seed phrases, or transaction logs from local storage Work with law enforcement to preserve evidence Analyze deleted or hidden data related to the breach
Christina Neary
Role: Interfaces between IT experts and legal authorities, especially for recovery through law enforcement or exchanges. Responsibilities: Draft and file reports to crypto exchanges or regulators Work on Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance Assist in freezing and reclaiming assets through legal channels
George Greaves
Role: Simulates attacks to understand how the breach occurred and test recovery scenarios. Responsibilities: Replicate exploit paths Identify weak points in systems or smart contracts Support forensic and cybersecurity teams with insights