Incident intake

Open a case.

Tell us what's happening, in any detail you have. Don't wait for the full picture — partial reports get triaged immediately, and we'll come back for what's missing.

Incident type

Pick whatever fits best — analysts will re-classify if needed.

Chain

Where the incident is occurring.

Affected addresses / contracts

One per line. Include the victim contract, attacker EOA, and any malicious contracts.

Transaction hashes

At minimum, the first malicious transaction. Multiples welcome, one per line.

What happened

In your own words. Bullet points, broken English, half-finished thoughts — all fine. Time matters more than polish.

How can we reach you?

Email is required. Signal/Keybase/Matrix optional but speeds up secure coordination.

This is an active incident — funds are moving or a compromise is in progress.

end-to-end encrypted in transit · stored hashed · keyed to your case ID