Web3 Security: How to Conduct Risk Assessment and Fund Tracking for Web3 Projects?

As blockchain technology continues to evolve, the popularity of Web3 projects is also on the rise. Unfortunately, some project parties resort to dishonest tactics, such as false advertising and excessive marketing, to lure investors.

They may make unrealistic promises of high returns, use flashy campaigns, and present fake data or backgrounds to deceive unsuspecting investors. These practices can result in significant financial losses for those who fall victim to them.

Deceptive marketing tactics are unfortunately not uncommon in the world of cryptocurrency. Some project parties will go to great lengths to attract investors, even if it means engaging in unscrupulous behavior.

For instance, some may crash the digital currency market during downturns to force investors to sell at a loss, while they reap profits. Such tactics are not only harmful to investors, but they can also destabilize the entire digital currency market.

Web3 Project Risk Assessment

At Numen Cyber, we employ a comprehensive approach to assess project risk. Our methodology involves multiple rules in both on-chain and off-chain directions, which includes 17 on-chain rules and 9 off-chain rules.

We conduct a detailed analysis of both on-chain fund transactions and off-chain project propaganda information to ensure that the project is operating in compliance with documented capital flows and product execution.

Our team thoroughly verifies whether the project tokens are being distributed as per the documentation, if the contract logic aligns with the project documentation, if there are any signs of malicious trading, if there are any privileged roles in the contract to make profits, and if the official operation timeline is being followed.

This multi-layered approach enables us to provide an accurate and comprehensive risk assessment of the project.

Cryptocurrency tracking service can help clients recover funds when a project owner makes an illegal profit. By analyzing transaction history, including the amount and time of each transaction, our service helps clients identify any wrongdoing and recover any misused funds.

Tracking services also provide valuable insights into the flow of cryptocurrency funds, including the direction and destination of transfers, which can help clients better understand the movement of their funds.

An example of our approach in action is our analysis of the Jasmy project, which encountered problems concerning token distribution and discrepancies between the project process and the white paper description. To enhance our tracking and analysis, we added tags to addresses that could potentially lead to crashes.

Fund Tracking

Cryptocurrency tracking services comes in two forms: Project or Malicious Profits Funds Tracking and Stolen Funds Tracking.

Project or Malicious Profits Funds Tracking

If the project side is profiting maliciously, Numen Cyber can track the flow of funds to the project side. We use funds tracking methods to compare the project side propaganda documents for different time periods, and conduct in-depth analysis of the address of the malicious smash to uncover the project side traces, which can in turn help investor recover their funds.

The diagram above displays the tracking of funds for the guilty party, utilizing both on-chain and off-chain methods. In the more crucial on-chain analysis, we examine various financial flows, including the origin of the project’s on-chain fees and other financial movements. When it comes to funding tracking, obtaining additional information is advantageous for tracking purposes.

Project information can be understood by identifying the user of the lost funds, for instance:

  • The length of time the user has been involved with the project and the amount of funds lost.
  • Whether the user was aware of the project’s participation rules and promotional methods.
  • Whether the user is engaged with the project’s associated community.
  • Whether the user has kept promotional materials and documentation related to the project.
  • Whether the user participated in any project-related public fundraising or airdrop activities.

We take a proactive approach to address malicious profit-tracking on projects. Our internal professional tools and Numen on-chain tag library enable us to quickly identify the source of commission, address balance, and transaction habits.

By tracking the hierarchy of transactions, we can analyze the source and destination of funds, as well as the transaction addresses to sort out the complete funding chain, create an on-chain address portrait, and identify core personnel.

Tracking Stolen Funds

If user or project funds are stolen, swift action will be taken to trace and monitor the stolen address while leveraging the Numen tag library to confirm the destination of the funds. If the funds enter an exchange, our forensic investigation can help obtain the attacker’s information.

However, if the funds enter the Tornado.Cash platform, our team will conduct a more in-depth analysis and forensic investigation to obtain the attacker’s information. Our comprehensive approach enables us to quickly and effectively address any issues related to stolen funds and safeguard our clients’ assets.”


Numen Cyber introduced the risk assessment service for Web3 projects to enhance Web3 security and prevent losses to uninformed investors. However, due to the decentralized and autonomous nature of blockchain technology, complete accuracy of the data cannot be guaranteed. Therefore, investors should still exercise caution and remain vigilant while selecting Web3 projects.

To make informed investment decisions and mitigate risks associated with Web3 investments, investors should consult official project documents and thoroughly understand the project owner. This involves gaining a comprehensive understanding of the project’s objectives, development team, tokenomics, and regulatory compliance.


More Posts