Threat Hunting in Web3, with Blockmage Labs

Quick preface

If you aren’t familiar with us or haven’t heard about us before, Blockmage Labs is an organization providing superior Threat Intelligence & Brand Protection services to premier projects, businesses, and communities across Web3.

Our work is largely unpublished, but perhaps we will change that detail starting here.

Intent & purpose of this writeup

  • Wholly for the purposes of documenting findings in a historical, on-chain fashion; and for that matter, we are working on something a bit more …. intimate for this.

  • Specifically for reference in anything we may claim publicly on Etherscan or in any other publicly-disclosed fashion. Decentralization is fantastic but indexing is vital.

  • Meant to spark discussion, engagement, and further curiosity from other, fellow researchers and quiet wayfarers of all things Rabbit Hole : Blockchain.

What this isn’t & other disclaimers

  • We are not intent on being exhaustive in this format, and the information provided at our discretion may be largely incomplete inasmuch as detail or substantial contextual information.

  • At times we may provide no context whatsoever, largely due to the sensitivity of our methodologies and how we may inadvertently reveal information which could be helpful in escaping our process.

  • We hope to be helpful, but we are not flawless, and may be inaccurate or incorrect at times.

The TL;DR of what we are getting at here is effectively: DYOR, or contact us directly if you require supporting evidence outside the scope of these editions. We are practically inundated with answers, if you have questions, and we will gladly trade our currencies of valuable time for mortal monies (cryptocurrencies, obviously).

Our website: / .dev


  • Feel free (and encouraged) to reference this article.

Venom Drainer:

0xc2b3794a648bf3f27de0478930f77d5b11252d76 (Venom: DAI Pool 1)
0xaa336c6c9d11fa74eae5625467fd095c31bd1129 (Venom: ETH Pool; Dead)
0x7db57c738b27c5f9b898248385306d30053f54fd (Venom: Phishing Fees 0x7DB5)
0x9dee2d806ee34c36058fc147cc9e312b1f9c6fbb (Venom: MATIC/wSOL)

Venom Drainer Customers:

0xc29f521a5420a66f2fdb115e0d986a95c1a4f828 0xf92eb02f7f3490174ea663fa7b53a38b63ea1570 0xdffbf7e45a1520de91bc7299b481f9024d966da4 0x57d49A76039Cfe2C9A38b9A4a28ceC81c0D8DCc6 0xfd35a71fc6ce45d11ef380a349f8cf1ac50a5ef2 0x8dc2e47aa09535c3fc632522e17ee539a4658f22 0x176ea7c0f0760a8691e05670d16b908a5facac4d 0x2332303272f2d6b2840772eeb270163064392169
0x5adee25b590744a9eacd195e546c73a0175f3b41 0x8916d4b8cf7ed9b79dad86642874ece8e7e76cde 0x840dabe3de6a75286cdd2539cf9e5b524cca9171 0x13c685e36128ae1782635cbea5dd62360fd8bfb2 0x97df64a20af6d333b3e097468ec9a082319dd362 0x683261042e540a04b65b59e8017dac7891e9afba
0x57fe70c256d474630dd5de52df2df7475aef078f 0x0c20aa022c4105b1737836837ebb2748984d4d77 0x6f041c393514236372405d8006fc3ca0b23523e4
0x2c4ac4eb1d595615a9de027e8893feceb6b5fc15 0x39652bD89Bb88C41b71A95c6F2156765dd00Cf8A 0x64bef638b75bc24dfb8643bddd5db2f9a03ba4ff 0x60e2e665d9565e3aa756fd50431ebfa279eaf2b9 0x6f5013ebefe319adf71a6cf49069080b29baf2c7

Arbitrum Discord Phisher:

0xe585f8ddf970145f8114dfdfd62d6b88abfd4e09 (Arbitrum Discord Phisher)

LV (Lockvert) Phisher:

0x0ae5f55a9338c8d764fbca7451937ff6c8577c24 (LV: SecurityUpdates)
0x000001e2b8bd55d933ed3802a7328a2a97cc0871 (LV: SecurityUpdates Deployer)
0xb1a3b8d0de9acd383e1dc0ae39bc1e5f09a16f5f (LV: Main 1)
0xb57d31b5564e3327faa4940103bb6d1be129edec (LV: Main 2)
0xbde0989dfa8fcbb6b5a19174e5755085202512d6 (LV: Misc 1)
0xed43f92c0ba30dea4b2baea63ee0c48d89fb6e89 (LV: Pool 1)
0x81fed1b5d9a2f1c8f794f062fa722efcb9067402 (LV: ETH Pool 0x81fe)
0xf3bf12973ac618a61f6fadc2d61fd69f3f9a6430 (LV: Stable Pool 0xf3bf)
0x1fee46cfa824faf7047127af970ab6a0f58cd7a7 (LV: Stable Pool 0x1fee)
0xe7713d2bf0a970a5e79e27daed287194d0d005e0 (LV: DAI Swaps 0xe771)

LV References - Twitter Posts

Railgun - Msc. Labels

0xe8a8b458bcd1ececc6b6b58f80929b29ccecff40 (Railgun: Treasury)

FBI Asset Forfeitures

0xc55047f65b99dfc75c3fc27c7294d495b83e3f51 (FBI: Asset Forfeiture 0xc550)

A Kid Called Beast: Phisher

0x6598a3f7c9583f4aa830e26589d41c05f7008b28 (AKCB: Phishing Receiver)
0x8a6b91dfeb352511fc3eee3c24ba4b88af1bc526 (AKCB: Phishing Seller)

Subscribe to Blockmage Labs
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.