Try โ€‚โ€‰HackMD

Cyber Chef Recipes

Infosec

Telegram Decoder:

URL_Decode()
Regular_expression('User defined','(?<=startapp=)[a-zA-Z0-9+/=]+',true,true,false,false,false,false,'List matches')
From_Base64('A-Za-z0-9+/=',true,false)

Cryptocurrency - Arkham Specific

Extract Arkham

Used to extract unique ethereum addresses from Arkham Intelligence URL links and return them as line feed instances

URL_Decode()
Regular_expression('User defined','\\b(0x)?[A-Fa-f0-9]{40}\\b',true,true,false,false,false,false,'List matches')
Unique('Line feed',false)

Profile Labels

Used to make consistent, profile labels for ethereum Anonymous account instances

Regular*expression('User defined','0x[a-fA-F0-9]{8}',true,true,false,false,false,false,'List matches')
Find*/_Replace({'option':'Regex','string':'^'},'Anon (',true,false,true,false)
Find_/\_Replace({'option':'Regex','string':'$'},')',true,false,true,false)

Ethereum Cluster Splice

Used to normalize data from Ethereum datasets and output them as user specified address cluster counts for use via Arkham intelligence

Regular*expression('User defined','\\b(0x)?[A-Fa-f0-9]{40}\\b',true,true,false,false,false,false,'List matches')
Find*/_Replace({'option':'Regex','string':'((?:0x[a-fA-F0-9]{40}\\n?){10})'},'\\nhttps://platform.arkhamintelligence.com/visualizer/entity/\\n$1',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'\\n(0x[a-fA-F0-9]{40})'},',$1',true,false,true,false)
Find_/\_Replace({'option':'Regex','string':'entity/,'},'entity/',true,false,true,false)



Expand for more Cryptocurrency Regular Expressions(Regex) Below

BTC (Bitcoin):

Matches legacy and Bech32 addresses.

Format:

\b(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}\b

BCH (Bitcoin Cash):

Matches both prefixed and plain formats.

Format:

\b(bitcoincash:|bchreg:|bchtest:)?(q|p)[a-z0-9]{41}\b

ETH (Ethereum):

Matches 40 hexadecimal characters, optionally prefixed with 0x.

Format:

\b(0x)?[a-fA-F0-9]{40}\b

LTC (Litecoin):

Matches Litecoin address formats starting with L, M, or 3.

Format:

\b[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}\b

DOGE (Dogecoin):

Matches Dogecoin addresses.

Format:

\bD{1}[5-9A-HJ-NP-U]{1}[1-9A-HJ-NP-Za-km-z]{32}\b

DASH:

Matches Dash addresses. Format:

\bX[1-9A-HJ-NP-Za-km-z]{33}\b

XMR (Monero):

Matches Monero standard addresses.

Format:

\b[48][0-9AB][1-9A-HJ-NP-Za-km-z]{93}\b

NEO:

Matches NEO addresses.

Format:

\bA[0-9a-zA-Z]{33}\b

XRP (Ripple):

Matches XRP addresses.

Format:

\br[0-9a-zA-Z]{33}\b

USDT on Ethereum (ERC20):

Matches USDT on Ethereum addresses.

Format:

\b(0x)?[a-fA-F0-9]{40}\b

USDT on TRON (TRC20):

Matches USDT on TRON addresses. Format:

\bT[0-9a-zA-Z]{33}\b

ADA (Cardano):

Matches Cardano addresses.

Format:

\baddr1[0-9a-z]{58}\b

DOT (Polkadot):

Matches Polkadot addresses.

Format:

\b[1-9A-HJ-NP-Za-km-z]{48}\b

BNB (Binance Coin, BEP2):

Matches Binance Coin addresses.

Format:

\b(bnb1)[0-9a-z]{38}\b

SOL (Solana):

Matches Solana addresses.

Format:

\b[1-9A-HJ-NP-Za-km-z]{32,44}\b

Last changed by 
โ€‰
โ„ญ๐”ฆ๐”ญ๐”ฅ๐”ข๐”ฏ
๐”„๐”ฒ๐”ก๐”ข๐”ซ๐”ฑ๐”ข๐”ฐ ๐”ฃ๐”ฌ๐”ฏ๐”ฑ๐”ฒ๐”ซ๐”ž ๐”ฆ๐”ฒ๐”ณ๐”ž๐”ฑ warpcast.com/cipher twitter.com/Cipher0091 github.com/cipher-rc5
0
1
60

Read more

Tornado Cash Analysis

Documenting data related to activity observed around Tornado_Cash_100eth on the ethereum blockchain network

Jun 20, 2025
2021 Cryptocurrency Investment Fraud - Shima Capital

Type: Investment Fraud / Wire Fraud / Identity Theft

Jun 7, 2025
Anti-Venom

A solution toward the social engineering elements of cryptocurrency address-impersonation attacks.

Jun 2, 2025
Cryptocurrency Scam Incident Report @0xPlus7.eth

Date of Report: 2025-05-12 Report Composed By: Cipher Impacted User Alias: @0xPlus7.eth

May 13, 2025
Read more from โ„ญ๐”ฆ๐”ญ๐”ฅ๐”ข๐”ฏ
Published on HackMD