CBSE Blockchain Incident Response and Forensics

Question 1

What is the first step a blockchain security responder should take when a smart contract exploit is detected on a live network?

Accepted Answer

Immediately pause or upgrade the contract if a circuit breaker exists

Answer

Redeploy the contract to a new address

Answer

Notify all token holders via email

Answer

Delete the contract bytecode from the chain

Question 2

Which on-chain data source is most valuable for tracing stolen funds after a blockchain hack?

Accepted Answer

Transaction history and event logs on the public ledger

Answer

Mempool pending transactions

Answer

Validator private keys

Answer

Off-chain database backups

Question 3

A blockchain forensics team identifies a wallet cluster used for money laundering. Which technique links those wallets together?

Accepted Answer

Common-input ownership heuristic

Answer

Zero-knowledge proof analysis

Answer

Merkle proof verification

Answer

Schnorr signature aggregation

Question 4

During a post-incident blockchain review, what does an unusually high gas consumption spike in a single block most likely indicate?

Accepted Answer

A potential flash loan or reentrancy attack consuming compute-heavy operations

Answer

A network-wide software upgrade

Answer

Normal validator block proposal

Answer

A routine token airdrop

Question 5

Which US agency is the primary authority for reporting a major cryptocurrency theft that crosses state lines?

Accepted Answer

FBI / IC3

Answer

CISA

Answer

FTC

Answer

SEC only

Question 6

What is chain-of-custody in the context of blockchain forensics?

Accepted Answer

Documented handling of digital evidence ensuring integrity from collection to court

Answer

The sequence of block validators

Answer

The order in which nodes sync the ledger

Answer

A multi-sig approval workflow