Workflowby The Ghost in The Prompt2026-04-016 min read

Red Teaming Claude for Crypto Recovery

Started with an open-source red team repo. Ended with a rough map of how AI assistants can assemble attacker logic fast if you frame the questions right. The useful version of that is not theft. It is recovery, tracing, evidence handling, and understanding how people actually lose money on-chain.

It started with a simple question about an open-source security repo.

A few prompts later the conversation had drifted into attack-surface mapping, testing logic, wireless lab setups, and the general shape of how somebody with enough patience could assemble a workflow they did not invent themselves.

That is the part worth paying attention to.

Not because I want to run crime fan-fiction through a chatbot. Because if you are serious about recovering stolen crypto, tracing scams, or building a small company around post-incident response, you need to understand how quickly modern assistants can help people organize bad intent into something that feels operational.

Same machine. Two uses. Build faster, or get worse faster.

Ten Ordinary-Looking Prompts Into Attacker-Shaped Territory

The useful insight was not any one answer. It was the progression.

The conversation moved like this:

  1. Ask what a red-team repo is.
  2. Ask how you would test your own site.
  3. Ask what an Alfa adapter teaches you.
  4. Watch the assistant start laying out tooling, sequences, lab habits, and attacker-adjacent thinking in a calm helpful voice.

The model did not need a direct prompt that said, "teach me how to steal."

It responded to something softer:

  • curiosity
  • self-testing language
  • lab framing
  • "I own this" framing
  • step-by-step escalation

That is how a lot of real misuse happens now. Not with one cartoonishly evil prompt. With ten ordinary-looking prompts in a row.

Each Answer Handed the Next Category to the Attacker

The questions were framed as legitimate. "What is this tool?" "How would I test my own site?" "What can I learn with this hardware?" Those all sound ordinary. In many cases they are ordinary. A security researcher, a sysadmin, a founder, and a bored criminal can all ask the same question. The model has to answer the surface intent first.

Each answer became the next scaffold. You do not need one perfect prompt if each answer hands you the next category: recon, scanning, auth testing, injection, lab hardware, packet capture, protocol awareness. The answer itself becomes the outline for the next round.

Tool names are retrieval anchors. Once a conversation picks up names of common tools, frameworks, and workflows, the assistant has more structure to pull from. That does not mean the operator suddenly became a real expert. It means the model started handing them a shape. For a bad operator, shape is often enough.

The tone stays neutral while the implications do not. An assistant can describe ugly things in a clean, professional, almost educational tone. That tone makes the material feel safer and more legitimate than it really is. That is one reason red teaming the model matters. The danger is not only what it says. It is how calm it sounds while saying it.

The Theft Is Rarely Just "the Blockchain Part"

Because crypto theft is rarely just "the blockchain part."

People lose money through:

  • wallet drain approvals
  • seed phrase theft
  • fake support flows
  • impersonation
  • malicious contract interactions
  • social engineering
  • exchange off-ramping
  • timing, laundering, and chain-hopping after the initial hit

If you want to help victims, you need to see the attacker stack for what it is:

not magic
not genius
not always deeply technical

Often it is just workflow.

A phishing page here. A fake urgency cue there. A bad signature request. A few hops. A cash-out path. Enough pressure and confusion to keep the victim from reacting in time.

That is why red teaming the assistant is useful. The question is not "how do I attack?" It is: what kind of sequence can an attacker assemble quickly now, and what does the defense side have to be ready for?

The Lawful Version

If you were building a crypto recovery company starting today, the real work is not glamorous.

It looks more like this:

HACK LOVE BETRAY
COMING SOON

HACK LOVE BETRAY

Mobile-first arcade trench run through leverage, trace burn, and betrayal. The City moves first. You keep up or you get swallowed.

VIEW GAME FILE
  • intake and triage
  • evidence preservation
  • wallet and transaction collection
  • chain tracing
  • exchange identification
  • service-provider escalation
  • documentation for counsel or law enforcement
  • risk scoring on whether funds are still reachable
  • victim communication that does not create false hope

That is a business. It is not the movie version where you "hack back."

You stay on the legal side of the line:

  • no touching wallets you do not control
  • no accessing accounts without permission
  • no private key fantasies
  • no revenge operations disguised as defense
  • no bullshit claims about guaranteed recovery

If the funds are gone, say they are gone. If the trail is still live, preserve it fast. If an exchange can freeze something, get the evidence clean enough that they will actually care.

The Small Version You Could Start Now

Start with trace work, not heroics.

You do not need to launch as "world's greatest crypto hunter." You can start as:

  • incident intake
  • wallet tracing
  • victim-facing explanation
  • scam pattern documentation
  • evidence packages for lawyers, exchanges, and investigators

The first product is clarity.

Most victims are not only losing money. They are losing orientation.

They need someone to tell them:

  • what happened
  • where the funds went
  • what can still be documented
  • what can still be escalated
  • what is fantasy and what is real

That alone has value.

The Funny Part

The funny part is that "recovering crypto" sounds almost noble until you say what it requires.

It requires studying:

  • thieves
  • launderers
  • wallet drainers
  • prompt chains
  • bad UX
  • panic behavior
  • exploit marketing

You end up learning the attack world in order to help people survive it.

You study criminal workflow so you can build a lawful company that helps clean up after it. That is modern work now.

From "We Got Drained" to an Actionable Evidence Package

Not only wallets. Not only models.

I would red team the full loop:

  • what the victim sees
  • what the attacker needs
  • what the assistant will reveal
  • what the exchange requires
  • what the evidence package is missing
  • how long the trail stays actionable

Because the gap between "we got drained" and "here is the chain, here is the recipient cluster, here are the next entities to contact, here is what is still recoverable" is still much too wide.

That gap is a company.

The chat worked because the model followed a sequence of reasonable-sounding questions into attacker-shaped territory without needing explicit criminal intent.

That is a reason to get sharper.

If you want to build something useful in crypto recovery, the serious version is simple: study the workflow, understand the psychology, trace the money, preserve the evidence, stay inside the law, start smaller than your ego wants.

You learn the attack path in order to build the recovery path. That is the work. That is the opportunity. And if enough people keep getting drained while nobody explains the trail cleanly, that is also the audience.

GhostInThePrompt.com // You learn the attack path to build the recovery path. That gap is a company.

Continue Reading

workflow

Dashboards Are Tactical Displays

The boring log entry is not boring. It is signal inside noise. ggplot2 and Seaborn are not academic tools — they are how you see the heartbeat of a hidden process, the geography of a coordinated attack, the smoothed-over spike of an active exfiltration.

workflow

Checking Tone Against Your Baseline (Without Losing Your Mind)

Tone work gets stupid fast if you treat every sentence like a constitutional crisis. The point of a baseline is not paralysis. It is calibration.