Aubox User Guide

Complete Investigation Operator Guide

This page is a complete operating reference for the Aubox app. It documents every major tool, what each tool does, how to run it, what to enter in the UI, and what results appear on screen.

Open DashboardLog InCreate Account

End-To-End Workflow

1. Create or select a case

Open Cases, create a new case (title, target address, chain), and set it active. Case-scoped tools read and write only to the active case.

2. Profile Address

Run wallet profiling first to collect labels, tx count, risk score, and data source coverage. This also saves a case event and address artifact.

3. Trace Funds

Trace money flow outbound, inbound, or both. Expand hops for enriched context, social chatter, swaps, transfers, and risk narrative.

4. Cluster Entities

Group related wallets by heuristic evidence and confidence. Save seeds as artifacts and capture cluster evidence as case events.

5. Social Investigation

Run targeted social queries across entities, tags, hashtags, tickers, usernames, and user focus. Review diagnostics and save terms as artifacts.

6. Fund Flow Analysis

Trace stolen funds end-to-end across chains, bridges, exchanges, DEX routes, and settlement wallets using an interactive graph.

Feature Operating Manual

Cases

Route: /cases

Create, select, and delete investigations.

How to use

  • Create a case with title, target address, and chain.
  • Select the case to make it active for all case-scoped tools.
  • Delete a case only when you want to remove its scoped records.

What you enter

Case Title: Bridge Outflow Review | Target Address: 0x1111...1111 | Chain: Ethereum

What you see

A new case card appears, is selectable, and can be marked active for all tools.

Profile Address

Route: /cases/{caseId}/profile-address

Build a high-signal dossier for a target wallet or entity.

How to use

  • Enter a wallet address or use @artifact recall.
  • Choose chain and run profile.
  • Review analyst summary, risk score, labels, tx count, balance, and source coverage.
  • Result auto-saves a case event and profile artifact when active case exists.

What you enter

Address: 0x2222...2222 | Chain: Base

What you see

You see risk score, label count, transactions, balance, source coverage bars, and attributed labels.

Trace Funds

Route: /cases/{caseId}/trace-funds

Investigate movement paths across hops and directions.

How to use

  • Enter source address, chain, direction, and depth (1-5).
  • Run trace and monitor async job state if a jobId is returned.
  • Expand hop rows to load per-hop enrichment from hop-details.
  • Review transfer context, swap context, social context, token risk, and narrative.
  • Use explorer links for address and transaction validation.

What you enter

Source Address: 0x3333...3333 | Chain: Ethereum | Direction: Outbound | Depth: 2

What you see

You get a trace result panel with hops, explorer links, and expandable enriched details per hop.

Cluster Entities

Route: /cases/{caseId}/cluster-entities

Identify likely ownership or operational linkage patterns.

How to use

  • Paste one seed address per line or comma separated list.
  • Use @artifact recall in seed input when needed.
  • Choose strictness and time window to control linkage sensitivity.
  • Run clustering and poll async job if present.
  • Review confidence, evidence codes, and address relationships.

What you enter

Seeds: 0x5555...5555 and 0x6666...6666 | Chain: Base | Strictness: Balanced | Time Window: 30d

What you see

Cluster cards appear with confidence bands, supporting evidence, and linked addresses.

Social Investigation

Route: /cases/{caseId}/social-investigation

Search social posts and convert discovered terms to reusable case artifacts.

How to use

  • Fill free-text query and optional entity/tag/hashtag/ticker/username lists.
  • Set optional user focus and sort mode (Top or Latest).
  • Run search and review compiled query plus result records.
  • Use diagnostics panel to inspect selected deSearch route and attempt statuses.
  • Terms are auto-saved to case artifacts when active case is selected.

What you enter

Query: bridge exploit | Entities: aubox | Hashtags: security | Ticker: ETH | User focus: investigator | Sort: Latest

What you see

You see compiled query text, post count, result cards, and diagnostics with request attempts.

Artifact Manager

Route: /cases/{caseId}/artifacts

Review, add, rename, search, and delete case intelligence tokens.

How to use

  • Create manual artifacts with value, optional tag, and kind.
  • Search by tag, value, or alias.
  • Rename tags and remove obsolete artifacts.
  • Use artifact tags later with @artifact recall in Profile and Cluster inputs.

What you enter

Value: 0x7777...7777 | Tag: suspect_router | Kind: address

What you see

Artifact appears in the list with kind, source, updated time, and inline rename/delete controls.

Fund Flow Analysis

Route: /cases/{caseId}/fund-flow

Trace stolen funds across entities and protocols until settlement destinations are identified.

How to use

  • Set wallet address, starting chain, and theft timestamp.
  • Optionally include stolen amount and initial theft transaction hash.
  • Run analysis to build a graph of entities and fund transfer edges.
  • Inspect distribution by protocol type and top destinations to identify likely settlement.

What you enter

Address: 0x1234...abcd | Chain: all | Theft Date: unix timestamp

What you see

Interactive graph appears with protocol-labeled nodes, transfer edges, and settlement-focused summary cards.

Profile Settings

Route: /profile

Manage analyst profile fields used in your account session.

How to use

  • Open Profile from the dashboard.
  • Update full name and optional avatar URL.
  • Use quick avatar color buttons if you want an auto-generated icon.
  • Save profile and confirm the updated card values.

What you enter

Full Name: Case Analyst | Optional Avatar URL: https://example.com/avatar.png

What you see

Profile card and avatar update immediately after save.

Artifact Recall Rules

  • Artifact kinds: address, entity, hashtag, ticker, username, query, note.
  • Artifact sourceFeature values: trace, cluster, social, profile, fund-flow, manual.
  • @artifact recall is available in Profile Address and Cluster Entities input flows.
  • Artifacts are case scoped and never shared across other cases.

Intelligence Sources

Dune

Adds historical transfer context for fund-flow and laundering investigations when Dune query access is configured.

DefiLlama

Matches bridge protocol hints so cross-chain movements are labeled with better protocol confidence.

CoinGecko

Provides token contract pricing context used for stronger value interpretation in cross-chain flows.

Dexscreener

Adds token risk scoring for suspect assets seen in traced bridge-related hops.

Operational Best Practices

Always Confirm Active Case

Run all case-scoped tools only after confirming the active case id.

Persist Evidence Early

Run profile, trace, cluster, social, and fund-flow analysis early so cross-signal validation happens before conclusions.

Corroborate Across Signals

Validate conclusions with at least two sources: onchain flow, clustering, and social context.

Export Milestones

Capture key findings from each major analysis pass to preserve analyst rationale and handoff context.