Threat Level: green Handler on Duty: Russ McRee

SANS ISC: BTC Pickpockets - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
BTC Pickpockets

I observed requests to my webserver to retrieve Bitcoin wallet files:

The files they are looking for are:

wallet - Copy.dat
wallet.dat
wallet.dat.1
wallet.dat.zip
wallet.tar
wallet.tar.gz
wallet.zip
wallet_backup.dat
wallet_backup.dat.1
wallet_backup.dat.zip
wallet_backup.zip

I've seen a couple of such request a couple of years ago, but it's the first time I see that many. The first time I observed this was late 2013, in the middle of the first big BTC price rally.

Please post a comment if you observed similar requests.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

182 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!