Accepted Manuscript

Cracking Bitcoin wallets: I want what you have in the wallets

Tejaswi Volety, Shalabh Saini, Thomas McGhin, Charles Zhechao Liu,

Kim-Kwang Raymond Choo

PII: S0167-739X(18)30292-9
DOI: https://doi.org/10.1016/j.future.2018.08.029
Reference: FUTURE 4413

To appear in: Future Generation Computer Systems

Received date : 9 February 2018

Revised date : 27 July 2018
Accepted date : 16 August 2018

Please cite this article as: T. Volety, et al., Cracking Bitcoin wallets: I want what you have in the
wallets, Future Generation Computer Systems (2018), https://doi.org/10.1016/j.future.2018.08.029

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to
our customers we are providing this early version of the manuscript. The manuscript will undergo
copyediting, typesetting, and review of the resulting proof before it is published in its final form.
Please note that during the production process errors may be discovered which could affect the
content, and all legal disclaimers that apply to the journal pertain.
 Craccking Bitcoiin Waallets:
I Waant Whhat Yoou Havve in The
T W Walletss
Teejaswi Voletyy, Shalabh Sainni, Thomas M
McGhin, Charlees Zhechao Liiu, Kim-Kwanng Raymond C
Choo

Departmennt of Informatiion Systems annd Cyber Secuurity, Universiity of Texas att San Antonio
San Anntonio, TX 782249, USA

teja.vvolety@gmail.com, shalabh
h.saini1@gm
mail.com, mcgghin.thomas@ @gmail.com, C
Charles.Liu@uutsa.edu,
raymondd.choo@fulbrigghtmail.org

Abstract – Bitcoin is iincreasingly p popular, whicch is partly eevidenced by the significan nt increase in
n its value in
recent yeears. This inccrease in pop pularity and value
v has led to malicious actors stealinng, or attemppting to steal,
Bitcoin w wallet privatee keys in ord der to gain oownership ovver the digitaal currency h held in these wallets. To
demonstrrate this secu urity threat, two
t Bitcoin w
wallet softwarre are studied d, namely: Mu ultibit HD annd Electrum.
Each wallet is subjectt to a combin nation of a paassword explooits and a resstore wallet eexploit. Find dings suggest
that it iss possible to ggain access to Multibit H HD and Electrrum wallets through offliine brute force password
attempts. Once a passsword is foun nd, it is possiible to restoree a wallet witth all Bitcoin
ns contained wwithin. This
restoratioon is possiblee even if accesss to the Bitcooin wallet hass never occurrred. These fiindings highliight the need
for moree research intoo Bitcoin wallet security and forensics.

Keywordss – Cryptocurrrency; Bitcoin

ns; Bitcoin W
Wallet Securityy; Bitcoin Walllet Forensics; Cryptocurreency Wallet;
Multibit H
HD, Electrum
m
I. INTRODUCTION
B
Bitcoin has beeen deployed in the industrry since 20088 and have beecome one of the most widdely adopted
digital cuurrencies by individuals aand businessees across the globe. This upward turnn in popularitty has also
significanntly increased its value, whhich was alreaddy prone to voolatile swingss in valuation. Bitcoin speccifically had
its largestt value surge iin the form of a growth of 342% as it rosee from 5,617 USD
U in Octobeer 2017 to 19,,230 USD in
Decembeer 2017 [1].

Figure 1 – BTC Prrice retrieved ffrom //financee .yahoo.com / quote /BTCU

USD=X/

Withh this increase in value, moree consumers aare eagerly invvesting into the Bitcoin infraastructure. Coonsequently,
there is allso a correspoonding increase in potential security threaats and malicioous actors. Duue to the way Bitcoin and
blockchain handle ownership, a user needs to have a Bitcoin address and Bitcoin wallet to prove title over the
currency. Specifically, blockchain is a broadcasted and distributed ledger that holds records and maintains the
transactions of the user [3]. It has specified and allotted funds for every address that purchases those funds. These
funds can only be accessed once a successful approval of the private key has been done [4]. A Bitcoin wallet is a
collection of private keys and public keys through which the successful transfer of funds can be accomplished [4].
In other words, Bitcoin wallet is a single point of failure or attack vector for a malicious actor to gain control over an
individual’s Bitcoins. There have been several high profile incidents where Bitcoin wallets were breached, resulting
in losses amounting to millions of dollars [2]. The only form of security in the Bitcoin wallet is a secret key that is
given to every Bitcoin wallet [3].
The downside to this implementation comes from the private key being stored in the Bitcoin wallet. If a
malicious actor gains access to that Bitcoin wallet, then they can use that private key to gain control of that user’s
bitcoins [3]. The Bitcoin infrastructure uses the private key as the means of authenticating ownership of any
Bitcoins owned by the associated Bitcoin address [3]. If the private key is lost, so is all ownership.
In this paper, we examine the security of two publicly available Bitcoin wallets to demonstrate the security
risk associated with the system. Specifically, we demonstrate how we can exploit existing design flaws in Multibit
HD and Electrum, two popular different Bitcoin wallets, and gain unauthorized access to the Bitcoins stored in these
two wallets. The findings from this research will help inform the (secure) design of future Bitcoin wallets.
In the next section, we will briefly review background materials on Bitcoin and Bitcoin wallets. In Section
III, we review the related literature. In Sections IV and V, we present our research methodology and findings,
respectively. We then conclude the paper in the last section.

II. BRIEF BACKGROUND

We will now introduce the key components of a Bitcoin system.
A. Bitcoin Software and Bitcoin address
To store Bitcoin on one’s device, the user first needs to download the Bitcoin software and enable it on the
device (Android or iOS device, personal computer, and so on). There are a number of Bitcoin software in the
market, and at the time of this research one of the most popular software is Bitcoin-Qt. It is the first version of
Bitcoin peer-to-peer open source software, which was reportedly created by the founder of Bitcoin. To utilize the
Bitcoin software, a user needs a Bitcoin wallet. A Bitcoin wallet is similar to that of a physical wallet, where the
user is allowed to view, share, and spend the funds available in the wallet. The user has control over his or her funds
and can further pay or exchange the funds with another user just like a real wallet [5]. A user also needs a Bitcoin
address, which identifies the user on the Bitcoin network [4]. A Bitcoin address is similar to a name or an ID that
verifies who a user is.
Bitcoin-QT includes both the Bitcoin wallet and the public ledger, that includes all the transaction records
for the Bitcoin wallets. This is different from the rest of the wallets, as it connects to the network through another
Bitcoin server [6]. Due to the financial nature of Bitcoin and the potential for it to be used in criminal activities such
as fraud and money laundering, one may need to conduct forensic examination of Bitcoin wallets. For example, a
forensic examination of Bitcoin QT may reveal three folders: “blocks,” “database” and “chainstate.”. A further
investigation of these folders could revealed additional files such as “.lock,” “db.log,” “debug.log,” “peers.dat” and
“wallet.dat”. These folders and files have a specific purpose, and potentially store artifacts of forensic relevance [6]
Forensic examiners could also perform an in-depth examination of the underpinning Blockchain ledger [7].
The ledger is maintained on a public platform that comprises all the Bitcoin transactions [5]. Hence, having access
to the relevant private key can facilitate the forensic investigation (e.g. gain access to the Bitcoin wallet).

B. Bitcoin Wallet vs Physical Wallet

A Bitcoin wallet is very similar to that of a bank account or a web wallet. It lets the software create a pair of
keys: one private and one public. The key generation is a vital part of the process. it should be simple to remember
for the user, but hard to be correctly guessed by anyone else. For example if the wallet software chooses d=1 for the
private key, it would be B=b A=1 A=A. Now this public key would then be generated into an address and used for
the block chain platform. However, if the address was to be revealed, then it would be easier for the attacker to
guess the private key by simply brute forcing “easy” private keys such as 1,2,3 tallying at every level, monitoring if
any address matches in the unspent transaction output cache (UTXO cache). Hence, putting the funds in the account
of a similar address at risk.
 In order to avoid such thefts from taking place, one option is to use a ‘secure’ private key generator, which
generates a key with the most random numbers possible, and with a high level of entropy. This system is used by
many software generating wallets such as Bitcoins. These wallets keep a copy of the key that is only ‘visible’ to the
user. These wallets also allow the users to make a backup of their key by generating a new key and saving it in a
secure place in the wallet. It is clearly crucial for a user to back up their wallet securely and regularly change the
keys in order to minimize potential for theft.
There are a number of differences between a Bitcoin wallet and a physical wallet, and we will now describe
three key differences.

 Control
A physical wallet is a tangible object that can be stolen, used or possessed by a single person at a given time. It
cannot be copied or does not need a protective password to access. On the other hand, a Bitcoin wallet can be easily
copied and its ownership is recognized by the user who is spending it. It has a protective pass key and the ownership
of the wallet belongs to the person, who possess the protective key, and in this case that key is a private key. Bitcoin
fraud can happen by copying the wallet, which effectively ‘steals’ the wallet.

 Accessibility
A physical wallet can only be used by a single person at one time, due to the tangibility aspect as only one wallet
can exist at a time. In contrast, a Bitcoin wallet can have various copies and can be accessed from several unique
devices. The private key and signature requirements can be easily transferred to the respective drives but usage might
require the cooperation between these devices. This makes the Bitcoin wallet easy to access and has promoted more
types of wallets than physical ones.

 Receive Only
A ‘receive only’ wallet is also known as a ‘watch only’ wallet, where the funds can only be received and not
spent. The user is given a copy of the protective key (also known as the public key), where the user is not trusted or
there is a need to monitor the wallet. Only when the key is used can the watch wallet be accessed.
III. RELATED WORK
There has been a small number of studies on Bitcoin wallet security in recent years. For example, Kaushal, et al.
[9] studied the evolution of Bitcoin and Bitcoin wallet security, and identified a variety of security threats to Bitcoin
wallets (i.e., direct theft, bait and switch, fabricated transactions, chain hijacking, unintentional transaction
suppression, and intentional transaction suppression).
Dikshit and Singh [10] presented an improved weighted thresdhold Elliptic Curve Digital Signature
Algorithm (ECDSA) to secure Bitcoin wallets [10]. The proposed algorithm distributes a potion of the private key
over a group of individuals. This provides additional security as no one individual has complete access [10]. In the
proposed approach, individuals are also separated into groups of differing weights, and each group has the same
weight and a subset of players having more than or equal to a threshold value of that group can reconstruct the secret
key [10].
Gentilal, et al. [11] explained the need to allow the separation of trusted and non-trusted environments
when deploying code on a software / hardware platform. Their proposed system is designed to add flexibility and
reliability to a Bitcoin wallet by the added security measures deployed in a non-trusted environment [11]. The wallet
is also more resilient to dictionary and side-channel attacks under the authors’ proposed system, due to the code
being insulated from untrusted sources [11]. The experiment was conducted in a laboratory setting to demonstrate
that the security of a Bitcoin wallet can be enhanced at the expense of increased computational resources (i.e., due to
the encryption process).
Mann and Loebenberger [12] demonstrated how one can introduce two-factor authentication to a Bitcoin
wallet for increased security. However, the approach does not focus on protecting the password or data contained in
the Bitcoin wallet itself from dedicated attacks.
Dlamini, et al. [13] attempted to determine if a SMS system could be used to access a Bitcoin wallet. The
authors developed and deployed a software system of using mobile phones to access a third-party that would initiate
the Bitcoin wallet transaction into the blockchain infrastructure [13]. This system did not focus specifically on
security, but instead created a framework that would allow a third-party to handle security protections [13]. The
evaluation was performed in a laboratory setting.
Existing forensic tools may support Bitcoin client forensics. For example, Internet Evidence Finder (IEF).
included two on-disk resources; wallet file and client log files [14][15]. Using IEF, Doran [7] analyzed the Multibit
and Bitcoin-Qt files and the Internet activity. From the author’s analysis of the RAM capture, it was determined that
the Multibit application could be located and examination of the “.info” files could reveal information such as wallet
version, where the wallet backup was stored, and the specific addresses associated with the wallet file.
Other related forensic studies include the study of Litecoin and Dark coin on both iOS and Android devices
[16]. The authors were able to recover data such as metadata, installation data, time stamps and usage indications
using Cellebrite UFED physical Analyzer (another commonly used commercial forensic software), iFunBOX and
ADB. iFunBOX was widely used for iOS and ADB for Android forensics. In one instance, the private key was also
recovered using this method [17]. However, this approach could only be used to obtain human readable data [17].
It is clear that Bitcoin wallet security and forensics are two relatively new research areas, unlike mobile
security [18, 19, 20], Internet of Things (IoT) security [21, 22, 23], and so on. Hence, this paper seeks to contribute
to the knowledge gap.
In the next section, we will present our research methodology.
IV. RESEARCH METHODOLOGY
Our research setup consists of three phases, where the first two phases are for experiment preparation and the
third phase is mainly from the end user perspective. The three phases are as follows, and illustrated in Figure 1:

 Phase 1: Preparing the environment and installing MultibitHD and Electrum software, creating a secure
wallet and installing other necessary tools for creating our software for cracking.
 Phase 2: Creating our software package to extract the password by performing a brute force dictionary
attack on the two bitcoin HD wallet words.
 Phase 3: Executing our package on both wallets with the aim of breaking into the bitcoin wallet with the
recovered password.

A. Phase 1
This phase includes the preparing of the test environment and installing and configuring of the necessary tools.
In order to prepare the test environment, a fresh Windows 7 virtual machine (VM) was created in our exeriments.
The VM was configured with 4 GB RAM, and 500 Gb disk size. We also added network capabilities on the VM so
that we can take the advantage of computational power of another VM. The second VM had the same configuration
as the first.
The next step is to install and setup a wallet (and in our context, Multibit HD v0.4.1). While creating the wallet,
a screenshot of wallet words and the date stamp should be taken. This step is performed to facilitate the comparison
of the final result with the initital wallet words. Next, a memory scanner/hex editor/debugger is installed, and in our
experiments we used Cheat Engine which is an open source memory scanner/hex editor/debugger. This tool allows
us to search for values input by the user with a wide variety of options, and to find and sort through the device's
memory.
Table 1 summarizes the tools used in our experiments.
 Figuree 2: Experimeent Setup

Tool Name VVersion P

Purpose
Cheat Engine
E 66.6 Memory scanneer tool to analyyze Multibit H
M HD/Electrum
Multibiit HD 00.4.1 Offline Bitcoin wallet where we performedd our bruteforcce attack
Electrumm 33.0.2 Offline Bitcoin wallet where we performedd our bruteforcce attack
Java JD
DK 1.8.0 Thhis software wwas used to creeate the Java ssnippet used inn our
brruteforce attacck.
Automaation test suitee package N
N/a M purpose w
Main was to drive thhe Java snippett to the wallet and
auutomate the atttack process.
Table 1. Applicationss Used
B. Phasse 2 (Optional,, if seed is knoown)
T second pphase is to seetup and creaate the softwaare package ffor cracking the
The t wallet woords. In our
experimennts, the Cheatt Engine softw ware was executed and thee Bitcoin walllet HD processs was attacheed to it. The
“value typpe” in the cheeat engine was selected as a string and a random keyw word from thee MultibitHD wallet word
was scannned. After brrowsing the memory
m locatiion of the keeyword resultss, we could ssee several otther English
dictionaryy words. Therre were a totaal of 2,053 diictionary wordds extracted ffrom Multibit using the Chheat Engine.
Figure 3 shows the listt of words thatt were seen. T
These words w were collectedd and compiledd into a databaase. We call
this the diictionary databbase.

Figure 3: Dictionarry words foundd in Memory A

Analysis

The next step in this phhase is to creatte the attackerr package.

T wallet sellected in this ppaper is a deskktop applicatioon hosted on tthe user’s perssonal computeer, with a 12-
The
seed passsphrase suggeested by the wallet
w at the time
t of creatiion. The user may access tthe funds usinng either the
passwordd generated orr the 12-seed passphrase. T The latter is a combination of 12/24 worrds from a cluuster of 2100
dictionaryy words encryypted in the wallet
w applicaation. After mmultiple considderations and trials of possibilities, the
available option to cracck through a wwallet is to idenntify the dictioonary and try all possible coombinations.
T above ideentified solutioon involved thhe following stteps:
The
 Extraact the dictionnary
 Creatte the combinaations for a dictionary file
 Checck for the correect passphrasee

To im mplement the above three steps, the proocess opted too crack the paassphrase is ooffline brute fforce attack,
which is a trial-and-eerror model and a time conssuming. It innvolves the trrying of all ppossible combbinations of
characterss in a sequencce to crack ann encrypted gaateway. The tiime required vvaries with thee number of characters
c or
words invvolved in the paraphrase. R Reverse brute force (i.e., w when the passw word is know wn and the useer should be
identifiedd) comparativeely needs less time to succeeed, but this is not applicablee for our experriments. We im mplemented
the offlinne brute force attack using oour extracted set of 2100 w words (hereafteer referred to as the ‘dataseet’) from the
wallet appplication.
The 22100 words ddataset is proviided as input tto our softwarre package to generate the dictionary
d filee that can be
used for tthe offline bruute force attackk. The datasett being huge reequires a standdalone databaase maintainedd on a server
that is beiing used for coonducting the offline brute fforce attack.
 To avoid abuse of the research, the code of our software package is not shared although it is available upon
request.
C. Phase 3
As both wallets in our study have no in built storage or cloud storage that can be used to store the passphrase,
this ruled out the possibility of using shell or batch process to crack the application with multiple entries in a single
attempt. In other words, if one is examining Bitcoin wallets with either in built storage or cloud storage that can be
used to store the passphrase, it may be easier to crack the application using an automated script.
In addition, both wallets being studied are not web based application, and hence the option of interacting with
the web elements using an Object-oriented programming language is not possible. Thus, an application capable of
interacting with desktop applications is chosen and a 25-line trigger is created to create the possible combinations
from the extracted data set. The time taken is more than any conventional password cracking methodologies, but a
secure wallet with BIP 32 encryption on a desktop tool rules out many other easier options.
Also one could utilize multiple machines or virtual machines (VMs) to speed up the attack, which is our
approach in this paper. Specifically, we use the stand-alone server with a layer of VMs operating above the host in
parallel, simultaneously trying to crack the wallets. However, the entire dictionary generated using our Java snippet
is efficiently distributed evenly across the VMs and designed to perform an offline brute force attack on the wallet
simultaneously, resulting in the metrics presented in the next section. During the process of attempting to gain
access to the wallet, the combinations for which the possibility of being a genuine combination for any wallet (and
not only for the current wallet) will be saved to facilitate future brute-force attempts on other wallets.
As specified earlier, as the VMs involved increases, the time required in obtaining the 12-word seed reduces.
Thus, the configuration of the host and the VMs is improved with twice the number of cores involved, processor
clocks, RAM (heap assigned). We remark that the primary consideration before implementing an upgrade to
enhance performance is the requirement of memory capacity and the memory speed, which can be acquired with
higher hardware specifications (e.g. RAM chip, hard disk drive (HDD), and processor). For example,
 Memory capacity: The more gigabytes (GB) the memory module has, the more programs one can have
open at once.
 Memory Speed: The amount of time that it takes the RAM to receive a request from the processor and then
read or write data.
If during the attack, one runs out of RAM memory, then another disk can be used as a replacement (i.e.
swapping). Greater amount of RAM memory means that more instructions can fit into that memory and, therefore,
bigger programs can be loaded at once. Implementing the above option allowed our findings to be improved by
approximately 80%.

V. FINDINGS

Now, we present the findings from our research conducted on both the Multibit HD and Electrum Bitcoin wallets,
using the methodology presented in the preceding section. Specifically, we present the time required to brute force
all possible combinations of the 12 words wallet generation seed. As there are 26 English alphabets, if one wishes to
brute force 12 out of the 26 alphabets, there are 26 possibilities for the first character. Each of those 26 possible first
characters can match up with another 26 possibilities for the second character, so that are 676 (i.e. 26×26)
possibilities for 2 characters. It is possible to keep doing this for however many characters there are in the "seed".
This results in 2612 = 9.54 x 1016 combinations. Now imagine when there are 2048 words that can potentially be
used in a 12-word seed, then this would result to 205212= 5.44 x 1039 combinations. Now if 10 billion passwords
are checked per second, it would take more than 1.7 x 1022 years to try all possibilities.
We use the dictionary file we generated as the input for our attack in our software package, and are able to
identify more than one combination of a given 12 words (Seed) successfully. Thus, this fires the ‘next’ button
indicating the probability of a wallet being tagged to the combination. Nevertheless, the combination could not be
used to retrieve a password as the combination is not yet assigned to a wallet in the available resources in the wallet
application’s proximity (network), as we observe during the examination of both BIP-32 wallets in this paper. The
percentage of the identified valid combinations gradually decreases as the number of combinations fed to the
application increases.

A. Multibit HD Attack Results

 The vvalid combinaations identifieed for the MulltiBitHD can aalso be used for
f restoring thhe wallet in thhe event of a
damaged or lost devicee where the waallet was instaalled. This featture requires tthe seed alongg with the datee time stamp
provided at the time oof wallet geneeration, whichh implies the effective impplementation of the valid ccombination
generatedd and the timesstamp feed whhen implemented through a brute force atttack.
The results
r for the ‘MultibitHD’’ desktop wallet application are shown in Table 2 and F Figure 4.

Table 2:: Multibit HD Results

B. 5.2 Electrum atttack result

Tabble 3: Multibit HD Results

The Electrum doees not providee a timestampp feature that allows us to restore the w wallet with juust the valid
combinattions, and if thhe wallet is yett to be assigneed to a user, thhen the restoraation process rresults in an em
mpty wallet.
In other words,
w if it hass been assigneed to a user, thhen an attackerr can gain unaauthorized acccess to the currrency stored
in the walllet, which is wwhat we manaage to achieve in the experim ment.
 As observed in Tabble 3 and Figure 5, the numbber of combinnations valid for f the dictionaary feed givenn is between
1.01% andd 10% for a given 12-woord seed, whiich has been plotted on tthe graphs beelow for bothh the wallet
applicationns. It is evidennt from the ressults that the function
f that reesults the num
mber of valid ccombinations ffor a dataset
(Multiples of 10’s) is innversely propoortional as thee number increeases, which tends t to reachh >1%. Thereffore, we can
state the coomfort levels of an attackerr to exploit thhis vulnerabilitty with a reasoonable compuutational poweer to acquire
unauthorizzed access to thhe wallets.

Figurre 4: Multibit H
HD -Valid com
mbination of word
w seed

F
Figure 5: Electrum
m - V
Valid combination of worrd seed

VI. CONCLUSION AND FUTU

URE WORK

Given the increasinng popularity of Bitcoin (annd other cryptoocurrency) waallets, the likellihood for morre malicious
actors to aattempt to expploit these vulnnerabilities wiill increase. While
W there havve been attemppts by the secuurity and
cryptograaphy communiity to design solutions to ennhance the secuurity of Bitcoiin wallets (e.g. [24–27] ),
vulnerabiilities may exist in the impleementation of such security solutions or thhe underpinninng componentts (e.g. the
communiication protocool in the Ledger wallet [28])). Such vulnerrabilities can be b exploited byy an attacker tto gain
unauthoriized access to the Bitcoin (oor other cryptoocurrency) storred in the walllets, as demonnstrated in thiss paper.
In thiis paper, we sttudied two poppular bitcoin w wallets, Multibbit and Electruum bitcoin waallets, and reveealed
previouslyy unknown seecurity vulneraabilities. The vvulnerabilitiess could be explloited by a maalicious actor to t gain
access to either of thesee wallets and claim
c ownershhip of the bitcooins within. While
W the findiings of this research is
only limitted to these tw
wo Bitcoin walllets, future exxtension of this research includes the desiggn of a more eefficient
software application caapable of condducting both onnline and offliine brute forcee attacks on a w wider range of Bitcoin
wallets onn different opeerating systemms (e.g. Desktoop and mobile versions suchh as Android and a iOS).
 Future research agenda also includes Bitcoin wallet forensics, in order to increase the community’s knowledge
on the type and range of forensic evidence/artifacts that can be recovered.
VII. REFERENCES
[1] BTC/USD (BTCUUSD=X. https: //finance .yahoo.com / quote /BTCUSD=X/ [last accessed January, 27, 2018].

[2] Peterson, Becky. Thieves stole potentially millions of dollars in bitcoin in a hacking attack on a cryptocurrency
company. Posted Dec. 6, 2017. http://www.businessinsider.com/nicehash-bitcoin-wallet-hacked-contents-stolen-in-
security-breach-2017-12. [last accessed January, 27, 2018].

[3] Satoshi Nakamoto: Bitcoin: A Peer-to-Peer Electronic Cash System, At http://bitcoin.org/bitcoin.pdf [last
accessed January, 27, 2018].

[4] Dorit Ron and Adi Shamir: Quantitative Analysis of the Full Bitcoin Transaction Graph, In Financial
Cryptography and Data Security - 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013,
Revised Selected Papers. Lecture Notes in Computer Science 7859, pp. 6-24.

[5] Wallets: How to Choose a Bitcoin Wallet. https://bitcoinfoundation.org/developers/#wallets [last accessed

January, 27, 2018].

[6] https://bravenewcoin.com/assets/Whitepapers/HackMiami-Analysis-of-the-Cryptocurrency-Marketplace.pdf
[last accessed January, 27, 2018].

[7] Doran, M. (2008). A Forensic Look at Bitcoin Cryptocurrency. Retrieved from https://www.sans.org/reading-
room/whitepapers/forensics/forensic-bitcoin-cryptocurrency-36437

[8] P. Franco, Understanding Bitcoin: Cryptography, Engineering and Economics. (1st ed.) 2015;2014;.

[9] Kaushal, P. K., et al. (2017). Evolution of bitcoin and security risk in bitcoin wallets. Computer,
Communications and Electronics (Comptelix), 2017 International Conference on, IEEE, 172-177.

[10] Dikshit, P. and K. Singh (2017). Efficient weighted threshold ECDSA for securing bitcoin wallet. Asia Security
and Privacy (ISEASP), IEEE, 9 pages.

[11] Gentilal, M., et al. (2017). TrustZone-backed bitcoin wallet. Proceedings of the Fourth Workshop on
Cryptography and Security in Computing Systems, ACM, 25-28.

[12] Mann, C. and D. Loebenberger (2017). "Two-factor authentication for the Bitcoin protocol." International
Journal of Information Security 16(2): 213-226.

[13] Dlamini, N. P., et al. (2017). Development of an SMS system used to access Bitcoin wallets. IST-Africa Week
Conference, IEEE, 10 pages.

[14] Magnet Forensics Inc. Bitcoin Forensics Part II: The Secret Web Strikes Back. Accessed: Jan. 2017. [Online].
Available: https://www.magnetforensics.com/computer-forensics/Bitcoinforensicspart- ii-the-secret-web-strikes-
back/

[15] Magnet Forensics Inc. Bitcoin forensics_A Journey into the Dark Web. Accessed: Jan. 2017. [Online].
Available: https://www.magnetforensics.com/computer-forensics/Bitcoinforensics-a-journey-into-the-dark-web/

[16] A. Montanez, ``Investigation of cryptocurrency wallets on iOS and Android mobile devices for potential
forensic artifacts,'' Dept. Forensic Sci., Marshall Univ., Huntington, WV, USA, Tech. Rep., 2014.

[17] van der Horst, L., Choo, K. K. R., & Le-Khac, N. A. (2017). Process memory investigation of the Bitcoin
Clients Electrum and Bitcoin Core. IEEE Access, 22385–22398. https://doi.org/10.1109/ACCESS.2017.2759766
[18] La Polla, Mariantonietta, Fabio Martinelli, and Daniele Sgandurra. "A survey on security for mobile devices."
IEEE communications surveys & tutorials 15.1 (2013): 446-471.

[19] Mollah, Muhammad Baqer, Md Abul Kalam Azad, and Athanasios Vasilakos. "Security and privacy challenges
in mobile cloud computing: Survey and way ahead." Journal of Network and Computer Applications 84 (2017): 38-
54.

[20] Varma, P. Ravi Kiran, Kotari Prudvi Raj, and KV Subba Raju. "Android mobile security by detecting and
classification of malware based on permissions using machine learning algorithms." I-SMAC (IoT in Social,
Mobile, Analytics and Cloud)(I-SMAC), 2017 International Conference on. IEEE, 2017.

[21] Conti, Mauro, et al. "Internet of Things security and forensics: Challenges and opportunities." (2018): 544-546.

[22] Alaba, Fadele Ayotunde, et al. "Internet of Things security: A survey." Journal of Network and Computer
Applications 88 (2017): 10-28.

[23] Ammar, Mahmoud, Giovanni Russello, and Bruno Crispo. "Internet of Things: A survey on the security of IoT
frameworks." Journal of Information Security and Applications 38 (2018): 8-27.

[24] Gennaro, Rosario, Steven Goldfeder, and Arvind Narayanan. “Threshold-Optimal DSA/ECDSA Signatures and
an Application to Bitcoin Wallet Security.” Proceedings of the 14th International Conference on Applied
Cryptography and Network Security, ACNS 2016, pp. 156-174

[25] Bamert, Tobias, Christian Decker, Roger Wattenhofer, and Samuel Welten. “BlueWallet: The Secure Bitcoin
Wallet.” Proceedings of the 10th International Workshop on Security and Trust Management, STM 2014, pp. 65-80

[26] Dmitrienko, Alexandra David Noack, and Moti Yung. “Secure Wallet-Assisted Offline Bitcoin Payments with
Double-Spender Revocation”. Proceedings of the 2017 ACM on Asia Conference on Computer and
Communications Security, AsiaCCS 2017, pp. 520-531

[27] Conti, Mauro, Sandeep Kumar E, Chhagan Lal, and Sushmita Ruj. “A Survey on Security and Privacy Issues of
Bitcoin”. IEEE Communications Surveys & Tutorials, in press

[28] Gkaniatsou, Andriana Myrto Arapinis, and Aggelos Kiayias. “Low-Level Attacks in Bitcoin Wallets.”
Proceedings of 20th International Conference on Information Security, ISC 2017, pp. 233-253
  
 

Tejaswi V
Volety receiveed the BTech d degree in Electtronics and Co ommunication
ns from Jawaharlal Nehru 
Technological Universitty in 2011. Hee worked for UUSAA for 5 yeaars in Financial Crime managgement area aas a 
Software Integrator. Hee is currently pursuing the MMaster of Scieence degree in
n Information Technology w with a 
concentraation on Cyber Security at TThe Universityy of Texas at Saan Antonio. His current reseearch interestts are 
Secure syystem design, Forensic analyysis and Artificcial Intelligencce. 

 
ntly a Forensic Investigator aat BlackStone Discovery, loccated in Palo A
Shalabh SSaini is curren Alto, Californiaa. He 
graduated d with a Mastter's Degree in
n Cyber Security from the University of Teexas at San An ntonio where h he also 
received tthe Open Clouud Endowmen nt Fellowship ((2017) award.. He is an expeerienced forennsic expert, haaving 
worked as a Consultantt in Ernst & Yo oung, India, fo
or more than tthree years. He is certified in EnCE v7(Guiidance 
Software,, License 15‐0797) (2015), CCertified Fraudd Examiner (Association of C Certified Fraudd Examiners (A ACFE), 
License 683156) (2015)) , Certified Peenetration Tesster(Mile2, Liccense 5759 )(2
2012), and Ciscco Certified Neetwork 
Associatee. (CCNA) (20113). 

 
Thomas M McGhin is a cyyber security sstudent at thee University off Texas at San Antonio, and his research in
nterests are 
mainly in cyber securityy. 

 
Charles ZZhechao Liu reeceived his Ph..D. in management informaation systems from the Univversity of Pittssburgh. He 
is currenttly an Associatte Professor att the Universitty of Texas at San Antonio. His current reesearch intereests include 
the econo omics of information system ms and cyberssecurity, mobile apps, and d data analytics. Dr. Liu is an IC
CIS 
Doctoral Consortium Feellow and a reecipient of thee Net Institutee Research Graant and the 20 018 UTSA Colleege of 
Business Dean’s Distingguished Reseaarch Award. His research haas been published in MIS Qu uarterly, Information 
Systems R Research, Jourrnal of Managgement Inform
mation System
ms, Communicaations of the A
ACM, Communications of 
the AIS, eetc. 

 
Choo holds th
Kim‐Kwang Raymond C he Cloud Tecchnology End
dowed Professsorship at th
he Universityy of Texas 
at San Antonio, and h has a courtessy appointmeent at the Unniversity of SSouth Australlia. He is the recipient 
of ESORICS 2015 Best Paper Award, Winning Team of the Germany’s U University of 
f Erlangen‐Nu uremberg 
orensics Reseearch Challenge 2015, 20
Digital Fo 014 Highly Coommended A Award by thee Australia Neew 
Zealand Policing Advvisory Agencyy, Fulbright Scholarship inn 2009, 2008 Australia Daay Achievemeent 
Medallio omputer Society’s Wilkes Award in 20
on, British Co 008, etc. He iss also a Fello
ow of the Ausstralian 
Computeer Society, an n IEEE Seniorr Member, annd the Honorary Commander of 502n nd Air Base WWing, Joint 
Base San n Antonio‐Fort Sam Houston. 
Highlights 

1. Cracking bitcoin wallets: Multibit HD and Electrum 
2. Password exploits and a restore wallet exploit 
3. Offline brute force password attempts on Multibit HD and Electrum