Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
I wrote a small educational demo in Python. This tool demonstrates just how easy it is to scan for plain text seeds (in other words, seeds that aren't encrypted). My demo is a small library and UI for testing out and showing this concept, and can also be combined with code that would, for example, exfiltrate stolen seeds and store them in an attacker's database. Scanning for the seed is fairly simple - using regular expressions (a common programming tool) to search files on disk. Obviously, don't use the seeds shown in this demo as anyone could steal your coins.
I wrote a small educational demo in Python. This tool demonstrates just how easy it is to scan for plain text seeds (in other words, seeds that aren't encrypted). My demo is a small library and UI for testing out and showing this concept, and can also be combined with code that would, for example, exfiltrate stolen seeds and store them in an attacker's database. Scanning for the seed is fairly simple - using regular expressions (a common programming tool) to search files on disk. Obviously, don't use the seeds shown in this demo as anyone could steal your coins.
Real malware exists that can execute these sorts of attacks, or other attacks like clipboard hijacking. Attackers have also compromised weak passphrases on encrypted password managers, such as those exposed in the LastPass vault breach.