Hacking Deterministic Bitcoin Addresses

Bitcoin’s almost 10 year lifespan so far has subjected the technology and its’ implementation to all kinds of attack and critical inquiry. Meanwhile the value of Bitcoin as a tradable instrument has also fluctuated wildly as I’m sure you already know.

I’m not here to speculate on Bitcoin’s so-called value, or the unfortunate aspects of human greed and criminality that continue to add to Bitcoin’s uncertain future, as I’m purely interested in the technical aspects of how it operates.

One of those aspects is Bitcoin’s ability to secure large amounts of value, in a decentralised network, using only cryptographic keys. The reason why this fascinates me is because humans are typically terrible when it comes to using cryptography properly.

For example, in order for “Grandma” to start using Bitcoin, what needs to change? One of the easy traps that people-who-don’t-know-better still fall into is generating Bitcoin addresses using “deterministic” methods which are far from secure.

At BSides Canberra 2018 in Australia, I presented a talk on this very subject, the slides of which are available here:

• BSidesCbr18-Hacking-Bitcoin-Slides (PDF)

Here are some resources (all written in Rust language) on Github that I used during my research.

• Rusty Blockparser – this project has been around for a while, and appears to have suffered from some neglect. It’s a rust language based tool that can convert the blk*.dat files from a Bitcoin core server into CSV files.
• btcthumper – I wrote this simple tool to enumerate through numbers and generate Bitcoin addresses; it needs a lot more work.
• file2addr – I wrote this simple tool to convert wordlists and other input data to generate Bitcoin addresses; it needs a lot more work.

Lastly, I’m happy to connect with anybody who is looking to expand on this, so feel free to get in touch with me.

Until next time, stay safe out there.