Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: BTC Pickpockets - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
BTC Pickpockets

I observed requests to my webserver to retrieve Bitcoin wallet files:

The files they are looking for are:

wallet - Copy.dat

I've seen a couple of such request a couple of years ago, but it's the first time I see that many. The first time I observed this was late 2013, in the middle of the first big BTC price rally.

Please post a comment if you observed similar requests.

Didier Stevens
Microsoft MVP Consumer Security


652 Posts
ISC Handler
Nov 18th 2017

Sign Up for Free or Log In to start participating in the conversation!