Objective: To demonstrate the technical impact of private key exposure by automating the retrieval of all associated wallet addresses and triggering unauthorized balance checks and transactions.

1. The Vulnerability: Private Key Exposure (CWE-522)

In the blockchain ecosystem, a private key is the ultimate authority. Unlike traditional accounts with “forgot password” features, exposure of a private key or mnemonic phrase leads to a total and irreversible loss of asset control. This project demonstrates how an attacker can use a single stolen key to compromise an entire hierarchical deterministic (HD) wallet structure, identifying all historical addresses tied to a seed.

2. Technical Execution: Automated Address Harvesting

I developed a suite of forensic tools in Python to simulate an attack on exposed cryptographic identities. Using btckeygen.py and btctransact.py (available in the Tools section above), I automated the process of deriving thousands of potential public addresses from a single stolen seed, subsequently querying the blockchain to identify active balances.

ComponentValuePurpose
Attack VectorSeed/Private Key TheftThe primary entry point for the breach.
Automationbtckeygen.pyGenerates a list of all derived wallet addresses.
Exploitationbtctransact.pyTriggers balance checks and unauthorized withdrawals.
NetworkMainnet/Testnet APIUsed to verify live asset values on-chain.

3. Execution Workflow

  1. Key Ingestion: Input a compromised 12-word mnemonic or raw private key into the forensic environment.
  2. Address Derivation: Utilized the BIP44 hierarchy to generate all possible BTC/ETH addresses associated with the stolen root key via btckeygen.py.
  3. Automated Auditing: Ran a balance check script to identify which derived addresses contained active funds.
  4. Transaction Triggering: Simulated the withdrawal process with btctransact.py, demonstrating how an attacker can sign and broadcast transactions from all retrieved addresses simultaneously.

4. Evidence of Work: Terminal Execution

The following terminal output captures the live execution of btckeygen.py, demonstrating the instant derivation of multiple active Bitcoin SegWit and Legacy addresses, along with their corresponding WIF (Wallet Import Format) private keys.

wallet-addresses.txt · click to expand
$ python3 btckeygen.py --mnemonic "[REDACTED_COMPROMISED_SEED_PHRASE]"
Deriving keys using BIP44 standard...

Derived 5 BITCOIN addresses and private keys (segwit):
--------------------------------------------------------------------------------
1:
  Address:    bc1q09lkdlvyy6k8xz7z0lefs0udr5ksdadav0waj7
  PrivateKey: L16rLcpmZy5KgrHbm42UUGj9QNznjPtshDu8HNftCParPKmTekGp

2:
  Address:    bc1q00hcwwccvsggscgwnzyy2vmn0eusl6jls4hkza
  PrivateKey: L1YxArJoxzfAxWz5CbxPfxR1GiL3n6NGTYabykRxNHFbHRC5u6Cz

3:
  Address:    bc1q0xsv64y9c9ccquw0l47zm74vde3tj8c0kagpx2
  PrivateKey: Ky9HRSNKjNj57CUGvPmYpP4bKaFnRbY9u545iheq8Caq8HKgQgGw

4:
  Address:    bc1qh6gy4w5enfxmzvmgxntws3v7yjl60cqwyu6h0u
  PrivateKey: L4qH6hHDav1q7jfRhdeWiuVFRWcjJNwsNcjNBnZDHeuNdpRCB2Gb

5:
  Address:    bc1qvunte3tmw0lquq96ghpf49drmkje4pme6gdhqw
  PrivateKey: L2gPWWtfEwx1kF8iZiWZucCzy1niLVghtKcE2LWVx8jjhCkP669M

Derived 5 BITCOIN addresses and private keys (legacy):
--------------------------------------------------------------------------------
1:
  Address:    19q3KWPespyU2iNgg1n7THrksKJ3nongLJ
  PrivateKey: L3jNw6asfDRvmrq5z9djw4APqjjcHctQi8jgrxyYYZSTyTPeprEn

2:
  Address:    126bbdDewNwJQaScKfy519dbTHoeKGG7GY
  PrivateKey: L2NMhCETs38MmhME9jFNQEVVvzz3fPK8LPqRAD5wt9VAXwrR2e56

3:
  Address:    12KAAsFUDZxNLuFgnAWKzSQJPs4A63qeww
  PrivateKey: L3wtLkjJzTyPAQs3hFiZ6UtQHr1245fFDSYAezstpBn4KJiQ33G5

4:
  Address:    1McxJ76ETmggz7FTCcithNaet8no9u59zG
  PrivateKey: L5DDGRF8Gm7etmxvkpmLL3HodxsqKSqHZutKq2wGu6VsSCDvX9ht

5:
  Address:    1MZxS5FJKFKgNpDWXPCSo1yGCmax9HdgUc
  PrivateKey: KxNpHwiBARgLB7eeKMf77kpnZKgP7GXp8AkqJSqBwCxRcdtFL8Jp

5. Professional Impact

This project demonstrates a deep understanding of cryptographic key management and blockchain forensic investigation. By writing custom Python tooling to automate BIP39/BIP44 derivation paths, I proved the catastrophic impact of seed phrase exposure. To remediate this, I advocate for strict hardware wallet isolation, the use of multi-signature (multisig) architectures, and the implementation of passphrase-protected (25th word) seeds to create a robust defense-in-depth model for digital assets.