If I Had a Million Cryptos: Cryptowallet Application Analysis and a Trojan Proof-of-Concept

  • Trevor Haigh
  • Frank BreitingerEmail author
  • Ibrahim Baggili
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 259)


Cryptocurrencies have gained wide adoption by enthusiasts and investors. In this work, we examine seven different Android cryptowallet applications for forensic artifacts, but we also assess their security against tampering and reverse engineering. Some of the biggest benefits of cryptocurrency is its security and relative anonymity. For this reason it is vital that wallet applications share the same properties. Our work, however, indicates that this is not the case. Five of the seven applications we tested do not implement basic security measures against reverse engineering. Three of the applications stored sensitive information, like wallet private keys, insecurely and one was able to be decrypted with some effort. One of the applications did not require root access to retrieve the data. We were also able to implement a proof-of-concept trojan which exemplifies how a malicious actor may exploit the lack of security in these applications and exfiltrate user data and cryptocurrency.


Cryptowallet Cryptocurrency Bitcoin Coinbase Android 

Supplementary material


  1. 1.
    Batyuk, L., Herpich, M., Camtepe, S.A., Raddatz, K., Schmidt, A.-D., Albayrak, S.: Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 66–72. IEEE (2011)Google Scholar
  2. 2.
    Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: behavior based malware detection system for android. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 15–26. ACM (2011)Google Scholar
  3. 3.
    Doran, M.: A forensic look at bitcoin cryptocurrency. SANS Reading Room (2015)Google Scholar
  4. 4.
    Elennkov, N.: Unpacking android backups, June 2012.
  5. 5.
    Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar
  6. 6.
    Hoog, A.: Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Elsevier, Amsterdam (2011)CrossRefGoogle Scholar
  7. 7.
    Khatwani, S.: Top 5 biggest bitcoin hacks ever, November 2017.
  8. 8.
    Lessard, J., Kessler, G.: Android forensics: Simplifying cell phone examinations (2010)Google Scholar
  9. 9.
    Maus, S., Höfken, H., Schuba, M.: Forensic analysis of geodata in android smartphones. In: International Conference on Cybercrime, Security and Digital Forensics. (2011)
  10. 10.
    Mizrahi, A.: Hackers Steal \$400k from Users of a Stellar Lumen (XLM) Web Wallet, January 2018.
  11. 11.
    Montanez, A.: Investigation of cryptocurrency wallets on IOS and android mobile devices for potential forensic artifacts (2014)Google Scholar
  12. 12.
    Moore, J., Baggili, I., Breitinger, F.: Find me if you can: mobile GPS mapping applications forensic analysis & snavp the open source, modular, extensible parser. J. Digit. Forensics, Secur. Law 12(1), 7 (2017)Google Scholar
  13. 13.
    Narayanan, A., Bonneau, J., Felten, E., Miller, A., Goldfeder, S.: Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, Princeton (2016)zbMATHGoogle Scholar
  14. 14.
    Peterson, B.: Thieves stole potentially millions of dollars in bitcoin in a hacking attack on a cryptocurrency company, December 2017.
  15. 15.
    Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the Seventh European Workshop on System Security, p. 5. ACM (2014)Google Scholar
  16. 16.
    Shabtai, A., Fledel, Y., Elovici, Y.: Automated static code analysis for classifying android applications using machine learning. In: 2010 International Conference on Computational Intelligence and Security (CIS), pp. 329–333. IEEE (2010)Google Scholar
  17. 17.
    Swan, M.: Blockchain: Blueprint for a New Economy. O’Reilly Media Inc, Newton (2015)Google Scholar
  18. 18.
    Tapscott, D., Tapscott, A.: Blockchain Revolution: How the technology behind Bitcoin is changing money, business, and the world. Penguin (2016)Google Scholar
  19. 19.
    Van Der Horst, L., Choo, K.-K.R., Le-Khac, N.-A.: Process memory investigation of the bitcoin clients electrum and bitcoin core. IEEE. Access 5, 22385–22398 (2017)CrossRefGoogle Scholar
  20. 20.
    Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of android social-messaging applications. Digit. Investig. 14, S77–S84 (2015)CrossRefGoogle Scholar
  21. 21.
    Zhang, X., Baggili, I., Breitinger, F.: Breaking into the vault: privacy, security and forensic analysis of android vault applications. Comput. Secur. 70, 516–531 (2017)CrossRefGoogle Scholar
  22. 22.
    Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get o of my market: detecting malicious apps in official and alternative android markets. In: NDSS, vol. 25, pp. 50–52 (2012)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Trevor Haigh
    • 1
  • Frank Breitinger
    • 1
    Email author
  • Ibrahim Baggili
    • 1
  1. 1.Cyber Forensics Research and Education Group (UNHcFREG)Tagliatela College of Engineering University of New HavenWest HavenUSA

Personalised recommendations