17 Dec 2018

Defense Tip - Regexs for Coin Wallet Addresses

I suggest putting these in your incoming mail filters to get alerts for possible ransom attacks. The recent spat of email-based bomb threats all contained wallet addresses.

I suggest putting these in your incoming mail filters to get alerts for possible ransom attacks. The recent spat of email-based bomb threats all contained wallet addresses.

Litecoin: /^[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}/ig
Bitcoin: /^[1|3][a-km-zA-HJ-NP-Z0-9]{26,34}/ig
Ethereum: /^0x[a-fA-F0-9]{40}/ig
Monero: /^4([0-9]|[A-B])(.){93}/ig
Dogecoin: /^D{1}[5-9A-HJ-NP-U]{1}[1-9A-HJ-NP-Za-km-z]{32}/ig
Dash: /^X[1-9A-HJ-NP-Za-km-z]{33}/ig
Bitcoin Cash: /^(q|p)[A-Za-z0-9]{41}/ig
Neo: /^A[0-9a-zA-Z]{33}/ig
Ripple: /^[r][1-9a-km-zA-HJ-NP-Z]{25,35}$/ig

These may need to be adjusted depending on your platform’s regex format.

Thanks to BrakeSec Slack and a few folks on the FS-ISAC mailing list for these.