Secrets — Crypto & Blockchain

Ethereum, Bitcoin and other blockchain private keys and wallet credentials.

All rules in this category are kind secrets. They run under vulnetix secrets and the secrets stage of vulnetix scan.

Rule ID	Name	Severity	Detection
VNX-SEC-652	Bitcoin WIF private key	Critical	keyword + regex
VNX-SEC-653	BIP39 mnemonic seed phrase	Critical	keyword + regex
VNX-SEC-654	Solana keypair byte array	Critical	keyword + regex
VNX-SEC-655	Tron (TRX) private key	Critical	keyword + regex
VNX-SEC-656	Infura project ID	Medium	keyword + regex + entropy
VNX-SEC-657	Infura project secret	High	keyword + regex + entropy
VNX-SEC-658	Alchemy auth token (alcht_)	High	keyword + regex
VNX-SEC-659	Alchemy API key	High	keyword + regex + entropy
VNX-SEC-660	QuickNode API token	High	keyword + regex + entropy
VNX-SEC-661	Moralis API key	High	keyword + regex + entropy
VNX-SEC-662	Etherscan API key	Medium	keyword + regex + entropy
VNX-SEC-663	BscScan API key	Medium	keyword + regex + entropy
VNX-SEC-664	PolygonScan API key	Medium	keyword + regex + entropy
VNX-SEC-665	Blockchain.com API key	High	keyword + regex
VNX-SEC-666	Coinbase Wallet API secret	Critical	keyword + regex + entropy
VNX-SEC-667	Binance API key	Critical	keyword + regex + entropy
VNX-SEC-668	Binance API secret	Critical	keyword + regex + entropy
VNX-SEC-669	Kraken API key	Critical	keyword + regex + entropy
VNX-SEC-670	Kraken private API key	Critical	keyword + regex + entropy
VNX-SEC-671	Bitfinex API key	Critical	keyword + regex + entropy
VNX-SEC-672	Tatum API key	High	keyword + regex
VNX-SEC-673	thirdweb secret key (sk_)	High	keyword + regex + entropy
VNX-SEC-674	WalletConnect project ID	Medium	keyword + regex + entropy
VNX-SEC-698	BscScan/Etherscan-family multichain key (V2)	Medium	keyword + regex + entropy
VNX-SEC-699	Coinbase API key (organizations/ EC key name)	High	keyword + regex
VNX-SEC-700	Ethereum keystore JSON (V3 wallet)	High	keyword + regex
VNX-SEC-706	Bitcoin testnet WIF private key	Medium	keyword + regex
VNX-SEC-707	Solana base58 secret key	Critical	keyword + regex + entropy
VNX-SEC-708	Helius API key	High	keyword + regex
VNX-SEC-713	OKX API passphrase	Critical	keyword + regex + entropy
VNX-SEC-714	OKX API secret	Critical	keyword + regex + entropy
VNX-SEC-715	Bybit API key	Critical	keyword + regex + entropy
VNX-SEC-716	Bybit API secret	Critical	keyword + regex + entropy
VNX-SEC-717	Gemini exchange API key (account-/master-)	Critical	keyword + regex + entropy
VNX-SEC-718	Dune Analytics API key	Medium	keyword + regex + entropy
VNX-SEC-719	Pinata JWT (IPFS)	High	keyword + regex
VNX-SEC-724	Coinbase Commerce API key	High	keyword + regex
VNX-SEC-725	Ankr API key	Medium	keyword + regex + entropy
VNX-SEC-733	Bittrex/legacy exchange API secret	High	keyword + regex + entropy
VNX-SEC-734	KuCoin API passphrase	Critical	keyword + regex + entropy
VNX-SEC-735	CoinMarketCap API key	Medium	keyword + regex
VNX-SEC-981	Coinbase CDP API key ID (organizations path)	High	keyword + regex
VNX-SEC-982	Coinbase CDP EC private key (PEM, assignment)	Critical	keyword + regex + entropy
VNX-SEC-983	Kraken API secret (base64 private key)	Critical	keyword + regex + entropy
VNX-SEC-984	Gemini API secret (master/account secret)	Critical	keyword + regex + entropy
VNX-SEC-985	KuCoin API key	High	keyword + regex + entropy
VNX-SEC-986	KuCoin API secret (UUID)	Critical	keyword + regex + entropy
VNX-SEC-987	OKX API key (UUID)	High	keyword + regex + entropy
VNX-SEC-988	Bitstamp API key	High	keyword + regex + entropy
VNX-SEC-989	Bitstamp API secret	Critical	keyword + regex + entropy
VNX-SEC-990	Gate.io API key	High	keyword + regex + entropy
VNX-SEC-991	Gate.io API secret	Critical	keyword + regex + entropy
VNX-SEC-992	Crypto.com Exchange API key	High	keyword + regex + entropy
VNX-SEC-993	Crypto.com Exchange API secret	Critical	keyword + regex + entropy
VNX-SEC-994	Huobi/HTX API key	High	keyword + regex + entropy
VNX-SEC-995	Huobi/HTX secret key	Critical	keyword + regex + entropy
VNX-SEC-996	MEXC API key	High	keyword + regex + entropy
VNX-SEC-997	MEXC API secret	Critical	keyword + regex + entropy
VNX-SEC-998	Deribit client ID	High	keyword + regex + entropy
VNX-SEC-999	Deribit client secret	Critical	keyword + regex + entropy
VNX-SEC-1000	dYdX API key (UUID)	High	keyword + regex + entropy
VNX-SEC-1001	dYdX API secret	Critical	keyword + regex + entropy
VNX-SEC-1002	Fireblocks API key (UUID)	Critical	keyword + regex + entropy
VNX-SEC-1003	Fireblocks API secret (RSA private key)	Critical	keyword + regex + entropy
VNX-SEC-1004	BitGo access token (v2x)	Critical	keyword + regex
VNX-SEC-1005	Anchorage API key (assignment)	Critical	keyword + regex + entropy
VNX-SEC-1006	Circle USDC API key (live)	Critical	keyword + regex
VNX-SEC-1007	Chainalysis API key (assignment)	High	keyword + regex + entropy
VNX-SEC-1008	TRM Labs API key (assignment)	High	keyword + regex + entropy
VNX-SEC-1009	web3.storage API token (legacy JWT, assignment)	High	keyword + regex + entropy
VNX-SEC-1010	Pinata API key (legacy, assignment)	High	keyword + regex + entropy
VNX-SEC-1011	Pinata API secret (legacy, assignment)	Critical	keyword + regex + entropy
VNX-SEC-1012	NFT.storage API token (JWT, assignment)	High	keyword + regex + entropy
VNX-SEC-1013	Crossmint API key (server-side)	Critical	keyword + regex
VNX-SEC-1014	Binance API secret (assignment, alt context)	Critical	keyword + regex + entropy
VNX-SEC-1015	Bybit API secret (assignment, alt context)	Critical	keyword + regex + entropy
VNX-SEC-1016	KuCoin API secret (passphrase-paired, alt context)	Critical	keyword + regex + entropy
VNX-SEC-1017	Bitfinex API secret (assignment, alt context)	Critical	keyword + regex + entropy

Remediation

Rotate any exposed credential immediately, remove it from source, and load it from a secrets manager or environment variable instead. Purge it from git history with git filter-repo. See CWE-798 and the OWASP Secrets Management Cheat Sheet.