---
name: extract_crypto_wallets
kind: function
lang: py
domain: cybersecurity
version: "1.0.0"
purity: pure
signature: "def extract_crypto_wallets(text: str) -> list[dict]"
description: "Extrae direcciones BTC (legacy P2PKH/P2SH + bech32) y ETH (0x + 40 hex) de un texto, con offsets y `asset` indicando la moneda. Validacion estructural por regex — no checksum."
tags: [ioc, crypto, btc, eth, wallet, bitcoin, ethereum, regex, extract, cybersecurity, python]
uses_functions: []
uses_types: []
returns: []
returns_optional: false
error_type: ""
imports: [re]
params:
  - name: text
    desc: "string de texto del que extraer wallets"
output: "lista de dicts con {value, start, end, type='crypto_wallet', asset} por cada direccion encontrada"
tested: true
tests:
  - "BTC legacy (P2PKH y P2SH)"
  - "BTC bech32 (segwit)"
  - "ETH 0x + 40 hex"
test_file_path: "python/functions/cybersecurity/tests/test_extract_iocs.py"
file_path: "python/functions/cybersecurity/extract_crypto_wallets.py"
---

## Ejemplo

```python
extract_crypto_wallets("Send to 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa or 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb1")
# [{"value": "1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa", ..., "asset": "btc"},
#  {"value": "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb1", ..., "asset": "eth"}]
```

## Notas

BTC legacy: empieza por `1` o `3`, base58 (sin 0/O/I/l), 26-35 chars. BTC bech32: prefijo `bc1`, alfabeto bech32. ETH: `0x` + 40 hex case-insensitive. No se valida checksum — un agente que requiera validacion completa debe correr base58check / EIP-55 sobre los `value` retornados.