Many malware use Bitcoin wallets to retrieve hidden malicious command and control (C&C) IP addresses. However, since initial network connections point to seemingly benign Bitcoin service endpoints, investigators often struggle to understand this type of attack. We conducted a study of 100k malware and found that over 2,800 are using a Bitcoin wallet ID to find their C&C server. This wallet ID was discovered in some of our analyzed samples. The continued operation of the account corresponding to the wallet ID enables the continued proliferation of this botnet. - CyFi Lab (https://cyfi.ece.gatech.edu/).