127
128

Can the owner of 13Yk7NTC64VEfrBL9KE2NNHDrorcJ3SQbz please get in touch with me? I cracked your private key. (self.Bitcoin)

rya_nc 投稿

I don't really expect this to work, but stranger things have happened. The value in this address is a bit too high for me to believe it's intended as "there for the taking" or anything like that. If it's your address, please move your coins and let me know.

For anyone concerned by my post, the key for this address was created in an extremely uncommon nonstandard way, so there's no need to worry.

Edit: For those who don't know, I'm the guy who talked about brainwallet cracking at DEFCON a year and a half ago. I don't want to touch this person's coins for legal reasons, and I'm not going to elaborate on the nature of this address while it's got a balance. If the reddit post doesn't work for notifying this person I'll try other options.

全 171 件のコメント
並べ替え:
ベスト
トップ新着論争中古い順Q&A

[–]Tikolai_Neslaredditor for 11 days 44 ポイント45 ポイント  (18子コメント)

For everyone else that is wondering the balance is 0.64 btc.

[–]Nooku 9 ポイント10 ポイント  (2子コメント)

Oh, then it can't be me.

[–]TexasSteve3452345 5 ポイント6 ポイント  (1子コメント)

Only got tree fitty worth of bitcoin in my wallet :(

[–]Eclectiqque 2 ポイント3 ポイント  (14子コメント)

How come two people know his balance?

[–]btcraptor 16 ポイント17 ポイント  (10子コメント)

the balance of any btc address is public info: https://www.blocktrail.com/BTC/address/13Yk7NTC64VEfrBL9KE2NNHDrorcJ3SQbz

[–]Eclectiqque 1 ポイント2 ポイント  (1子コメント)

Thank you!

[–]zuchit 1 ポイント2 ポイント  (4子コメント)

how does this site can track mentions of this btc address on internet?

If you look at mentions tab, you can see this reddit post linked there. How?

[–]ShadowKCt 2 ポイント3 ポイント  (1子コメント)

When you click a link, the destination site can see the "referrer" URL (the URL of the previous page). Your browser sends this. Blocktrail.com is likely looking at this field and listing it there any time someone visits a page from a new referrer.

[–]zuchit -1 ポイント0 ポイント  (0子コメント)

Okay, that sounds like a reasonable explanation. I was wondering how it was possible for a regular website to have "google" like indexing on mentions of a random string address in internet.

thanks.

[–]pazak -2 ポイント-1 ポイント  (1子コメント)

lol, dude! It is a public ladger! Any address registered in block chain, is available for audit for everyone. However nobody knows whom does this address belongs to. I doubt that the owner knows that this is his address until he checks it :D

[–]zuchit 2 ポイント3 ポイント  (0子コメント)

looks like you didn't get what i was referring to.

If you look at mentions tab, you can see this reddit post linked there.

[–]Eclectiqque 1 ポイント2 ポイント  (0子コメント)

so correct me if I'm wrong please.

that's why with every transaction you get a new address, right? and ideally you use the new one every time in order not to give someone access to this kind of information, right?

[–]initeraserredditor for 7 days 0 ポイント1 ポイント  (1子コメント)

here is a little graph that links that address to bitstamp https://www.blockseer.com/g/nv4k515bOprxp

[–]rya_nc[S] 0 ポイント1 ポイント  (0子コメント)

Thanks for that. I sent a message to bitstamp asking them to contact whoever made the withdrawal.

[–]Tikolai_Neslaredditor for 11 days 0 ポイント1 ポイント  (0子コメント)

Bitcoin is like a public ledger; anyone can know your balance as long as they have the wallet address. To access funds within that wallet address you must possess the encrypted private key.

[–]PokemonGoArenaredditor for 1 month 0 ポイント1 ポイント  (0子コメント)

You can also know using any block explorer https://blockchain.info/address/13Yk7NTC64VEfrBL9KE2NNHDrorcJ3SQbz

[–]Omaha_Poker 90 ポイント91 ポイント  (11子コメント)

Ah I was looking for those. Definitely my Bitcoin as I remember sending it on the 4th of October. I can't find the keys just now (moving back to Nigeria) and I think we packed the USB in the box to be shipped. They are definitely mine and I was just waiting for a kind soul like you to post on reddit alerting me to the issue. If you can send them asap then I can still help you get some of my unkles tied up millions. He was the Prince until he went to American for business and the FBI illegally stole him for themselves and put him in a prison because American doesn't have a prince and they want one. Oh and here is where the funds need to come back to thank you. 15JdKxYqFh8ZHkuW4sbuvbHpFToCGepgeT

[–]minusa 36 ポイント37 ポイント  (4子コメント)

Nigerian here. You give the scammers too much credit.

Needs more grammatical errors.

[–]JimmerUK 7 ポイント8 ポイント  (1子コメント)

Fun fact: The multiple grammatical and spelling errors in 419 emails are deliberate. It's a pre-qualifier for stupid people.

[–]jhamel2 1 ポイント2 ポイント  (0子コメント)

I know, that's amazing

[–]Omaha_Poker 2 ポイント3 ポイント  (1子コメント)

So unkle wasn't good enough?

[–]BitttBurger 14 ポイント15 ポイント  (3子コメント)

Seems legit. Sending you another 0.6 BTC for honesty and a gripping story.

[–]PM__ME__BITCOIN 3 ポイント4 ポイント  (2子コメント)

Well if that's all it takes, I'm also a nigerian prince. Absolutely. I just have this issue where I need you to give me 2 btc to cover the transaction fees in order that I can transfer 8,000,000 btc to america. My family faces unjust prosecution by the government here and will be in touch to give you 10% of the amount in gratitude for enabling us to seek asylum there.

I want thank you very much for this opportunity to meet you.

[–]TokeyWakenbaker 1 ポイント2 ポイント  (1子コメント)

And your dad, the king, just died. Don't forget the king just died.

[–]Omaha_Poker 6 ポイント7 ポイント  (0子コメント)

I can't mention that the king died. It's too upsetting for me.

[–]DanielPox 6 ポイント7 ポイント  (0子コメント)

This is trustworthy. +1

[–]pazak 0 ポイント1 ポイント  (0子コメント)

:D Nice one !

[–]dpc_pw 31 ポイント32 ポイント  (6子コメント)

Just move the money with some email address in the transaction message or something. If you were able to guess it, someone less nice than you will be able too.

[–]chrisrico 3 ポイント4 ポイント  (5子コメント)

There is no transaction message stored in the blockchain.

[–]Sigals 5 ポイント6 ポイント  (1子コメント)

You can encode it using OP_RETURN.

[–]SatoshisCat 1 ポイント2 ポイント  (0子コメント)

As another output yes, you can absolutely not send bitcoins to an address with OP_RETURN in the scriptPubKey.

[–]Inaltoasinistra 5 ポイント6 ポイント  (2子コメント)

transaction message

You can add messagges to txs

[–]bpj1805 5 ポイント6 ポイント  (1子コメント)

You can also add them by sending me an email and I'll record them in the little notebook that's on the top shelf of my living room cupboard.

[–]itsmeur2017redditor for 15 days 0 ポイント1 ポイント  (0子コメント)

Really? You would do that..? For.. me??

[–]AnalyzerX7 17 ポイント18 ポイント  (1子コメント)

This is a very ethical thing for you to do, always nice to see people doing the right thing by other people :-)

Probably best if you move the money to a secure address in the interim - wait for the owner to prove it is indeed their address then move the funds to another address of their choosing (hopfully more secure)

[–]snyrk 2 ポイント3 ポイント  (0子コメント)

I agree with the ethics... but why move it?

If the address is an easy-to-crack brain wallet, then an attacker can acquire the private key. Thus the attacker looks no different than the initial creator.

So you move the funds, and wait for someone to show he is the owner by signing something on the cracked account... how will you know it is the owner and not an attacker? His signature is the same as the original owner.

They only real "proof of ownership" that is reasonable is if the original owner coughs up a signature in a (significantly) shorter amount of time than it took OP to break the key.

Sadly, I don't see a cryptographically sound way to ensure the funds end up with the right owner.

[–]agentf90 4 ポイント5 ポイント  (3子コメント)

13Yk7NTC64VEfrBL9KE2NNHDrorcJ3SQbz

[–]nopara73 11 ポイント12 ポイント  (2子コメント)

Let's feed the lazy more :p
13Yk7NTC64VEfrBL9KE2NNHDrorcJ3SQbz

[–]agentf90 7 ポイント8 ポイント  (0子コメント)

thanks. was waiting for someone to carry the torch

[–]o0splat0o 2 ポイント3 ポイント  (0子コメント)

MVP right there

[–]GuessWhat_InTheButt 7 ポイント8 ポイント  (1子コメント)

How did you crack it?

[–]allyougottado 19 ポイント20 ポイント  (0子コメント)

Likely a poor brain wallet

[–]TwiddleTwiggs 5 ポイント6 ポイント  (0子コメント)

I think that now you have identified a vulnerable wallet on the network, the BTC should be moved into a new wallet in the finders control. This supports the goal of securing & returning the funds.

Doing this further prevents the potential for future crackers to target the wallet, as the vulnerability is now know.

The issue then becomes whether the original wallet holder will happen to look and see if a message was stored on the blockchain, associated with the transaction. Perhaps this is a good opportunity for us to establish a little hand-gesture we can use?

If we move funds from the Original wallet (a), into our own wallet (b) - before returning them to (a), and finally again moving into the secure wallet, (b). We can attempt to signal to the original owner that something unusual has happened.

When looking at the wallets balance, I think it's somewhat likely that a person expecting to find BTC, will notice the unusual movements when they see the amount they are missing at first left their wallet, returned for a moment, and was moved again. An oddity.

If we could move for this to be a standard flagging indicator, it offers more than the opportunity to readily identify an indicator of a message.

If an individual or group controlled multiple wallets of their own, (removing the priate key compromise component of the above) they could freely do this indicator to broadcast to the network that the transaction contains content, without the need to also share through another communication means.

Searching the network for these occuraces would identify instances where someone wishes to publically broadcast to the network that their transaction contains a message. This would be as opposed to the current means where we do the opposite, broadcasting publically/online that a message contains content. It could be a way to ping the strangers of the network to have a look if their curiosity takes them. Great potential for treasure hunts.

[–]_jstanley 5 ポイント6 ポイント  (6子コメント)

Bitcoin deanonymisation attack: Announce that you have cracked the victim's private key and they must get in contact with you to make sure their funds are safe.

OP: if you've really cracked this key, steal 1 satoshi to prove it.

[–]DanSantos 0 ポイント1 ポイント  (3子コメント)

But what about fees?

[–]martindevans 1 ポイント2 ポイント  (2子コメント)

Just send it with no fees. Surely the transaction doesn't actually have to happen, it just needs to get transmitted to the network (where anyone can check it's validity for themselves)?

[–]_jstanley 3 ポイント4 ポイント  (1子コメント)

For that matter, simply signing a message should be sufficient (although a little more complicated to verify), since sending a transaction is really just signing a special message.

[–]prophetx10 0 ポイント1 ポイント  (0子コメント)

Why would they need to do that? He hasn't moved the funds...

[–]6nf 8 ポイント9 ポイント  (9子コメント)

Move one statoshi to alert the owner that he's pwned, he will move the rest asap

[–]Sukrim 8 ポイント9 ポイント  (2子コメント)

Yeah I check contents of my paper wallet every hour at least.

[–]6nf 0 ポイント1 ポイント  (0子コメント)

Blockchain.info will alert you if your paper wallet funds move. Just add a 'watch only' address.

[–]Xearoii 0 ポイント1 ポイント  (0子コメント)

what why

[–]1609344 5 ポイント6 ポイント  (0子コメント)

Yes I imagine their bitcoin movement alert siren will be activated.

[–]robzonpl 0 ポイント1 ポイント  (4子コメント)

This is probably the best way to start. Most people would just assume their Bitcoin got stolen if all funds were moved to a different place and not even bother to look for posts like these. Moving a tiny amount might alert the owner that something is wrong and prompt them to take action.

[–]itsmeur2017redditor for 15 days 0 ポイント1 ポイント  (3子コメント)

Wouldn't that still be illegal?

[–]gamedevelopersguild 1 ポイント2 ポイント  (1子コメント)

Yeah, but you know. If you spend 12 cents to tell someone their Bitcoins are insecure, they might not rat you out.

[–]itsmeur2017redditor for 15 days 0 ポイント1 ポイント  (0子コメント)

Risky

[–]robzonpl 0 ポイント1 ポイント  (0子コメント)

I have no clue.

[–]glockbtc 8 ポイント9 ポイント  (0子コメント)

You should move it

[–]MrVodnik 2 ポイント3 ポイント  (2子コメント)

Move it to new address, and please, share what the owner did wrong. What kind of mistake did he do?

[–]bpj1805 0 ポイント1 ポイント  (0子コメント)

Only share it after the owner has been able to identify themselves. They can only do that by signing a message with the private key. For as long as apparently only two people have the private key, this is the best hope of identifying the rightful owner. Once we find out what the owner did wrong, all bets are off.

[–]Thireus 0 ポイント1 ポイント  (0子コメント)

So that everyone can generate the private key and claim they are the owner. Brilliant. :)

[–]forgoodnessshakes 6 ポイント7 ポイント  (4子コメント)

Before everyone panics, bitcoin has not been cracked. Someone has guessed a weak passphrase that was used to generate a wallet.

Either that or someone has used a quantum computer to crack modern cryptography. In which case - PANIC!!!

[–]Pretagonist 2 ポイント3 ポイント  (0子コメント)

if that was the case I would have gotten my hands on some sweet satoshi original addresses and reaped the fame of pretending to be him, spent a lot of money, invested in a very well armed ship and shitloads of survival and rare metals and then released my hack and watch the entire cryptographically secured world crash and burn.

And then panic... =)

[–]Thireus 0 ポイント1 ポイント  (0子コメント)

Bitcoin has not been cracked. Its implementation on numerous poorly developed Bitcoin wallets is.

[–]itsmeur2017redditor for 15 days 0 ポイント1 ポイント  (0子コメント)

The OP explained it fine. There is no panic..

[–]ZobraS 2 ポイント3 ポイント  (0子コメント)

move it and leave a note. They probably won't notice any other way.

[–]jaumenuez 6 ポイント7 ポイント  (2子コメント)

You should said

I craked guessed your brain wallet private key

[–]shadowofashadow 1 ポイント2 ポイント  (1子コメント)

Semantics? Is brute forcing cracking or guessing or both?

[–]1609344 -1 ポイント0 ポイント  (0子コメント)

Brute forcing is just guessing a lot of times.

[–]Fiach_Dubh 1 ポイント2 ポイント  (7子コメント)

this is an interesting case, couldn't we send a message to the owner of this address somehow?

maybe with a vanity generated address?

EXAMPLE:

1these124kj243hg1234g234gh1234ghk7

1funds5j2345hbh2345h3l4jk5h23l45hjl2h

1arent123h234hjk2143hjkl23hjh23j41hj4

1safe1jh234hj3hj4khj3k4h3jk4k234khjh4

1MOVEasdfsdfhsadfhshdfhasfhdsfhsdfhhfsd

1THEM0dkdfkdkskak23h4hn3n3nn3n3n3nn

[–]maaku7 5 ポイント6 ポイント  (5子コメント)

And permanently bloat the blockchain in the hope that he looks at "from" addresses?

[–]Bag_Holding_Infidel 5 ポイント6 ポイント  (0子コメント)

And permanently bloat

Don't use bitcoin folks. It bloats the blockchain

[–]WildFireca 7 ポイント8 ポイント  (1子コメント)

If you told the guys that invented the Internet that we would be streaming Netflix in 55 years they would think you're crazy.

[–]redditHi 0 ポイント1 ポイント  (0子コメント)

I haven't real the term "you're a waste of bandwidth" in 20 years lol

[–]1MBFOREVERredditor for 7 days 0 ポイント1 ポイント  (1子コメント)

NO NO YOU MUSTN'T BLOAT MY PRECIOUS HARDDRIVE!

Maybe we should raise the max_block_size?

[–]SoCo_cpp 0 ポイント1 ポイント  (0子コメント)

My hard drive uses 4096-byte sectors so it can handle 4MB blocks more efficiently then 1MB.

[–]SoCo_cpp 1 ポイント2 ポイント  (0子コメント)

The laughably worst way to put a message on the block chain comes full circle.

[–]nopara73 1 ポイント2 ポイント  (5子コメント)

How about an op return message to the address?

[–]initrcredditor for 1 month 0 ポイント1 ポイント  (4子コメント)

Why bother making it op return?

[–]nopara73 1 ポイント2 ポイント  (3子コメント)

How else can you add data to the blockchain?

[–]bitcoinfinder -1 ポイント0 ポイント  (2子コメント)

add a comment in a block explorer

[–]Inaltoasinistra 2 ポイント3 ポイント  (1子コメント)

Why someone should go on the (right) block explorer to look at him addresses?

[–]3_Thumbs_Up 0 ポイント1 ポイント  (0子コメント)

It's fairly likely that someone might do that if they realize they lost the funds.

The correct answer is to do both though. Use op return and leave a message on the biggest block explorers.

[–]sroose 1 ポイント2 ポイント  (2子コメント)

How did you crack them?

[–]MVWeissredditor for 7 days 1 ポイント2 ポイント  (0子コメント)

It's me, please send me all the Tree-Fiddy BTC. I'm nigeriam prince who will double my investment, this happened because the president king and sultan of my country stole my priceless BTC wallet for jealousy reasons.

Am i doing it rite. xD

(Not Srs)

[–]AnonymousRev 7 ポイント8 ポイント  (0子コメント)

sign a message with the key or your just full of shit.

[–]grnqrtr 0 ポイント1 ポイント  (0子コメント)

It's it a brainwallet?

[–]jkfsu 0 ポイント1 ポイント  (4子コメント)

How much is in there?

[–]zappadoing 0 ポイント1 ポイント  (0子コメント)

some graphical details where they come from: https://www.blockseer.com/transactions/4a8eaae0120bdbcca79ee31255606cb4002462f95e375d34d52af38de870bf91/graph

I labled it with this post

[–]awkward_pause_ 0 ポイント1 ポイント  (14子コメント)

How can someone crack a private key?

Is a public address enough to do this? This should not be possible right?

[–]Thireus 1 ポイント2 ポイント  (0子コメント)

Public keys derivate from private keys. You just have to generate private keys and calculate their associated public keys, then crosscheck with existing public keys (the ones in the blockchain were existing coins moved to).

Only issue with this is that approach is that:

Nearly every 256-bit number is a valid ECDSA private key. Specifically, any 256-bit number from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 is a valid private key.

https://en.bitcoin.it/wiki/Private_key

That makes too many possibilities to try. And you'll have more chance to win the national lottery 10 times in a row than stumbling upon a private key associated to an address that's already been used. Unless you generate the private key not that randomly with some random number generator algorithms that can be guessed, such as a stupid random generator that outputs 0x1 0x2 0x3... as "random" numbers for your private key. People with the right knowledge will just try to find out addresses associated with private keys that were generated with bad random number generators.

You can play around with http://directory.io/ if you're still not convinced.

[–]santa_snickers 0 ポイント1 ポイント  (0子コメント)

Probably a weak brain wallet or an easy passphrase being used to generate the private key.

[–]Jiten 0 ポイント1 ポイント  (11子コメント)

If the key is created properly, then it's so extremely unlikely that you can consider it impossible in practise. If the key is chosen in a way that helps with guessing it, though, then it's more of a wonder if no-one guesses it.

The only way to be sure that the key is secure is to have it be properly randomized. Some people take this to the extreme of creating their keys by manually throwing a dice hundreds of times. Theoretically 100 throws is enough for a "perfect" random for a 256bit bitcoin private key, but that's only if the dice is perfectly balanced. (a regular 6-sided dice throw theoretically has ~2.585 bits of entropy if the dice is perfectly balanced.)

Others have spent hours shuffling a deck of cards and then eventually used the order of the cards for the key. (In this case the deck can function as a backup, if you somehow ensure the order of the cards will not be touched.)

The TL;DR is basically that any parts of the key that you choose with the aim to help you remember it will compromise the security of the key much much more than it'll help you in remembering it.

[–]awkward_pause_ -3 ポイント-2 ポイント  (10子コメント)

So someone can use my public key to guess my private key if it was weak?

Here is the particular example. I use electrum and it generates the 12 word seed in the beginning. If someone knows my public key (since it is public, it is possible right?), they can find their way to the seed? I mean, that is theoretically possible?

[–]_jstanley 2 ポイント3 ポイント  (2子コメント)

A much more practical attack is to generate tons of private keys, in insecure ways, and see if a corresponding public key appears on the blockchain.

The only "theoretically possible" way to work backwards from a public key to a private key is to iterate over the space of all private keys and find the one that matches your public key. Any improvement on that would mean the cryptography involved is broken.

[–]rya_nc[S] 1 ポイント2 ポイント  (1子コメント)

It's possible to find the private key for a given public key much faster than brute force. In general, the security factor of a 2n bit key is 2n/2. This doesn't mean it's broken, but doing significantly better than that would. A 112 bit key was cracked in 2009 by an academic group with over 200 Playstation 3 consoles. For comparison Bitcoin uses 256 bit keys, which are about a billion trillion times stronger than that.

[–]1609344 0 ポイント1 ポイント  (5子コメント)

Everyone knows everyone's public key - that's what a bitcoin address is. The security of bitcoin rests on not being able to derive private keys from public keys.

In summary - you're fine. And if you're screwed, we're all screwed.

[–]dooglus 2 ポイント3 ポイント  (1子コメント)

Everyone knows everyone's public key - that's what a bitcoin address is

That's not the case. Bitcoin addresses are (RIPEMD) 160 bit hashes of public keys. It's not possible in general to obtain a public key if you only know the Bitcoin address.

In order to spend from a Bitcoin address the sender has to publish their public key, but not until then.

[–]1609344 0 ポイント1 ポイント  (0子コメント)

Thank you I stand corrected!

[–]awkward_pause_ 0 ポイント1 ポイント  (1子コメント)

Thank you.

The way the post is titled, it seems as if OP used the public key to crack private key. That was really a scary read at first sight.

[–]Jiten 0 ポイント1 ポイント  (0子コメント)

If someone had a way to go straight from public key to private key, it'd be front page news on every news outlet everywhere. That's how big it'd be. Bitcoin would be devastated, but the damage would be felt much wider than that.

The only viable attack in this space is to generate every weak private key you can think of and then watch their bitcoin-addresses for coins. So basically, if your private key is something someone else might come up with using the same logic, it's weak, don't use it.

Just keep in mind that the danger is not from random someones just happening to pick the same private key. There are people out there who're working full time figuring out every possible way to come up with a weak private key and automating their generation and then grabbing any coins they find. They're probably watching billions of weak addresses all the time. Although, that's probably the upper limit of what makes sense to keep watch on. It gets pretty expensive in terms of hardware to expand from there.

(just to convey the sense of scale here. The number of bitcoin private keys possible is a number with 78 digits. Billion is a number with 10 digits. )

[–]Viitis 0 ポイント1 ポイント  (0子コメント)

Bitcoin address is a hash of a public key plus some other info. Public keys are only revealed when you spend coins.

[–]monkyyy0 -1 ポイント0 ポイント  (0子コメント)

So someone can use my public key to guess my private key if it was weak?

No, but thats like saying are people airn't using fbi data bases to break into a your storage unit with a cheap lock; it has nothing to do with the fbi and everything to do with the cheap lock

[–]cqm 0 ポイント1 ポイント  (0子コメント)

You should move it, there's nothing novel about this, used to happen all the time

[–]Carlscrazyidea 0 ポイント1 ポイント  (0子コメント)

u should move the money then post here.

[–]IllusionDestroyer666 0 ポイント1 ポイント  (1子コメント)

I'm glad that I don't run into money like that because i'd be so tempted to spend what is not mine and of course will be morally questionable which I honestly prefer not to be so that I can keep my zen and innocence <3

[–]rya_nc[S] 1 ポイント2 ポイント  (0子コメント)

I cracked one with 250 BTC in it a few years ago when the exchange rate was about $70 USD/BTC. Actually managed to track down the owner of that one and made sure they moved their coins safely. It's not always so easy to track people down, though.

[–]itsmeur2017redditor for 15 days 0 ポイント1 ポイント  (3子コメント)

Its not me because the balance is different but how could I check if it was me?

[–]ttaurus 1 ポイント2 ポイント  (2子コメント)

Which wallet software do you use? Wallets like Electrum or BitcoinCore can show you your addresses, others won't.

[–]K_rey 0 ポイント1 ポイント  (1子コメント)

Sorry, I'm rusty at BTC...

If a wallet didn't show your address(es), how would you give them out to receive coins? I use electrum, thought all wallets would be similar

[–]ttaurus 1 ポイント2 ポイント  (0子コメント)

For privacy and security reasons you should only use an address once. So ideally a wallet app will give you a new address each time you want to receive coins. Addresses which received coins in the past will be hidden and only the total balance of all addresses is shown.

Edit: I thought my wallet app on Android (Bitcoin/Schildbach) does this (hiding of addresses), but it just lacks a nice overview of all addresses.

[–]Presserenredditor for 1 month 0 ポイント1 ポイント  (0子コメント)

could be me but i'm not too sure

[–]throwsitawayplsredditor for 2 months 0 ポイント1 ポイント  (0子コメント)

This address was sent to at 4a EST. So probably not someone in the US. The change from the previous transaction contain a lot of binary values.

[–]MertsA 0 ポイント1 ポイント  (1子コメント)

You could always send a tiny amount to that address and then move that same tiny amount out of their address. You would only move "your" coins but that ought to send a pretty clear message to them if they see the tx.

[–]rya_nc[S] 1 ポイント2 ポイント  (0子コメント)

The last time I tried that, I screwed it up, and even once I fixed it the owner somehow didn't realize there was a problem.

[–]sporabolic 0 ポイント1 ポイント  (0子コメント)

if you move a tiny fraction of it they will get an alert and freak out and sweep the keys

like move 1$, just so they hopefully notice

[–]mrbearbear 0 ポイント1 ポイント  (3子コメント)

I'm honestly believing who ever it was either forgot about it, or lost it.

[–]0Fucs2Give 0 ポイント1 ポイント  (1子コメント)

Don't mean to sound like that guy...

I have so many paperwallets, and offline wallets that have been in cold storage for years.

Does everyone know all their public keys?

I definitely do not

[–]Thireus 0 ポイント1 ポイント  (0子コメント)

I'm not sure you want to know if the coins are still there or not. Knowing they are gone will usually not help to get them back and will put you in a very bad mood.

[–]no_face 0 ポイント1 ポイント  (0子コメント)

You can move the coins to the same address. This will kill the age on it, but will prove to the owner they need to move it.

[–]bitcoinxbt 0 ポイント1 ポイント  (0子コメント)

o.o

[–]_CapR_ 0 ポイント1 ポイント  (0子コメント)

but stranger things have happened

First thought that popped in my mind.

[–]eraof9 0 ポイント1 ポイント  (4子コメント)

This makes me feel unsafe as a newcomer. Could someone explain what is going on here?

I am happy that some people in this community are willing to not take whatever they can find since it is so easy, but what possible mistakes did the owner do to deserve this?

[–]mrs_fatal 0 ポイント1 ポイント  (0子コメント)

Study this video and you will learn it.

https://www.youtube.com/watch?v=foil0hzl4Pg

[–]HitMePat -1 ポイント0 ポイント  (0子コメント)

People generate wallets and keys in a lot of different ways. One way is whats called a brain wallet where you remember a phrase or code that can be used to generate the keys. OP probably discovered someones brain wallet phrase. If you use decent opensource wallet software to generate your wallet you have nothing to worry about.

[–]monkyyy0 -1 ポイント0 ポイント  (1子コメント)

This makes me feel unsafe as a newcomer. Could someone explain what is going on here?

Most likely they used a book quote for their private key or something.

For example if I didn't know better I may type "But the soul is still oracular; amid the market’s din,
List the ominous stern whisper from the Delphic cave within," into the recovery password system, its off the beaten path enough enough to not be found by the bots(bitcoin has hacking bots for weaker passwords) but its still far far form perfect to use non-randomly generated passwords no matter how they are generated and op got a little lucky.

That said bitcoin isn't ready for main stream use, feel unsafe; it isn't ready if you aren't both knowable and careful. I myself may know how to do passwords right(my email is behind 16 charatar with symbols that I use exactly one place; anything with money is behind 2 factor with that being the weak link), but I ignored common wisdom and got burnt on bitfinex while going full margin

[–]bpj1805 0 ポイント1 ポイント  (0子コメント)

Most likely they used a book quote for their private key or something.

As an illustration of how that goes wrong:

https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

I'm guessing it was not a book quote, since I figure that would have been stolen already.

[–]HitMePat 0 ポイント1 ポイント  (8子コメント)

To everyone in this thread saying OP discovered someones "weak" brain wallet...I encourage you to watch this https://youtu.be/foil0hzl4Pg .

Everyone should know that all brain wallets are vulnerable. Do not use them. Brainflayer can guess it.

[–]azkals 0 ポイント1 ポイント  (1子コメント)

Should I not use Mycelium? What do you recommend using then?

[–]cuate1bit 0 ポイント1 ポイント  (0子コメント)

Mycelium is fine. Its not a brainwallet

[–]Steve132 -1 ポイント0 ポイント  (5子コメント)

Everyone should know that all brain wallets are vulnerable. Do not use them. Brainflayer can guess it.

This is not the case. My brainwallet is a memorized 12-word BIP039/44 HD wallet. It has only been transacted out of cold storage.

It's not vulnerable at all. Not all brain wallets are vulnerable. Bad passwords and weak passwords are vulnerable.

[–]rya_nc[S] 0 ポイント1 ポイント  (4子コメント)

Please call that a mnemonic seed rather than a brainwallet. When you say "not all brain wallets are vulnerable" you confuse people who don't understand the difference, and they may lose their money as a result.

[–]Steve132 -1 ポイント0 ポイント  (3子コメント)

Not all brain wallets ARE vulnerable. I'll repeat that again. It is a direct lie to claim "All brainwallets are vulnerable"

What is vulnerable are low-entropy bad passwords that most people use to make a brainwallet.

Even if you specifically are referring to the 'standard' brainwallet which is a double-sha of a password, (which is not what mine is, admittedly) then even STILL, a brainwallet is only vulnerable if you use a low-entropy password, otherwise it's more secure than a trezor if used correctly.

If I converted dbl_sha256('panicextrahenlockglimpsedealclothhammerawesome') as a private key to an address, that would be a 'brainwallet' with 96 bits of entropy, and you would never get my bitcoin before mankind spread across the galaxy.

I'm willing to put my money where my mouth is on this. I'll put 1 bitcoin into a standard double-sha brainwallet of my choosing. I'll even give you the address.

You can have it if you can get it.

[–]rya_nc[S] -1 ポイント0 ポイント  (2子コメント)

What is vulnerable are low-entropy bad passwords that most people use to make a brainwallet.

This is what matters, and why promoting brainwallets is grossly irresponsible if not outright malicious. Someone needing to store BTC with memorized key material should use be advised to commit a BIP39 seed to memory using spaced repetition.

Even if you specifically are referring to the 'standard' brainwallet which is a double-sha of a password

The de-facto standard is single sha256.

[–]Steve132 -1 ポイント0 ポイント  (1子コメント)

So, is sha256(concatenatedbip39seed) vulnerable or not? If so, how would you possibly get it? If not, then the statement "All brainwallets are vulnerable" is false.

Most people use easy-to-guess google passwords like 'pass152', so does that mean that "All gmail accounts are vulnerable" and "anyone promoting gmail is grossly irresponsible if not outright malicious"?

Of course not. gmail has reasonable security standards and is a valuable product that can be used correctly if the correct amount of entropy is used for a password. If you get your gmail account hacked because your favorite bible verse is your password, that doesn't reflect poorly on gmail in the least.

Brainwallets are not susceptible to physical theft like a paper wallet or phone or the core client. They are not susceptible to power loss or hard drive failure the way the core client is or electrum is. They are not susceptible to password cracking or malware the way all clients are. They are not susceptible to RNG attacks or PSRNG attacks. They are not susceptible to timing attacks or buffer overflows or EM side channels the way a hardware wallet might be.

A brainwallet with good entropy is more secure than a trezor, as the only way to get it is to torture you. The only way to lose it is a head injury.

There are good reasons to use them, especially if you know how entropy works, and for people who do, they are the best option. Even if most people without guidance make bad passwords, most people without guidance make bad passwords for all services.

[–]rya_nc[S] [スコア非表示]  (0子コメント)

So, is sha256(concatenatedbip39seed) vulnerable or not? If so, how would you possibly get it? If not, then the statement "All brainwallets are vulnerable" is false.

There are other tools available that are dramatically more secure than sha256 brainwallets with no practical disadvantages, therefore there is no legitimate reason to advocate for sha256 brainwallets.

WarpWallet has some... creative... design decisions, but it's at least sixty thousand times harder to crack. Even more if you use a salt. I still don't think it's a good idea, but it's clearly less bad. Literally the only downside is that it takes a few more seconds to generate the key.

does that mean that "All gmail accounts are vulnerable" and "anyone promoting gmail is grossly irresponsible if not outright malicious"?

Gmail doesn't publish the unsalted hash of everyone's password, so this is an apples and oranges comparison.

Brainwallets are not susceptible to physical theft like a paper wallet or phone or the core client.

Those tools can and usually do have a password in addition to the thing that needs to be stolen. Having to steal something, then crack the password is harder than just having to crack the password.

They are not susceptible to RNG attacks and PSRNG attacks

Human brains are worse at more predictable than many bad RNGs.

They are not susceptible to password cracking

Dude, my brainwallet cracker is up on github. Lots of people have lost money.

A brainwallet with good entropy is more secure than a trezor

Does the trezor not have passphrase support? It's not fair to compare security of "perfect use". Just like contraceptives, security tools should be measured by "typical use".

as the only way to get it is to torture you.

Lots of passphrases have been cracked.

The only way to lose it is a head injury.

People forget stuff all the time even without head injury.

There are good reasons to use them, especially if you know how entropy works, and for people who do, they are the best option.

It doesn't matter because most people who think they understand entropy of password complexity do not.

Even if most people without guidance make bad passwords, most people without guidance make bad passwords for all services.

Which is why tools that are secure under "typical use" are important. Brainwallets are abysmal under typical use.

[–]kvhtruth -5 ポイント-4 ポイント  (9子コメント)

You should leave it alone. It's not yours. Throw the private key away.

In any other form, moving someone else's property would be considered stealing and they would throw your ass in jail.

Why do you people think it's ok to move someone else's property just because you have a key and are capable of moving it?

If you walked up to a closed jewelry store at night with the door wide open, does it give you the right to help yourself to whatever is inside?

[–]letsgetscammed 13 ポイント14 ポイント  (5子コメント)

He can spend it, it's his.

If he was able to get access to the private key, others are too. By moving the coins he is securing it.

Your allegory sucks.
If you find money laying on the ground do you pick it up and try to find the owner, or do you leave it there, because it's not yours?

[–]mustyoshi 4 ポイント5 ポイント  (0子コメント)

You pick it up and do a quick take to see if anybody saw you.

[–]Cryptolution 1 ポイント2 ポイント  (3子コメント)

Right. I've had people leave shit on my front patio steps before, so I take it, then put a note saying if you lost something here's my number. Otherwise the shit would be gone in 1 min to some ghetto shitstain who will sell it for crack.

That's the good by society thing to do. This self righteous obnoxious crap ITT is indicative of how shitty people are. Sorry but I will keep being a good dude no matter what a selfish fuck y'all are.

[–][削除されました]  (2子コメント)

[removed]

    [–]Cryptolution 1 ポイント2 ポイント  (0子コメント)

    /u/BashCo - Parent commenter appears to be trolling, not really worth being on this sub, I don't see any valuable contribution balancing out his behavior. Needlessly attacking others who are promoting doing positive actions. New account too.

    [–]Post-Cosmic 0 ポイント1 ポイント  (0子コメント)

    The fact they will sell it for recreational drugs / abuse / overdose and think this is a worthwhile usage of the life this Universe gave them.

    That alone, among almost inevitably many other things these 'people' typically do, guarantees them a legitimate spot in the 'shitstain' ledger.

    [–]rbhmmx 3 ポイント4 ポイント  (0子コメント)

    If you found a 500 dollar pile of cash on the street, would picking it up and advertising for the owner constitute as a theft?

    [–]glockbtc 0 ポイント1 ポイント  (0子コメント)

    Wrong someone else may take it if it's weak

    [–]bpj1805 0 ポイント1 ポイント  (0子コメント)

    -1 for reading comprehension.

    OP apparently does not intend to move the coins.

    [–]Thireus -2 ポイント-1 ポイント  (2子コメント)

    I don't want to touch this person's coins for legal reasons

    Legal reasons? You became the proud and lucky owner of a private key that can move coins. I don't see any issues with it.

    [–]rya_nc[S] 2 ポイント3 ポイント  (1子コメント)

    Are you a lawyer?

    [–]Thireus -2 ポイント-1 ポイント  (0子コメント)

    I'm not, however this is common sense (I'm not saying all countries laws are following common sense, but it should be trivial to defend in court).

    You proved you can break this key, which means anyone with minimum knowledge could do the same and impersonate the real owner. Hence this falls into public knowledge, whoever can guess the private key becomes the owner of the associated address.

    From another point of view: let's assume I generate a tone load of weak private keys by following the most possible bad crypto practices (i.e. bad PRNG, brainwallet, etc.) and weeks later a user who happens to have unintentionally generated a bad private key too (which happens to be one of that I've already generated) using the same broken crypto sends a few BTCs to the associated address. Who's the owner of that private key in this case? Answer is: you are both the owner.

    There is no timestamp and proof of ownership in Bitcoin's private keys. However, what the user could eventually do is to prove that the transaction to this broken address was a mistake (if he actually was the one issuing this transaction, but yet he'd have to prove it). In any case I wish him good luck with that...

    [–]jkfsu -1 ポイント0 ポイント  (0子コメント)

    Oh I found out how to see. Maybe it's someone who just forgot about it and those Bitcoin are now lost...

    [–]coinmonkredditor for 7 days -1 ポイント0 ポイント  (2子コメント)

    What do you mean by "extremely uncommon nonstandard way"? I thought there is only 1 single way in which bitcoin addresses and keys are produced. Am I wrong?

    Sorry if this is too naive a question. Non-techie here

    [–]3_Thumbs_Up 1 ポイント2 ポイント  (0子コメント)

    A private key is just a number between 0 and 2256. You can generate this however you want, but preferably you want it to be completely random. The amount of keys is so huge that the chance of key collision between two random keys is completely insignificant. If you use a non random key everything changes.

    [–]glockbtc -1 ポイント0 ポイント  (0子コメント)

    It's a hash, you can use different tools

    [–]azkals -1 ポイント0 ポイント  (2子コメント)

    Should I be worried about my Mycelium wallet? What do people recommend?

    [–]kosmatos 0 ポイント1 ポイント  (1子コメント)

    No, this incident is related to brainwallets. Carry on with Mycelium. Rock solid.

    [–]Thireus 0 ポイント1 ポイント  (0子コメント)

    Actually not necessarily brainwallets. Weak private key generators are also impacted.