|
Title: Messages signed from an address with a leaked private key Post by: hosseinimr93 on December 14, 2020, 09:34:55 PM 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN
brainwallet (https://brainwalletx.github.io/#sign) is using the address above as a demo address for signing messages. https://i.imgur.com/ozxLPxE.jpg https://brainwalletx.github.io/#sign (This address can also be generated if you don't enter anything as passphrase in brainwallet address generator (https://brainwalletx.github.io/#generator) and actually is the weakest brainwallet.) There are some users in the forum that have used this address for signing message. To all admins and recovery team: Please don't accept recovery appeals made using the address above. To all users who have signed message from the address above: If you are still active in the forum, sign a new message from a new address. Users below have used the address above for signing message. RagingBull (https://bitcointalk.org/index.php?action=profile;u=372065) (signed message (https://bitcointalk.org/index.php?topic=996318.msg48979664#msg48979664), archive (https://archive.is/Uoi0K)) shahzadafzal (https://bitcointalk.org/index.php?action=profile;u=1634314) (signed message (https://bitcointalk.org/index.php?topic=996318.msg32820105#msg32820105), archive (https://archive.is/31se9)) hitrawal91 (https://bitcointalk.org/index.php?action=profile;u=1149960) (signed message (https://bitcointalk.org/index.php?topic=996318.msg49416866#msg49416866), archive (https://archive.is/ruvLG)) bitcoinermatt (https://bitcointalk.org/index.php?action=profile;u=2797326) (signed message (https://bitcointalk.org/index.php?topic=5275043.msg55783048#msg55783048), archive (https://archive.is/L6xRo)) Singertime637 (https://bitcointalk.org/index.php?action=profile;u=523357) (signed message (https://bitcointalk.org/index.php?topic=5030169.msg47605420#msg47605420), archive (https://archive.is/NX5FR)) Martin958 (https://bitcointalk.org/index.php?action=profile;u=314728) (signed message (https://bitcointalk.org/index.php?topic=996318.msg39284946#msg39284946), archive (https://archive.is/F30si)) hammad745 (https://bitcointalk.org/index.php?action=profile;u=2759673) (signed message (https://bitcointalk.org/index.php?topic=5275043.msg55727937#msg55727937), archive (https://archive.is/r7Jnu)) Martin958 (https://bitcointalk.org/index.php?action=profile;u=314728) (signed message (https://bitcointalk.org/index.php?topic=996318.msg39284946#msg39284946), archive (https://archive.is/F30si)) Michael CF (https://bitcointalk.org/index.php?action=profile;u=1443438) (signed message (https://bitcointalk.org/index.php?topic=996318.msg39192077#msg39192077), archive (https://archive.is/eMyTx)) thsaudtl1 (https://bitcointalk.org/index.php?action=profile;u=2171409) (signed message (https://bitcointalk.org/index.php?topic=996318.msg39109056#msg39109056), archive (https://archive.is/h21Jf)) THINK2b44 (https://bitcointalk.org/index.php?action=profile;u=2782852) (signed message (https://bitcointalk.org/index.php?topic=996318.msg54079463#msg54079463), archive (https://archive.is/hX4RO)) Three more users founded by Pmalek: (https://bitcointalk.org/index.php?topic=5300127.msg55840230#msg55840230) dYnamxX (https://bitcointalk.org/index.php?action=profile;u=968988) (signed message (https://bitcointalk.org/index.php?topic=996318.msg24106061#msg24106061), archive (https://archive.is/8ayJp)) smartcontracts100 (https://bitcointalk.org/index.php?action=profile;u=2779504) (signed message (https://bitcointalk.org/index.php?topic=996318.msg54207801#msg54207801), archive from loyce.club (https://loyce.club/archive/posts/5420/54207801.html)) vareole (https://bitcointalk.org/index.php?action=profile;u=2816771) (signed message (https://bitcointalk.org/index.php?topic=996318.msg54833767#msg54833767), archive from loyce.club (https://loyce.club/archive/posts/5483/54833767.html)) Two users have used the address above in their profile (Founded by TheBeardedBaby (https://bitcointalk.org/index.php?topic=5300127.msg55840383#msg55840383)): $crypto$ (https://bitcointalk.org/index.php?action=profile;u=549786) (archive (https://archive.is/zRrG3)) Michael CF (https://bitcointalk.org/index.php?action=profile;u=1443438) (archive (https://archive.is/EL1Ga)) PS: I used Ninjastic.space (http://Ninjastic.space) to find users above. Thank you TryNinja. Title: Re: Messages signed from an address with a leaked private key Post by: AB de Royse777 on December 14, 2020, 10:32:51 PM The most odd discovery for me. So, all these users had the same private key, and they were intentionally posting the address with signed messages? Why did they do it?
I was not aware about this brainwallet demo address thing at all. By the way, "wallet" this passphrase gives me a different address which is this: Code: 158zPR3H2yo87CZ8kLksXhx3irJMMnCFAN https://i.imgur.com/pXYQdWm.png What am I missing? To all users who have signed message from the address above: Before they do the new address, I would like to know their stories of using that address to sign their first message.If you are still active in the forum, sign a new message from a new address. Edit: I requested DaveF to send you 5 merits on me. Title: Re: Messages signed from an address with a leaked private key Post by: hosseinimr93 on December 14, 2020, 10:41:59 PM By the way, "wallet" this passphrase gives me a different address which is this: You are right. Code: 158zPR3H2yo87CZ8kLksXhx3irJMMnCFAN What am I missing? It was my mistake. Sorry. I confused this address with another one. For getting that address, you need to leave the passphrase box empty. I edited the OP. Before they do the new address, I would like to know their stories of using that address to sign their first message. When you try to sign a message using brainwallet (https://brainwalletx.github.io/#sign), you will see that address and its corresponding private key by default and you need to enter your own private key. These users simply didn't change the address, just wrote the message and clicked on "sign message" button. Title: Re: Messages signed from an address with a leaked private key Post by: AB de Royse777 on December 14, 2020, 10:51:57 PM Now everything is making sense to me.
Quote When you try to sign a message using brainwallet (https://brainwalletx.github.io/#sign), you will that address and its corresponding private key by default and you need to enter your own private key. These users simply didn't change the address, just wrote the message and clicked on "sign message" button. Most probably these users did not have a clue what they were doing so really we can not question them. It was an innocent mistake from ignorance of course. However, I was a bit suspicious before getting your point and checking the default link (LOL) https://brainwalletx.github.io/#signTitle: Re: Messages signed from an address with a leaked private key Post by: Little Mouse on December 15, 2020, 11:56:06 AM Singertime637 (https://bitcointalk.org/index.php?action=profile;u=523357) (signed message (https://bitcointalk.org/index.php?topic=5030169.msg47605420#msg47605420) And surprisingly, shasan has approved a loan which have been requested by signing a message from this address :D although the loan applicant so far seems to be trusted. The Pharmacist has given a positive feedback to that account also.Check this- https://bitcointalk.org/index.php?topic=5030169.msg47605487#msg47605487 Title: Re: Messages signed from an address with a leaked private key Post by: Bitcoin_Arena on December 15, 2020, 08:24:40 PM And surprisingly, shasan has approved a loan which have been requested by signing a message from this address :D although the loan applicant so far seems to be trusted. It's probably because She or he was using the account as collateral, so they were obliged to pay up the loan, but they haven't been active since Jan 2019
Title: Re: Messages signed from an address with a leaked private key Post by: NotATether on December 16, 2020, 02:30:22 AM The most odd discovery for me. So, all these users had the same private key, and they were intentionally posting the address with signed messages? Why did they do it? Two of those users just signed a message from that private key for the sake of OgNasty's merit thread. The rest of those users but Singertime637 posted them in the BTC address staking thread. My guess is that most of them are newbies and did not know how to create a bitcoin signed message so they went to brainwallet's site and made a signature using the default private key, and thought that was the proper way to do it. Title: Re: Messages signed from an address with a leaked private key Post by: PrimeNumber7 on December 16, 2020, 03:51:03 AM Now everything is making sense to me. The address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN has received (https://btc.com/1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN) over 59 btc over hundreds of transactions. It is unlikely that the 11 people are the only ones that have made this mistake. Quote When you try to sign a message using brainwallet (https://brainwalletx.github.io/#sign), you will that address and its corresponding private key by default and you need to enter your own private key. These users simply didn't change the address, just wrote the message and clicked on "sign message" button. Most probably these users did not have a clue what they were doing so really we can not question them. It was an innocent mistake from ignorance of course. However, I was a bit suspicious before getting your point and checking the default link (LOL) https://brainwalletx.github.io/#sign To all admins and recovery team: This is hardly the only private key that is publicly known (I would disagree with the description of "leaked" to describe this private key) that presumably new users use. There is an argument to require any signing address have a nominal unspent output in order to accept the signature. Please don't accept recovery appeals made using the address above. I also believe a signed message is only one data point the recovery team looks at when deciding if they will recover an account or not. I believe they also look at things like your ISP, browser fingerprint, and possibly some other things. Title: Re: Messages signed from an address with a leaked private key Post by: Little Mouse on December 16, 2020, 04:29:32 AM The address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN has received (https://btc.com/1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN) over 59 btc over hundreds of transactions. It is unlikely that the 11 people are the only ones that have made this mistake. It's more a technical issue than simply calling it a mistake which most of the people may not be aware of including me. I would have done the same technical mistake if I were in the same situation. I didn't get what does exactly a blank passphrase is referring but that's what creates this address and people used this address by thinking it's their address. As you can see here- 50 BTC lost because of blank passphrase (https://bitcointalk.org/index.php?topic=1138273.0)and here- Weird Transactions in Wallet that I didn't make (https://bitcointalk.org/index.php?topic=687159.0), this is kind of weird to me also. Title: Re: Messages signed from an address with a leaked private key Post by: Pmalek on December 16, 2020, 10:10:32 AM You missed a few members.
Another newbie used that address to sign a message. dYnamxX. (https://bitcointalk.org/index.php?action=profile;u=968988) This (https://bitcointalk.org/index.php?topic=996318.msg24106061#msg24106061)is the link. smartcontracts100 (https://bitcointalk.org/index.php?action=profile;u=2779504)signed a message using the same address here. (https://bitcointalk.org/index.php?topic=996318.msg54207801#msg54207801) You can see that from Csmiami quote of his message just below the post. But in September 2020, he edited his post and removed the signature. Not sure what he though he would achieve with that since Csmiami quoted his message. The original post can also be found on loyce.club (https://loyce.club/archive/posts/5420/54207801.html). Then we have vareole (https://bitcointalk.org/index.php?action=profile;u=2816771) who used the same address here. (https://bitcointalk.org/index.php?topic=996318.msg54833767#msg54833767) His original post. (https://loyce.club/archive/posts/5483/54833767.html) Title: Re: Messages signed from an address with a leaked private key Post by: TheBeardedBaby on December 16, 2020, 10:32:14 AM here's some people using the same address in their profiles :
https://bitcointalk.org/index.php?action=profile;u=549786 https://i.imgur.com/QoBaDjl.png https://bitcointalk.org/index.php?action=profile;u=1443438 https://i.imgur.com/B08AyM7.png Weird thing, tho... I still think checking the Signed Message thread for duplicates is a good idea. Title: Re: Messages signed from an address with a leaked private key Post by: tranthidung on December 16, 2020, 12:24:25 PM Most probably these users did not have a clue what they were doing so really we can not question them. It was an innocent mistake from ignorance of course. However, I was a bit suspicious before getting your point and checking the default link (LOL) https://brainwalletx.github.io/#sign People who signed a message like that and staked their signed message on the forum did not read the guide from brainwalletx and from the topic here. They skip all fundamental guides and warnings.Basically, they would recognize that sign a message is to prove the ownership (theirs) on that address (they must own private key to sign a message). It is weird when they do know the address they used does not belong to them. They can not know how the process goes but the address is not theirs (not sure how they can easily skip this important element). In real life, how do I sign my signature on paper (contract, ie.) if the name is not mine? Thanks OP for this interesting finding. :D |
