Bitcoin Forum

http://www.financegirl.co.uk/bitcoin-vanity-addresses-hacked/

I know it's old news, but it took a day to get published. Such is the life of a writer. No offense to those who lost BTC due to the hack / scam - but then, vanity addresses (like the one I had) are about as unique as fingerprints. They all look the same, but every one is different.

* vanity address generation website hacked

tl;dr: A website that generated vanity addresses using a Split-Key setup (which should be safe) allowed users to use a key pair generated on that site itself (uh oh), the generation part of which got hacked (derp), so anybody not providing their own public key (come on, people!) effectively handed over the keys to the kingdom. Also, something about beards :)

Though the article itself doesn't really seem to go into the detail that there was security failings on both sides: the site for letting themselves get hacked, and the users for trusting keys generated at that site itself.

Haha, exactly. The beards part FTW!

I know you, and the rest of the folks here, know about the details, but I didn't think the audience was (or is) ready for full on immersion into why the two part key bits are bad.

Rather, I thought to focus on the fact that the site was a risk (and got hacked), and that a vanity address isn't at all like a vanity phone number or license plate. There are so many random combinations that every single person in the world could have the same 4 to 6 letter start to their vanity address - so what's the point.

Oh yeah, and the beards. Got to watch those shady buggers.

Mostly supposed to be good for a laugh, while easing some more Bitcoin lore into those who have not yet been assimilated.  :)

Maybe something for a follow-up - which could easily segway into other multikey applications, escrow, all that :)

Hey! I resemble that remark! ;)

And yes, I enjoy reading your articles :)