519.704 received at 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp - Lost and Found?

[kneim]

Please go on with finding the right owner, with a minimum of effort, of course.

The owner is not necessarily the one that did the mistake. I think of payments from glbse or bitmarket.eu. Help to keep up trust in Bitcoins.

[DannyHamilton]

. . . Still I don't believe this is a collision . . . Assuming the private key is randomly generated . . .

Exactly, assuming the private key was generated using an appropriately random seed.  Now, seeing as this is a Vanity Address, do we know what the source of randomness is for generating the keys?  If the particular Vanity Address generator used insufficiently random information to generate the key-pair, the chances of a collision could potentially be quite high.

[malevolent]

Nice Christmas presents you got there, OP 

[Nyhm]

It has come to my attention that this Simple Vanity Address Generator was the source of the address in question.

I assure you there is nothing intentionally malicious in the code, but it's one of the first Bitcoin applications I had written, and it could have bugs. In fact, I explain exactly that (and even warn against using it since it's closed source) on the page linked above.

I think what TheButterZone is doing here is honorable, and I want to do the right thing to. The generator is based on bitcoinj, and if there is any possibility of a collision attack the simple way I'm using it, this could be very important to the Bitcoin community (and bitcoinj developers). (EDIT: Although I think it's really unlikely.)

Give me a couple days (holidays) and I'll follow up.

[CIYAM]

I think that at least you were lucky that if this is a bug then you found a very honorable forum member to have found it with.

[LoweryCBS]

(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related)

VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems?

[BurtW]

Interesting.  So if there is a problem with the randomness of the vanity generator in question then it is totally possible there is a collision.  I would then suggest moving the coins in question to another vanity address.  How about 1callme... or something like that?

That would get the other owner's attention for sure.

[K1773R]

(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related)

VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems?

no it hasnt, it relys on OpenSSL to generate random entropy for generating key, this system is complex enough to call it "true random". altough note there is no such thing as random in our universe, since this is so complex it just is called random, still its good enough for what its needed (no collisions so far)!

[GlooBoy]

Heres a interesting twist that may / may not be related.

Someone is giving away bitcoins in OTC to random people.

Maybe a sercet-Santa

[LoweryCBS]

Checked a few fat-fingered firstbits candidates, and this one looks interesting: 1TBZm

https://blockchain.info/address/1TBZm3dGkbz7VggzzPAGaXh4hvHxJZNCJ

(I tried the replacing the letters surrounding B, Z, and J on the keyboard)

[odolvlobo]

(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related)

VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems?

no it hasnt, it relys on OpenSSL to generate random entropy for generating key, this system is complex enough to call it "true random". altough note there is no such thing as random in our universe, since this is so complex it just is called random, still its good enough for what its needed (no collisions so far)!

OpenSSL doesn't "generate" entropy, it obtains it. The quality of the entropy depends on the provider and not on OpenSSL. For example, if two people (using the same vanity address generator) provide OpenSSL with the same entropy and ask for the same public key prefix, they will get the same private key.

It is possible to build OpenSSL so that the value 0 is always provided as the entropy. This would not be an unusual bug. A developer might do this for testing or evaluating, and then forget to provide the real entropy in the released version.

I have ported OpenSSL to a few devices, but I have not looked at any vanity address generator source. So, this information may not apply this case, but I think it is good to know in general.

[TheButterZone]

BTW: When people say chances of collision is low they don't mean 'low' as people use the word in normal everyday life. In reality the chances are infinitely small. The chance of Sol going supernova in the next microsecond is considerably larger then the chance of a collision ever occurring.

For a properly generated address, right. But this one came from a closed source vanity address generator of dubious design.

The generator I used: http://nyhm.net/bitcoin/vanity/
The topic about the generator: https://bitcointalk.org/index.php?topic=76038.0

[K1773R]

(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related)

VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems?

no it hasnt, it relys on OpenSSL to generate random entropy for generating key, this system is complex enough to call it "true random". altough note there is no such thing as random in our universe, since this is so complex it just is called random, still its good enough for what its needed (no collisions so far)!

OpenSSL doesn't "generate" entropy, it obtains it. The quality of the entropy depends on the provider and not on OpenSSL. For example, if two people (using the same vanity address generator) provide OpenSSL with the same entropy and ask for the same public key prefix, they will get the same private key.

It is possible to build OpenSSL so that the value 0 is always provided as the entropy. This would not be an unusual bug. A developer might do this for testing or evaluating, and then forget to provide the real entropy in the released version.

check out the source of vanitygen then u know what im talking about.

[Otoh]

Fascinating indeed, I suspect a FirstBits typo myslef <--- (didn't mean to do that but there you go, so easy) as others have suggested, lots of kudos & good karma* to you for posting about it, maybe someone's offline storage stash address got typo-ed & they haven't been monitoring the balance, or a Casascius coin/savings bar where someone read the FB address incorrectly (quite easy sometimes).  I can also see a cool film script though if you mixed this kind of typo with say a 'Bangkok Dangerous' style assassin for hire's remunerations etc now that Swiss banks are so useless (UBS - cough, cough*). Hmmm, some anon just sent me 5k btc again - how strange, oh well back to the news: Reports are just coming in of yet another suspicious death linked to the mysterious ZTT group, the Zeta Taco Triad.

edit: possible FB Typos for 1TBZjm ---> 1T8Zjm   1TBZim   1TBZjn   1TB2jm   1TBZmj   1TBZj   = nope so far

As LoweryCBS found, 1TBZm = https://blockchain.info/address/1TBZm3dGkbz7VggzzPAGaXh4hvHxJZNCJ is most interesting for it's high value TXs & I bet this was the intended recipient, it will be interesting to see how this unfolds.

edit: https://blockchain.info/address/1N6sjewYZYu5C3FjEuEYNw8Dop2nFUBGFe Illuminati O_O

*karma being, not what happens to you but how you react to what happens to you ~ so far, so good...

[Nyhm]

BTW: When people say chances of collision is low they don't mean 'low' as people use the word in normal everyday life. In reality the chances are infinitely small. The chance of Sol going supernova in the next microsecond is considerably larger then the chance of a collision ever occurring.

For a properly generated address, right. But this one came from a closed source vanity address generator of dubious design.

The generator I used: http://nyhm.net/bitcoin/vanity/
The topic about the generator: https://bitcointalk.org/index.php?topic=76038.0

Note my post above and at the vanity generator topic.

One thing I want to make sure I understand: BTC are being sent to your public vanity address, not taken from it, yes? This is, of course, very important. It's a wild leap to go from receiving BTC at an address to considering the possibility of a collision. If BTC is ever taken from the address without your direct intervention, then that's another thing. (Even in that case, it's much more likely your private key was compromised in some way, rather than a collision.)

So, I'm keen to follow this very interesting situation, and will assist in any way possible. Here's what folks can do (as will I): Run the vanity generator with the same first bits in question (or the whole thing for that matter). If anyone hits upon the target address, let us know (and prove it). In fact, if you can ever produce any duplicate address, it would be remarkable, and the research would certainly be valuable for the Bitcoin/bitcoinj community (the generator uses the bitcoinj library to produce addresses).

(PS I actually have some updates in the works for this utility, but I'll keep the v0.4 version up there for now. Note the clear warnings on the page.)

EDIT: There's an (undocumented) command-line switch for non-gui searching. Try this: java -jar VanityAddress-v0.4.jar TBZ --case-sensitive

[TheButterZone]

BTW: When people say chances of collision is low they don't mean 'low' as people use the word in normal everyday life. In reality the chances are infinitely small. The chance of Sol going supernova in the next microsecond is considerably larger then the chance of a collision ever occurring.

For a properly generated address, right. But this one came from a closed source vanity address generator of dubious design.

The generator I used: http://nyhm.net/bitcoin/vanity/
The topic about the generator: https://bitcointalk.org/index.php?topic=76038.0

Note my post above and at the vanity generator topic.

One thing I want to make sure I understand: BTC are being sent to your public vanity address, not taken from it, yes? This is, of course, very important. It's a wild leap to go from receiving BTC at an address to considering the possibility of a collision. If BTC is ever taken from the address without your direct intervention, then that's another thing. (Even in that case, it's much more likely your private key was compromised in some way, rather than a collision.)

So, I'm keen to follow this very interesting situation, and will assist in any way possible. Here's what folks can do (as will I): Run the vanity generator with the same first bits in question (or the whole thing for that matter). If anyone hits upon the target address, let us know (and prove it). In fact, if you can ever produce any duplicate address, it would be remarkable, and the research would certainly be valuable for the Bitcoin/bitcoinj community (the generator uses the bitcoinj library to produce addresses).

(PS I actually have some updates in the works for this utility, but I'll keep the v0.4 version up there for now. Note the clear warnings on the page.)

EDIT: There's an (undocumented) command-line switch for non-gui searching. Try this: java -jar VanityAddress-v0.4.jar TBZ --case-sensitive

Yep, thanks.

519.704 total was sent to it, and nothing was taken. Since receiving that amount (and 0.1337 BTC inbetween that I won in a "first person to post your address gets free BTC" contest), I split off the 519.704 (minus 1 satoshi) amount to another key, and my own BTC to another key. This way, 1) If someone does have the same private key for 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp, they can't spend my BTC 2) If they are paying attention to their balances, it will appear their BTC has been stolen, so hopefully they will find this topic 3) Hopefully this will prevent confusion in other ways.

[grue]

Developers, is there any way to prevent collisions, so we don't have to put monitors on all our addresses? 

it's astronomically unlikely that a real collision occurred

[btctalk]

The probability that a real collision happened is really low, also it's not possible to have that possibility and one more to be the receiving address of BTC500+ ... lol
what did you want from santa this year?

[DoomDumas]

I suggest a donation to http://www.videoneat.com/][url]http://www.videoneat.com/[/url] !

They just came up to accept BTC donation because I've suggested them to do so.  They did'nt knew about BTC before !

This site is quite good.

It host Lectures and Documentary.  The site was built by 2 people. 2 people who have spent thousands of hours of work on it over the period of 8 months.  This is related to TROM (The Reality Of Me), a must see !

2 peoples have invest all their time and economy into this effort, for at least 8 month.  They are now completely broke.  If this came to a lost, it would be such a waste

I urge anyone reading this to donate some BTC.  If anyone reading gives 1% (or more, or less) of their BTC, they will see the number of donator, and will have some more time to keep it on !

I hope you will take a look at it, and will donate some.

Thanks for your time, and please, at least, give some time to look at their awesome work !

Have a nice life !

[🏰 TradeFortress 🏰]

I suggest a donation to [url]http://www.videoneat.com/]http://www.videoneat.com/][url]http://www.videoneat.com/[/url] !

They just came up to accept BTC donation because I've suggested them to do so.  They did'nt knew about BTC before !

This site is quite good.

It host Lectures and Documentary.  The site was built by 2 people. 2 people who have spent thousands of hours of work on it over the period of 8 months.  This is related to TROM (The Reality Of Me), a must see !

2 peoples have invest all their time and economy into this effort, for at least 8 month.  They are now completely broke.  If this came to a lost, it would be such a waste

I urge anyone reading this to donate some BTC.  If anyone reading gives 1% (or more, or less) of their BTC, they will see the number of donator, and will have some more time to keep it on !

I hope you will take a look at it, and will donate some.

Thanks for your time, and please, at least, give some time to look at their awesome work !

Have a nice life !

.. Are you videoneat?