There are many elements of hacking BTC,
1.) fake web sites that look real, which harvest private keys ( most common easy way to make $5 Million USD in one afternoon )
2.) mt-gox type infiltratin of exchanges where private-keys are held, another easy way for 'hackers' to gain access to millions quickly
3.) the mother of all of course is breaking the sha-256 hash, "Google Brain-Flayer", its been done, but that gig is over, there are many advanced NSA tricks for breaking ECDSA, which is how FBI can any time it wants get the private key for any address ( think silk road BTC auction )
https://github.com/ryancdotorg/brainflayer[ while BTC people no longer use 'brain wallets' many alt-coins still push this shit, so bloom-filter cracking is still possible across the crypto-currency universe. ]
4.) The theory of experts is that NSA created BTC to wait and see when the PUBLIC would/could break SHA-256, I speculate it will be broken by public within 2-3 years, before that GOV will send out a policy statement and tell all GOV to use SHA-512; banks will be kept on easy to hack stuff forever (DES,AES,RSA), and they'll keep public on SHA-256 as long as they wish. Remember possessing or distruting crypto that GOV can't crack is still possession of a 'lethal weapon' aka bomb in USA criminal-code. In USA its only legal transport crypto that the NSA can crack.
5.) Large Bitcoin Collider - this project if it gets 1k, or +10, users, all targeting their asic/gpus farms towards any specific address say 'satoshi1', then selective hacking will be gold, and just like mining pools, people will be paid a share of the profit as high value coins are hacked,.. How soon? Again it just depends on how quick he can get ppl aboard.
https://lbc.cryptoguru.orghttps://bitcointalk.org/index.php?topic=1573035.msg23690150Eventually BTC will update itself to SHA-1024, so this is all no big deal, for safety keep your wallet in cold storage and printed, keep your BTC's off of these 99% fraudulent exchanges that just churn your BTC's for "FEES"
Lot's of people working on hacking SHA-256, I know the NSA can do it, and I suspect that folks 'private' in Israel are doing it on as-paid basis, just a matter of time before we get a little better HW, and sometime discovers a new ALGO for SHA-256, in general what the public see's is 15 years behind advanced industry and GOV, FYI in 1968 Tooley published "FFT", but Standard Oil discovered it in 1956 and was sharing with NSA, 17 years it took before Academi caught up with adv-gov-tech
***
In summary its easy to ROB BTC community, its probably easier to mine BTC's with an antminer rather than 'brute force' find a valid private-key with BTC funds.
Smart math people will be the best bet for private software that breaks bitcoin, google stuff like "EDCSA sorting" and rings, ... stuff that drops the search space from 2**128 to 2**32 makes it doable, thats the right way to think about the problem.
Google "blockchain parser", or better yet write your own in python, hell if people want I will post one, generate your own addresses that have high value, know which addresses to attack.
Much work in machine learning is very promising,
Long before I took up GPU mining, I already had a GPU FARM for doing machine-learning CUDA, so it was easy to recommission the hardware over to mining alt-coin for easy money.
One of the things about ML is patterns, and if you study the researchers who wrote brain-flayer, you will see that they study the patterns of addresses and Private-Keys, using Machine-Learn algo's and GPU miner-farms is an ideal way to study the block-chain, and the addresses. Years after 'brainflayer' these researchers are still studying the pattern's of the block-chain, and addresses. Especially 'fashion/vanity keys' are an easy target for researchers.
The SHA256/ECDSA is a TRAPDOOR algo, which means one-way, private-key to public-key; You can never get an PRIV-KEY from an address, so the way to study the problem is have the ML system learn how private-keys generate addresses, that "LEARNING", and its easy directory.io, or write your own ALGO to train the ML.
***
IMHO the future of all this non-sense will be in machine learning, better to have a machine be trained from the block-chain ( for any crytpo ), and then just query the system for high wealth accounts, or priv-keys or anything you wish to know.
James Garwin one of the fathers of the atomic bomb once said "The most dangerous thing was little people know that the atomic bomb worked", once people ( governments ) knew it worked, then any jack-ass would be confident to refine uranium and make a bomb.
Same now with crypto-banks and hacking, once people understand its possible, and not by brute-force, but by building machine's that learn and see patterns that humans don't see, and then the problem is solved.