Newly Generated Wallet has Bitcoin in balalnce

[bitMiinner]

Hello All,

Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it. Although balance is of 0.037296 BTC which is less but still I am not sure how I got wallet key which have already balance in it.

If its so then how we can say BTW is safe?

Please guide me.

[1713265562]

1713265562

[1713265562]

1713265562

[1713265562]

1713265562

[HCP]

Can you post the address... and a signed message from that address proving that you actually have ownership of it?

The odds of this being real are pretty small... if true, congrats, you just "broke" BTC

[Z3h]

Even though I would love to be alive at the moment sha256 collides with old address it is so unlikely that at best this episode just increases the probability that the wallet generator is broken.

A signed transaction with the wallet address would go a long way to see this happening for real.

Anyhow, congrats

[bitMiinner]

Just did few research and I found that it possible. Practically yes

Here is already hacked private key address and format.

http://directory.io/0

Check from pages 0-4 almost 500 entries and all of them having different last 7 characters and rest all same.

Go with reverse engineering and generate this last 7 characters validate them and if found validate them and if found valid base58 key then generate public key + address from that.

You got access to this.

Blockchain is also hack able

[DarkStar_]

Just did few research and I found that it possible. Practically yes

Here is already hacked private key address and format.

http://directory.io/0

Check from pages 0-4 almost 500 entries and all of them having different last 7 characters and rest all same.

Go with reverse engineering and generate this last 7 characters validate them and if found validate them and if found valid base58 key then generate public key + address from that.

You got access to this.

Blockchain is also hack able

Not hacked, anyone can generate private keys. It doesn't mean you'll find a collision though.

[HeRetiK]

Can you post the address... and a signed message from that address proving that you actually have ownership of it?

The odds of this being real are pretty small... if true, congrats, you just "broke" BTC

I think OP might have come across a broken wallet implementation.

OP, have you gotten in touch with the devs of NBitcoin? If not, now would be the time. It seems like they got a serious bug in the way they generate their private keys.

[haltingprobability]

Blockchain is also hack able

At most, it's a problem with the wallet. You will never generate, through proper key-generation methods, a colliding key-pair with someone else on the blockchain. Human intuition fails to grasp just how large 2²⁵⁶ really is. A colliding address is on the order of 2^-160 probability, which is roughly equivalent to 1/10⁴⁸. This is not "less probable than choosing the same atom twice, at random" but it's vastly improbable - it's zero for all practical purposes.

[cr1776]

Can you post the address... and a signed message from that address proving that you actually have ownership of it?

The odds of this being real are pretty small... if true, congrats, you just "broke" BTC

I think OP might have come across a broken wallet implementation.

OP, have you gotten in touch with the devs of NBitcoin? If not, now would be the time. It seems like they got a serious bug in the way they generate their private keys.

And OP, related to this USE A DIFFERENT WALLET. If there are coins in that address, as above, this may be a buggy wallet and as such someone else could access coins you put there too.

Better to be safe than lose your coins.

[aplistir]

Can you post the address... and a signed message from that address proving that you actually have ownership of it?

The odds of this being real are pretty small... if true, congrats, you just "broke" BTC

So...
Anyone owning a wallet address with some balance in it is now a PROOF that a collision has occurred
I do not see how that proves anything.

However. If the address has an old spend action in it, and you are able to spend with a different private key publishing a different public key to the blockchain in the process. That would indeed convince me.
 
Having 2 different keys that generate the same address would definitely be an address collision. And it is 2^96 times more probable than accidentally finding the exact same private/public key pair that generates the same address.

I believe that an address collision is bound to happen sooner or later. The probability is very low, but that does not mean it is impossible

[aplistir]

Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it. Although balance is of 0.037296 BTC which is less but still I am not sure how I got wallet key which have already balance in it.

If its so then how we can say BTW is safe?

I looked from the blockchain. There are only 4 addresses with balance of  0.037296 BTC . So which of these is yours?  

Code:

1BL7BiH2poVZ8Uuj2LVT3WXajxfir1db8G       0.03729600
1CYtTy7XjyWmBRzQsdPSLz1hNE2mwejw4t       0.03729600
1HvXCTEvPhjxZuqN961FjT4zjvzaf1Bzjh        0.03729600

3PVkw5qrCr3o62vvrAH3S1f13MFLVHdZ6f      0.03729600

And the last one of those is probably a multisig address, so I am pretty sure that isn't it.

Bitcoin is considered safe, because it is very improbable that address collision would happen. Not impossible though.

[AtheistAKASaneBrain]

Can you post the address... and a signed message from that address proving that you actually have ownership of it?

The odds of this being real are pretty small... if true, congrats, you just "broke" BTC

I think OP might have come across a broken wallet implementation.

OP, have you gotten in touch with the devs of NBitcoin? If not, now would be the time. It seems like they got a serious bug in the way they generate their private keys.

This must be it. There are guys running key generation machines all day, it's called the "Large Bitcoin Collider", and to my knowledge, they've passed trillions of created addresses and there isn't a single collision yet. They only found flaws on some wallets but they don't count as legit collapses.

I don't think that OP won the hardest lottery ever to win to be honest, I would need further proof.

[btctousd81]

either you are super duper lucky, or bad wallet generator code.

looks like wallets random number generator isnt that much random .

try , contacting wallet's support ,
try generating more address if something like this happens again, then defeinetely wallet issue, dont use that wallet.

what wallet generator is that ?


                                       

[Spendulus]

Hello All,

Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it. Although balance is of 0.037296 BTC which is less but still I am not sure how I got wallet key which have already balance in it.

If its so then how we can say BTW is safe?

Please guide me.

What has likely happened here is that you have downloaded and installed a wallet that has been altered so that funds put into it could be stolen. This requires only that the perp generate a limited series of private keys that are known or discoverable to him. In the simplest case, each wallet installed would generate the same keys, and he would have a script scanning the blockchain for funds in these addresses.

You have evidence of at least two wallets with the same key.

I suggest deleting the wallet, maybe print the private keys first so they can be studied. Then start fresh, first establishing that your computer is clean. Start fresh with a different wallet, one that you can download and validate the signature on.

[Nicolas Dorier]

What is the wallet name? This can come from:

1. A malicious wallet
2. A bug of RNG in NBitcoin (unlikely, as it is using the underlying OS RNG)
3. A wallet done by somebody who replaced the default RNG of NBitcoin by an unsecure one.
4. A bug in the underlying OS RNG (which would be very bad)

Please give more details.

[nopara73]

> Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it.

NBitcoin is a library. One cannot "generate a wallet" with it. Do you mean `new Key()` code had a collision?

[AtheistAKASaneBrain]

There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.

Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.

[buwaytress]

We've had staff, mods, and very reputable members already point out the fallibility of these collision claims. They and and others have given the hard number approximates on probability to ever have this happen and thanks Darkstar for that graphic (which I now intend to use!).

Not usually mean but OP is clearly a troll, belongs in the Collider discussion thread with other shills, along with flat earthers and co.

Now that you've shown Bitcoin can be broken, better go break the Bitcoin bank at casinos =)

There should be a rule that says that unless your discovery of a newly generated coin happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.

Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.

I'd say the chances of that happening to him 100 times in a row were still higher!

[HeRetiK]

There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.

Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.

Well, sometimes it does go deeper than your own code:

https://bitcoin.org/en/alert/2013-08-11-android

Either way, if a user comes across such a "collision" they should definitely report it -- albeit rather by contacting the devs directly instead of posting on a public forum.

Also I will now blame you for my newfound phobia of rocks falling from the sky.

[Spendulus]

There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.

Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.

Well, sometimes it does go deeper than your own code:

https://bitcoin.org/en/alert/2013-08-11-android

Either way, if a user comes across such a "collision" they should definitely report it -- albeit rather by contacting the devs directly instead of posting on a public forum.

Also I will now blame you for my newfound phobia of rocks falling from the sky.

Look, there is the android RNG problem you mention, there was a similar one that enabled the Sony playstation hack, there are others. A dysfunction random number gen is a direct enabler of back door entry and of password decryption.

In practice there isn't any difference between active insertion of defective RNG and accidental actions as the end result is the same, an insecure system capable of being successfully attacked.

An address with funds in it on loading a wallet is glaring evidence of the existence of a problem with the wallet, but not of the cryptographic system.

[HeRetiK]

There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.

Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.

Well, sometimes it does go deeper than your own code:

https://bitcoin.org/en/alert/2013-08-11-android

Either way, if a user comes across such a "collision" they should definitely report it -- albeit rather by contacting the devs directly instead of posting on a public forum.

Also I will now blame you for my newfound phobia of rocks falling from the sky.

Look, there is the android RNG problem you mention, there was a similar one that enabled the Sony playstation hack, there are others. A dysfunction random number gen is a direct enabler of back door entry and of password decryption.

In practice there isn't any difference between active insertion of defective RNG and accidental actions as the end result is the same, an insecure system capable of being successfully attacked.

An address with funds in it on loading a wallet is glaring evidence of the existence of a problem with the wallet, but not of the cryptographic system.

Ah, sorry, I guess that came out wrong.

I merely wanted to point out that sometimes the error lies beyond the scope of the application developer, ie. your software can still fall victim to a vulnerability without your code being shit. In either case it should be reported because best case the application has a problem, worst case its the platform's -- or the used crypto library's -- fault.

I didn't mean to imply that Bitcoin's keyspace is even remotely small enough for a collision to occur.