bitMiinner (OP)
Newbie
Offline
Activity: 2
Merit: 0
|
|
November 26, 2017, 03:38:58 AM |
|
Hello All,
Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it. Although balance is of 0.037296 BTC which is less but still I am not sure how I got wallet key which have already balance in it.
If its so then how we can say BTW is safe?
Please guide me.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
November 26, 2017, 03:50:49 AM |
|
Can you post the address... and a signed message from that address proving that you actually have ownership of it? The odds of this being real are pretty small... if true, congrats, you just "broke" BTC
|
|
|
|
Z3h
Newbie
Offline
Activity: 1
Merit: 0
|
|
November 26, 2017, 03:57:16 AM |
|
Even though I would love to be alive at the moment sha256 collides with old address it is so unlikely that at best this episode just increases the probability that the wallet generator is broken. A signed transaction with the wallet address would go a long way to see this happening for real. Anyhow, congrats
|
|
|
|
bitMiinner (OP)
Newbie
Offline
Activity: 2
Merit: 0
|
|
November 26, 2017, 04:23:49 AM |
|
Just did few research and I found that it possible. Practically yes Here is already hacked private key address and format. http://directory.io/0Check from pages 0-4 almost 500 entries and all of them having different last 7 characters and rest all same. Go with reverse engineering and generate this last 7 characters validate them and if found validate them and if found valid base58 key then generate public key + address from that. You got access to this. Blockchain is also hack able
|
|
|
|
DarkStar_
Legendary
Offline
Activity: 2772
Merit: 3284
|
|
November 26, 2017, 06:10:29 AM |
|
Just did few research and I found that it possible. Practically yes Here is already hacked private key address and format. http://directory.io/0Check from pages 0-4 almost 500 entries and all of them having different last 7 characters and rest all same. Go with reverse engineering and generate this last 7 characters validate them and if found validate them and if found valid base58 key then generate public key + address from that. You got access to this. Blockchain is also hack able Not hacked, anyone can generate private keys. It doesn't mean you'll find a collision though.
|
taking a break - expect delayed responses
|
|
|
HeRetiK
Legendary
Offline
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
|
|
November 26, 2017, 12:41:15 PM |
|
Can you post the address... and a signed message from that address proving that you actually have ownership of it? The odds of this being real are pretty small... if true, congrats, you just "broke" BTC I think OP might have come across a broken wallet implementation. OP, have you gotten in touch with the devs of NBitcoin? If not, now would be the time. It seems like they got a serious bug in the way they generate their private keys.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
haltingprobability
Member
Offline
Activity: 98
Merit: 26
|
|
November 26, 2017, 05:25:38 PM |
|
Blockchain is also hack able
At most, it's a problem with the wallet. You will never generate, through proper key-generation methods, a colliding key-pair with someone else on the blockchain. Human intuition fails to grasp just how large 2 256 really is. A colliding address is on the order of 2 -160 probability, which is roughly equivalent to 1/10 48. This is not "less probable than choosing the same atom twice, at random" but it's vastly improbable - it's zero for all practical purposes.
|
|
|
|
cr1776
Legendary
Offline
Activity: 4214
Merit: 1313
|
|
November 26, 2017, 05:46:31 PM |
|
Can you post the address... and a signed message from that address proving that you actually have ownership of it? The odds of this being real are pretty small... if true, congrats, you just "broke" BTC I think OP might have come across a broken wallet implementation. OP, have you gotten in touch with the devs of NBitcoin? If not, now would be the time. It seems like they got a serious bug in the way they generate their private keys. And OP, related to this USE A DIFFERENT WALLET. If there are coins in that address, as above, this may be a buggy wallet and as such someone else could access coins you put there too. Better to be safe than lose your coins.
|
|
|
|
aplistir
|
|
November 26, 2017, 05:53:46 PM |
|
Can you post the address... and a signed message from that address proving that you actually have ownership of it? The odds of this being real are pretty small... if true, congrats, you just "broke" BTC So... Anyone owning a wallet address with some balance in it is now a PROOF that a collision has occurred I do not see how that proves anything. However. If the address has an old spend action in it, and you are able to spend with a different private key publishing a different public key to the blockchain in the process. That would indeed convince me. Having 2 different keys that generate the same address would definitely be an address collision. And it is 2^96 times more probable than accidentally finding the exact same private/public key pair that generates the same address. I believe that an address collision is bound to happen sooner or later. The probability is very low, but that does not mean it is impossible
|
My Address: 121f7zb2U4g9iM4MiJTDhEzqeZGHzq5wLh
|
|
|
aplistir
|
|
November 26, 2017, 06:09:23 PM |
|
Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it. Although balance is of 0.037296 BTC which is less but still I am not sure how I got wallet key which have already balance in it.
If its so then how we can say BTW is safe?
I looked from the blockchain. There are only 4 addresses with balance of 0.037296 BTC . So which of these is yours? 1BL7BiH2poVZ8Uuj2LVT3WXajxfir1db8G 0.03729600 1CYtTy7XjyWmBRzQsdPSLz1hNE2mwejw4t 0.03729600 1HvXCTEvPhjxZuqN961FjT4zjvzaf1Bzjh 0.03729600
3PVkw5qrCr3o62vvrAH3S1f13MFLVHdZ6f 0.03729600
And the last one of those is probably a multisig address, so I am pretty sure that isn't it. Bitcoin is considered safe, because it is very improbable that address collision would happen. Not impossible though.
|
My Address: 121f7zb2U4g9iM4MiJTDhEzqeZGHzq5wLh
|
|
|
AtheistAKASaneBrain
|
|
November 26, 2017, 06:45:07 PM |
|
Can you post the address... and a signed message from that address proving that you actually have ownership of it? The odds of this being real are pretty small... if true, congrats, you just "broke" BTC I think OP might have come across a broken wallet implementation. OP, have you gotten in touch with the devs of NBitcoin? If not, now would be the time. It seems like they got a serious bug in the way they generate their private keys. This must be it. There are guys running key generation machines all day, it's called the "Large Bitcoin Collider", and to my knowledge, they've passed trillions of created addresses and there isn't a single collision yet. They only found flaws on some wallets but they don't count as legit collapses. I don't think that OP won the hardest lottery ever to win to be honest, I would need further proof.
|
|
|
|
btctousd81
|
|
November 27, 2017, 02:59:12 AM |
|
either you are super duper lucky, or bad wallet generator code.
looks like wallets random number generator isnt that much random .
try , contacting wallet's support , try generating more address if something like this happens again, then defeinetely wallet issue, dont use that wallet.
what wallet generator is that ?
|
|
|
|
Spendulus
Legendary
Offline
Activity: 2926
Merit: 1386
|
|
November 27, 2017, 03:51:06 AM |
|
Hello All,
Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it. Although balance is of 0.037296 BTC which is less but still I am not sure how I got wallet key which have already balance in it.
If its so then how we can say BTW is safe?
Please guide me.
What has likely happened here is that you have downloaded and installed a wallet that has been altered so that funds put into it could be stolen. This requires only that the perp generate a limited series of private keys that are known or discoverable to him. In the simplest case, each wallet installed would generate the same keys, and he would have a script scanning the blockchain for funds in these addresses. You have evidence of at least two wallets with the same key. I suggest deleting the wallet, maybe print the private keys first so they can be studied. Then start fresh, first establishing that your computer is clean. Start fresh with a different wallet, one that you can download and validate the signature on.
|
|
|
|
Nicolas Dorier
|
|
November 27, 2017, 06:11:32 AM |
|
What is the wallet name? This can come from:
1. A malicious wallet 2. A bug of RNG in NBitcoin (unlikely, as it is using the underlying OS RNG) 3. A wallet done by somebody who replaced the default RNG of NBitcoin by an unsecure one. 4. A bug in the underlying OS RNG (which would be very bad)
Please give more details.
|
Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
|
|
|
nopara73
Member
Offline
Activity: 103
Merit: 327
|
|
November 27, 2017, 06:31:59 AM |
|
> Today I have generated new bitcoin wallet using NBitcoin and I found that it was having already balance present in it.
NBitcoin is a library. One cannot "generate a wallet" with it. Do you mean `new Key()` code had a collision?
|
|
|
|
AtheistAKASaneBrain
|
|
November 27, 2017, 02:40:43 PM Last edit: November 27, 2017, 06:21:00 PM by AtheistAKASaneBrain |
|
There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.
Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.
|
|
|
|
buwaytress
Legendary
Offline
Activity: 2996
Merit: 3696
Join the world-leading crypto sportsbook NOW!
|
|
November 27, 2017, 02:52:35 PM |
|
We've had staff, mods, and very reputable members already point out the fallibility of these collision claims. They and and others have given the hard number approximates on probability to ever have this happen and thanks Darkstar for that graphic (which I now intend to use!). Not usually mean but OP is clearly a troll, belongs in the Collider discussion thread with other shills, along with flat earthers and co. Now that you've shown Bitcoin can be broken, better go break the Bitcoin bank at casinos =) There should be a rule that says that unless your discovery of a newly generated coin happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.
Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.
I'd say the chances of that happening to him 100 times in a row were still higher!
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
|
|
November 27, 2017, 07:10:35 PM |
|
There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.
Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.
Well, sometimes it does go deeper than your own code: https://bitcoin.org/en/alert/2013-08-11-androidEither way, if a user comes across such a "collision" they should definitely report it -- albeit rather by contacting the devs directly instead of posting on a public forum. Also I will now blame you for my newfound phobia of rocks falling from the sky.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
Spendulus
Legendary
Offline
Activity: 2926
Merit: 1386
|
|
November 27, 2017, 09:16:02 PM |
|
There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.
Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.
Well, sometimes it does go deeper than your own code: https://bitcoin.org/en/alert/2013-08-11-androidEither way, if a user comes across such a "collision" they should definitely report it -- albeit rather by contacting the devs directly instead of posting on a public forum. Also I will now blame you for my newfound phobia of rocks falling from the sky. Look, there is the android RNG problem you mention, there was a similar one that enabled the Sony playstation hack, there are others. A dysfunction random number gen is a direct enabler of back door entry and of password decryption. In practice there isn't any difference between active insertion of defective RNG and accidental actions as the end result is the same, an insecure system capable of being successfully attacked. An address with funds in it on loading a wallet is glaring evidence of the existence of a problem with the wallet, but not of the cryptographic system.
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3108
Merit: 2177
Playgram - The Telegram Casino
|
|
November 27, 2017, 11:03:00 PM |
|
There should be a rule that says that unless your discovery of a newly generated address with coins on it happened in Bitcoin Core then chances are your software is shit and there's something wrong with the code.
Everyone that has been using the native client since day 1 has never had one of these so called collisions. It just hasn't happened. You have more chances of getting hit by an asteroid tomorrow during your commute to your job than you'll ever have chances to get a legitimate collision, literally speaking.
Well, sometimes it does go deeper than your own code: https://bitcoin.org/en/alert/2013-08-11-androidEither way, if a user comes across such a "collision" they should definitely report it -- albeit rather by contacting the devs directly instead of posting on a public forum. Also I will now blame you for my newfound phobia of rocks falling from the sky. Look, there is the android RNG problem you mention, there was a similar one that enabled the Sony playstation hack, there are others. A dysfunction random number gen is a direct enabler of back door entry and of password decryption. In practice there isn't any difference between active insertion of defective RNG and accidental actions as the end result is the same, an insecure system capable of being successfully attacked. An address with funds in it on loading a wallet is glaring evidence of the existence of a problem with the wallet, but not of the cryptographic system. Ah, sorry, I guess that came out wrong. I merely wanted to point out that sometimes the error lies beyond the scope of the application developer, ie. your software can still fall victim to a vulnerability without your code being shit. In either case it should be reported because best case the application has a problem, worst case its the platform's -- or the used crypto library's -- fault. I didn't mean to imply that Bitcoin's keyspace is even remotely small enough for a collision to occur.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
|