Bitcoin Forum
July 21, 2018, 06:12:49 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Thoughts on this private key stealing mystery  (Read 9272 times)
amaclin1
Full Member
***
Offline Offline

Activity: 378
Merit: 201


View Profile
December 01, 2017, 10:17:16 PM
 #21

It is impossible to assume that blockchain.info could be hack.
You've made my day.
https://www.reddit.com/r/Bitcoin/comments/2onl1y/at_least_hundreds_of_coins_were_stolen_from/
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1532196769
Hero Member
*
Offline Offline

Posts: 1532196769

View Profile Personal Message (Offline)

Ignore
1532196769
Reply with quote  #2

1532196769
Report to moderator
samson
Legendary
*
Offline Offline

Activity: 1470
Merit: 1012


View Profile
December 02, 2017, 10:46:41 AM
 #22

And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.
There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.

You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)


No more than a dozen.....lol... Roll Eyes
kahc
Member
**
Online Online

Activity: 252
Merit: 11


View Profile
December 02, 2017, 03:12:30 PM
 #23

And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.
There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.

You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)


No more than a dozen.....lol... Roll Eyes

I always thought that double-spender with the highest sending fee got favored. But it seems like the one with 312sat/B got included in the block first.
carlisle1
Hero Member
*****
Offline Offline

Activity: 840
Merit: 502


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
December 02, 2017, 10:13:18 PM
 #24

Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.

Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1015



View Profile
December 03, 2017, 03:54:28 AM
 #25

Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.

There is reason to suspect, and to look for more such issues.

btctousd81
Sr. Member
****
Offline Offline

Activity: 378
Merit: 252


View Profile WWW
December 03, 2017, 05:18:14 AM
 #26

first3 methods are nothing new, i saw the same methods in some video , posted here .

using merkle roto and tx id as a private key and generate bitcoin address.,

but its like shooting in dark.


Intersan
Hero Member
*****
Offline Offline

Activity: 658
Merit: 505



View Profile
December 03, 2017, 10:27:10 PM
 #27

Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.

He have done a good work. I guess hackers are also upgrading their way of hacking and must come up with a new way of stealing. I do also hope that authorities will be concerned about it especially now that there are many new users in this forum. Bitcoin have attracted many attention when it reached $10 000 and of course it also looks so good in the eyes of hackers. We should always be careful.

dacsee
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
December 04, 2017, 04:20:22 AM
 #28

Very interesting technical story.

Luckily that in today's age, most generated keys are derived from a high degree of randomness, instead of easily guessable keywords / phrases
amaclin1
Full Member
***
Offline Offline

Activity: 378
Merit: 201


View Profile
December 04, 2017, 07:15:19 AM
 #29

Luckily that in today's age, most generated keys are derived from a high
degree of randomness, instead of easily guessable keywords / phrases
Sure?  Grin
Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1015



View Profile
December 05, 2017, 01:07:35 AM
 #30

Very interesting technical story.

Luckily that in today's age, most generated keys are derived from a high degree of randomness...

How do you know for sure?
Dr.Z
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
December 05, 2017, 01:19:52 AM
 #31

How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
bigvito19
Full Member
***
Offline Offline

Activity: 392
Merit: 100

Buy Extremely Low and Then Sell Whenever You Want


View Profile
December 05, 2017, 08:03:15 PM
 #32

first3 methods are nothing new, i saw the same methods in some video , posted here .

using merkle roto and tx id as a private key and generate bitcoin address.,

but its like shooting in dark.




What's the video link?

Buy Extremely Low
Sell Whenever You Want
Giggty Giggty Giggty
BurtW
Legendary
*
Offline Offline

Activity: 2282
Merit: 1006

All paid signature campaigns should be banned.


View Profile WWW
December 05, 2017, 08:09:21 PM
 #33

How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
J. Cooper
Full Member
***
Offline Offline

Activity: 238
Merit: 103


Alea iacta est


View Profile
December 05, 2017, 08:31:27 PM
 #34

Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.
I fail to see what authorities have to do with this in the first place.

But regardless, super interesting find. I'm going to read up a lot more on this when I find some free time over the weekend.

first3 methods are nothing new, i saw the same methods in some video , posted here .

using merkle roto and tx id as a private key and generate bitcoin address.,

but its like shooting in dark.


Is there a way you can provide me with a link to that video. I would like to aquire some more information on this matter.
nibor
Sr. Member
****
Offline Offline

Activity: 390
Merit: 250


View Profile
December 05, 2017, 09:29:30 PM
 #35

And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.
There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.

You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)


Make that only a few million.... bitcoinj.org and a few 1000 lines of java and you are done. Only need a 5-50 gig leveldb database...
Maybe a few days work plus another few to test it and get the sweep to work...
Dr.Z
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
December 06, 2017, 01:49:23 AM
 #36

How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.

What I am saying who put those code there and why Blockchain.info did not aware that the key generation program had been modified.
kahc
Member
**
Online Online

Activity: 252
Merit: 11


View Profile
December 06, 2017, 01:53:30 AM
 #37

How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.

What I am saying who put those code there and why Blockchain.info did not aware that the key generation program had been modified.

If you did read the thread, then you must be smoking something good Grin
Blockchain.info checked their code repository, these addresses are not generated from them.
Spendulus
Legendary
*
Offline Offline

Activity: 1946
Merit: 1015



View Profile
December 06, 2017, 03:58:03 AM
 #38

How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?

Nobody said they did.

Maybe it was a hacked wallet, or a key logger running on a computer whee the transaction occurred.
Dr.Z
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
December 06, 2017, 05:41:44 AM
 #39


If you did read the thread, then you must be smoking something good Grin
Blockchain.info checked their code repository, these addresses are not generated from them.

It is well explained in the thread why it was not a hacked wallet. Because if someone hacked into the wallet, he was no need to import a "blockhash or txhash based address", just hardcode one will be good.
User365
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


physics, mathematics and engineering


View Profile
December 06, 2017, 10:23:14 AM
 #40

How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?

Nobody said they did.

Maybe it was a hacked wallet, or a key logger running on a computer whee the transaction occurred.

According to the facts of the OP I think it is safe to say that this was a dev of a company which implemented it into the code.

A malware would act different (f.e. Hardcode priv key's so nobody can recognize it)

[could be your ad]
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!