Someone sending out MilliBits

[Fragan]

topic is closed ?

[1714604512]

1714604512

[1714604512]

1714604512

[1714604512]

1714604512

[Ente]

topic is closed ?

Ente

[Skele]

This is mysterious. 

And what stuff about Bitcoin isn't so mysterious ? Boom prices speculation oh yes...

[AliceWonder]

3) It is completely senseless to "mine" for random addresses. It makes more sense to hunt for weak brainwallets.

Maybe.

I have a theory that a lot of private addresses are created by taking sha256 sum repeatedly without additional salts.
I've seen that tactic used a lot with website password hashes - they salt the initial hash but then do X additional hashes without salting.
That's probably fine for passwords, because brute forcing the last hash to be hashed doesn't get you the password.

But with bitcoin if that is done, that means the final hash (all that matters) is done from a limited set of characters of known length.

So generating a random sha256 sum and then doing repeated rinse and repeats *may* boost your odds of a collission.

And while finding a weak brain-wallet might still be higher odds, weak brain-wallet is not likely to have much coins because there are lots of people constantly looking for them to empty. So a lot of the collisions will have 0 balance when you check.

[Ente]

..for me, that's just another brainwallet :-)
You take some human-compatible input and create a 254bit string from it. Most will use a simple sha256() for this, but a somewhat advanced harvesting-bot would also try several sha256(), reversing the string, doubling the dtring and hashing again, etc.
Regular brute-force alteration.

The lesson should be: "you only have as many bits in your final result as the complexity of the input and the algorithm". Just because the final string is 256bit long, doesn't mean much.

Ente

[TimS]

But with bitcoin if that is done, that means the final hash (all that matters) is done from a limited set of characters of known length.

So generating a random sha256 sum and then doing repeated rinse and repeats *may* boost your odds of a collission.

2^256 is a really, really big number, though. I really doubt this constitutes a feasible attack.

Let's make up some numbers to show you what I mean: let's say that people typically repeat their hash 1 million times, and there are a million such addresses in use. 1 million * 1 million ~= 2^40. This means there are 2^40 random sha256 hashes that, if you repeatedly hash them up to 1 million times, will result in you spending someone else's money. Unfortunately, there are 2^256-2^40 (or roughly 2^256) sha256 hashes that do not result in anything useful.

[Ente]

Big numbers, I like.



Ente

[Zepher]

My address received this strange transaction lately. However, that address has not been written anywhere so the attacker had to just discover it from the block chain I suspect. Another theory is that this is some kind of bitcoin terrorism. People who have nice round balances in their cold storage get them ruined.

There are some interesting public notes there:
Public Note: Hey, give me back my 20 Bitcoin

Public Note: If you are reading this, please take some time to remember those who died 12 years ago today in the WTC attacks

Public Note: Whoever you are, you're epic.

edit:
there's some more suspicious activity, look this address: https://blockchain.info/address/1AgesqfafUHHpAWnmjj9g6TVqBGXk4ixxg

A lot of coins are sent to all possible addresses that start with 1Ag

According to Mendelejev's table, silver is Ag.

ONE MORE THEORY:
What if the attacker has targeted just one address? However, to make it less threatening it has added a bunch of other random addresses to the formula? Then people such as myself who get disturbed by this activity start making posts to this thread and are immediately connected to their address by the forum user.

and one more:
Some of the destination addresses have spent their input except this suspicious input. Maybe the attacker tries to pin point automated wallets? So if the suspicious input remains unspent but other balance is spent then there could be some automation in place which could be abused with the transaction malleability vulnerability.

All those addresses that start with 1Ag are Casascius Silver 1BTC Coins.
I own a Casascius Silver/Gold 1BTC: 1Ag5rhfvXE1KYGypZQAujxt3aL2Dy15hUN, which also has dust ( 1 satoshi... ) on it from 1Sochi... No harm publishing the address now that it has already been messed with.
I also have a Titan Tenth 0.1BTC which had 0.00006BTC sent to it just 4 days after it was funded by Titan, sent from 1Enjoy. Now don't get me wrong, free BTC is nice, but it really pisses me off that these are on physical coins, hence I have absolutely no way to remove said dust to get it back to a nice round balance again. Frustrating  If it had been sent to a wallet that I actually have 'access' to, then I'd laugh and remove the dust, and send it to the miners.

Anyone know if this will somehow devalue physical coins like Casascius/Titan/Lealana etc? Or whether it doesn't really make any difference?

[Velkro]

that spam is annoying but well.... what to do

[bradleyb5155]

mmmm id love a MILlibit!! 
1Cg2eGH1mAxoP6dNK6zt5MhPKBJGm5n9hv

[mustang77]

Im getting a lot of trades of 0.00000001 or something from "fair cargo" or something like that . Weird

[snappa4ever]

mmmm id love a MILlibit!! 
1Cg2eGH1mAxoP6dNK6zt5MhPKBJGm5n9hv

As much as this looks like spam at first glance, it is actually very well possible that this person would actually receive some amount of bitcoin to this address from laxo. I have google searched several "random" addresses that have had these transactions sent to and they all (that I have searched) have results that point back to this forum on the first or second result. As a result I would conclude that the addresses are being "mined" from posts on this forum