Finders keepers? I found an address with 50 BTC via brain wallet!

[silveraz]

I was playing around with the brain wallet and checking the addresses with blockchain. I found a wallet with a balance of 50 BTC! The coins were put in the wallet in 2011 and there hasn't been any activity since. I don't want to steal someones coins but if they are "lost" I don't want to have them just sitting there. It's a lot of money!  I was thinking of sending a small amount into the wallet with a message letting the person know the situation. If nothing happens after a while I guess it's "Finders Keepers, Losers Weepers." What's the right thing to do in this situation?

[hilariousandco]

I was playing around with the brain wallet and checking the addresses with blockchain. I found a wallet with a balance of 50 BTC! The coins were put in the wallet in 2011 and there hasn't been any activity since. I don't want to steal someones coins but if they are "lost" I don't want to have them just sitting there. It's a lot of money!  I was thinking of sending a small amount into the wallet with a message letting the person know the situation. If nothing happens after a while I guess it's "Finders Keepers, Losers Weepers." What's the right thing to do in this situation?

Maybe I missed something here but how do you plan on claiming the coins exactly? And how do you know they're not saving the coins? Just because the wallet is dormant doesn't mean they're lost.

[malevolent]

I was playing around with the brain wallet and checking the addresses with blockchain. I found a wallet with a balance of 50 BTC! The coins were put in the wallet in 2011 and there hasn't been any activity since. I don't want to steal someones coins but if they are "lost" I don't want to have them just sitting there. It's a lot of money!  I was thinking of sending a small amount into the wallet with a message letting the person know the situation. If nothing happens after a while I guess it's "Finders Keepers, Losers Weepers." What's the right thing to do in this situation?

May I ask how long it took you to find out the passphrase leading to this address? Did you automate this process or did you do it manually?

I wouldn't be sure what to do in such a situation, you can either leave it where it is because it's not actually yours, or you can send it to an address of your own to ensure no one else can steal it, but post the address and the contact details in public in multiple places (bitcointalk.org, reddit.com/r/bitcoin, etc.) so that the owner (if he still has access to to the private key or passphrase) can contact you if he finds out about his missing BTC.

[silveraz]

May I ask how long it took you to find out the passphrase leading to this address? Did you automate this process or did you do it manually?

I wouldn't be sure what to do in such a situation, you can either leave it where it is because it's not actually yours, or you can send it to an address of your own to ensure no one else can steal it, but post the address and the contact details in public in multiple places (bitcointalk.org, reddit.com/r/bitcoin, etc.) so that the owner (if he still has access to to the private key or passphrase) can contact you if he finds out about his missing BTC.

I found it manually. I was just typing in random words. I've been doing it for a few months now and probably checked a couple hundred addresses.

[Reyhs]

Do nothing.

[bismuth]

Can't believe you guessed someones passphrase. Stealing the coins would make you a pickpocket. If you found a wallet on the street, 'cause you have a habit of "looking for lost objects", I would hope you would keep the wallet and attempt to contact the owner while keeping his valuables safe. There is a thing called karma if you're inclined to believe in such ideas.

[CIYAM]

If your point is to warn the user that their BTC is likely to be stolen then perhaps consider creating a raw tx that sends their funds back to their address (so they can understand that their address is compromised without any loss of funds).

[RoxxR]

Move the funds to a secure address (if you have found this brainwallet manually, it means it is very vulnerable to automated bruteforcing attacks by hackers) then reveal the passphrase to give an example of how NOT to choose a passphrase.

[CIYAM]

Move the funds to a secure address (if you have found this brainwallet manually, it means it is very vulnerable to automated bruteforcing attacks by hackers) then reveal the passphrase to give an example of how NOT to choose a passphrase.

This is also a good suggestion (but I hope if you do this you will plan to give back the 50 BTC to the original owner - so do not publish the password before they have a chance to show their ownership because once you have published it there will be no way to know).

[dailycoins]

Do nothing. It's not your wallet or your concern. You are about to steal someones savings even though he/she would never touch them again. You could as well steal someones car from their yard and drive it to your own garage and say that it's better to keep it there just in case someone would steal it.

[MicroGuy]

You could withdraw the funds and move them into your wallet. Then send a small about of BTC to the address using blockchain.info and attach a message with your contact information. The only problem is the owner would have to look at blockchain.info to see the message. Keep the passphase a secret, otherwise it will be impossible for you to know when the legitimate owner contacts you.  Or you could do nothing.

Sending messages: https://bitcointalk.org/index.php?topic=413666.0

[Thom]

I was about to leap on this thread to call bullshit, but seems people do in fact pick wildly insecure brainwallet passphrases.

I mean, even a classic phrase like...

it was the best of times it was the worst of times

has had 1 whole coin in it!
https://blockchain.info/address/17WenQJaYvqCNumebQU54TsixWtQ1GQ4ND

and it's literally the first thing i tried.

ridiculous. I guess I believe OP now.

I guess the moral is never make a memorable brainwallet

[medUSA]

The noble thing to do is to move the BTC to a new address and leave a message in the tx for the owner to contact you.
Question is how can you verify the one who contacts you with the correct passphrase is the REAL owner?
He could be just another brainwallet cracker...

[CIYAM]

Question is how can you verify the one who contacts you is the REAL owner?
He could be just another brainwallet cracker...

Indeed that is the problem and "the lesson" people need to learn about creating a "brain wallet". If you pick any sort of phrase, lyric or quote that is known you are going to lose your coins.

Perhaps the best thing (if the OP is determined to move those coins) is to just send them to either a charity or to some project so at least they are used for something to benefit the ecosystem.

[RoxxR]

The noble thing to do is to move the BTC to a new address and leave a message in the tx for the owner to contact you.
Question is how can you verify the one who contacts you with the correct passphrase is the REAL owner?
He could be just another brainwallet cracker...

Exactly.  

[Ritual]

I don't understand this.

Does this mean that anyone exploring can pick phrases at random and try them against my wallet til it breaks (best of luck heh)?

OK, so I can see that brainwallet generates a private key from a phrase, which you can then throw at whatever.

But where does THIS go? Like, once the phrase is turned into a hash, where exactly do you start throwing this at addresses?

I ask purely because I am now concerned for the security of my wallet. Wallet security is something I have been trying to figure out, but haven't yet quite grasped.

I don't get it? Can anyone explain? I'm about to deposit significant funds (to me) to bitcoins, and I don't want to get attacked like this :/

Rit/

[CIYAM]

But where does THIS go? Like, once the phrase is turned into a hash, where exactly do you start throwing this at addresses?

The private key is a SHA256 of your "pass phrase" (when you use something like brainwallet.org).

So the problem is that your "pass phrase" needs to something that someone with a lot of computing power and a huge set of "common pass phrases" won't find.

You can be secure using a "pass phrase" but you would probably want to consider doing a few things to be sure:

1) Length should be 20 characters minimum (better 40 or more).

2) You should mix languages, slang as well as numbers and special characters.

3) Do not pick any lyric or "saying" or famous quote (for sure people are mining these as we post).

[Ritual]

Sorry, maybe I am not being clear.

Let's say someone did guess my passphrase, and they knew my BTC address.

How in the world could they transfer? Are there transfer services where these two are all you need?

Ritual.

Ps: /paranoid mode on

[RoxxR]

Sorry, maybe I am not being clear.

Let's say someone did guess my passphrase, and they knew my BTC address.

How in the world could they transfer? Are there transfer services where these two are all you need?

Ritual.

Ps: /paranoid mode on

Www.brainwallet.org

[odolvlobo]

I don't understand this.
Does this mean that anyone exploring can pick phrases at random and try them against my wallet til it breaks (best of luck heh)?

This discussion is not about cracking someone's wallet by guessing their password. The discussion is about using common or simple phrases as the source for a private key.

This post demonstrates the problem very clearly:

I mean, even a classic phrase like...

it was the best of times it was the worst of times

has had 1 whole coin in it!
https://blockchain.info/address/17WenQJaYvqCNumebQU54TsixWtQ1GQ4ND
and it's literally the first thing i tried.
...
I guess the moral is never make a memorable brainwallet