almightyruler
Legendary
 Offline
Activity: 2268
Merit: 1092
|
 |
May 06, 2019, 08:55:59 AM
Last edit: May 06, 2019, 10:10:29 AM by almightyruler |
|
Can you guess what it may be?  Something like: 1000000000000000000000000000000000...............000000000000000000000000000000 000a Strong hint: Think... recurring never-ending decimal number |
|
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
LoyceMobile
|
|
May 06, 2019, 09:19:34 AM |
|
Lol 3.1415927….......
How did you even try that? And have you tried more decimals?
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
May 06, 2019, 10:10:07 AM |
|
Lol 3.1415927….......
How did you even try that? And have you tried more decimals?
Two things had to happen to discover that particular private key: 1. I decided to try feeding the SHA256 hash of every file on my NAS to brainflayer. 2. One of those files contained the value of Pi to a billion decimal places. Another match was the hash of the goatse photo. (If you don't know what that is, goatse is an old school shock site that is very, very NSFW. I didn't even realise I had that photo sitting on my storage.) |
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 2912
Merit: 2084
Cashback 15%
|
|
May 06, 2019, 11:07:32 AM |
|
Another match was the hash of the goatse photo. (If you don't know what that is, goatse is an old school shock site that is very, very NSFW. I didn't even realise I had that photo sitting on my storage.)
...because of course it was. There should be a word for being surprised while not being surprised at all while feeling both disgusted and nostalgic at the same time. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
May 07, 2019, 02:53:45 PM
Last edit: May 07, 2019, 04:39:27 PM by almightyruler |
|
I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. https://en.bitcoin.it/wiki/Mini_private_key_formatGiven that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. By the way, funds have been sent to (and promptly swept from) the address associated with the sample mini private key on that page: https://www.blockchain.com/btc/address/7f6ab65fa911f558ca2dde3e9d073acb02c0d5c6 (uncompressed: 1CciesT23BNionJeXrbxmjc7ywfiyM4oLW ) https://www.blockchain.com/btc/address/f78c1591f3f34fd1fe339dc371069b7b492bf370 (compressed: 1PZuicD1ACRfBuKEgp2XaJhVvnwpeETDyn ) |
|
|
|
|
|
DaCryptoRaccoon
|
|
May 11, 2019, 11:49:10 AM
Last edit: May 11, 2019, 01:14:00 PM by MagicByt3 |
|
I created a simple word smasher as a way to pipe content to BF. So I use the power of 2 scale with randint between specific values. Depending on the size of the list you will need to set the values according. I did find a few wallets this way with specific word lists being used and changes to the values. I have another version that will take content and hash it with hashlib and pipe the output to BF and again this also threw back some results. ## Word Smash Power Of 2
## Set wordlist and pipe output
## Python
from time import sleep
import random
import sys
my_file = open("words.txt", "r")
words = my_file.readlines()
## Power of 2 select from wordlist : ToDo - Evaluate methods
i = 1
while i > 0:
number_1 = random.randint(0, 128)
number_2 = random.randint(0, 256)
number_3 = random.randint(0, 512)
number_4 = random.randint(0, 1024)
number_5 = random.randint(0, 2048)
number_6 = random.randint(0, 4096)
number_7 = random.randint(0, 8192)
number_8 = random.randint(0, 16384)
number_9 = random.randint(0, 32768)
number_10 = random.randint(0, 65536)
number_11 = random.randint(0, 131072)
number_12 = random.randint(0, 262144)
word_1 = words[number_1]
word_2 = words[number_2]
word_3 = words[number_3]
word_4 = words[number_4]
word_5 = words[number_5]
word_6 = words[number_6]
word_7 = words[number_7]
word_8 = words[number_8]
word_9 = words[number_9]
word_10 = words[number_10]
word_11 = words[number_11]
word_12 = words[number_12]
print(word_1.rstrip() + " " + word_2.rstrip() + " " + word_3.rstrip() + " " + word_4.rstrip() + " " + word_5.rstrip() + " " + word_6.rstrip() + " " + word_7.rstrip() + " " + word_8.rstrip() + " " + word_9.rstrip() + " " + word_10.rstrip() + " " + word_11.rstrip() + " " + word_12.rstrip())
i += 1
sleep(0.005)
pass Some of the values
number_1 = random.randint(0, 128)
number_2 = random.randint(0, 256)
number_3 = random.randint(0, 512)
number_4 = random.randint(0, 1024)
number_5 = random.randint(0, 2048)
number_6 = random.randint(0, 4096)
number_7 = random.randint(0, 8192)
number_8 = random.randint(0, 16384)
number_9 = random.randint(0, 32768)
number_10 = random.randint(0, 65536)
number_11 = random.randint(0, 131072)
number_12 = random.randint(0, 262144)
number_1 = random.randint(0, 1024)
number_2 = random.randint(0, 2048)
number_3 = random.randint(0, 4096)
number_4 = random.randint(0, 8192)
number_5 = random.randint(0, 16384)
number_6 = random.randint(0, 32768)
number_7 = random.randint(0, 65536)
number_8 = random.randint(0, 131072)
number_9 = random.randint(0, 262144)
number_10 = random.randint(0, 524288)
number_11 = random.randint(0, 1048576)
number_12 = random.randint(0, 2097153)
number_1 = random.randint(0, 2048)
number_2 = random.randint(0, 4096)
number_3 = random.randint(0, 8192)
number_4 = random.randint(0, 16384)
number_5 = random.randint(0, 32768)
number_6 = random.randint(0, 65536)
number_7 = random.randint(0, 131072)
number_8 = random.randint(0, 262144)
number_9 = random.randint(0, 524288)
number_10 = random.randint(0, 1048576)
number_11 = random.randint(0, 2097153)
=== OFFSETS ==
number_1 = random.randint(0, 256)
number_2 = random.randint(64, 512)
number_3 = random.randint(128, 1024)
number_4 = random.randint(256, 2048)
number_5 = random.randint(512, 4096)
number_6 = random.randint(1024, 8192)
number_7 = random.randint(2048, 16348)
number_8 = random.randint(4096, 32768)
number_9 = random.randint(8192, 65538)
number_10 = random.randint(16384, 131072)
number_11 = random.randint(32768, 262144)
number_12 = random.randint(65538, 524288)
|
┏━━━━━━━━━━━━━━━━━┓
┃ 💎 Mine Solo with CKPool 💎 ┃
┃ ➤ Hit Blocks on Your Own! ┃
┃ ███▓▓ ███▓▓ ███▓▓ ███▓▓┃
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
May 18, 2019, 01:18:54 PM |
|
Around USD100 worth of BTC sent to a weak private key, stolen pretty much immediately: https://www.blockchain.com/btc/address/a27d952a793dd83d82cfaa8431c6d36450683f6dThe key is 00000000000000000000000000000000000000000000000000000000000005a1, a value which anyone playing with key cracking would almost certainly attempt. (With my modest setup, a single core running bitflayer in private key mode would find this key around 0.01 seconds after starting.) Again not really sure of the intent. Was this someone throwing a hundred bucks away for fun, or the result of buggy private key generation? |
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
May 19, 2019, 04:49:25 AM |
|
Speaking of weak private keys, this one had 0.1647412 BTC (approximately $USD 1133) sent over two successive transactions back in August 2018: https://www.blockchain.com/btc/address/1KWj99Jwd9LGGC2Y1c9c4cmvWvYTQrLFVcPromptly swept away. The private key is 000000000000000000000000000000000000000000000000000000000000001f, which is essentially the 30th possible key if you count upwards. Something that could be discovered manually. Exceptionally weak. |
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1131
All paid signature campaigns should be banned.
|
|
May 20, 2019, 02:36:01 PM |
|
LBC has sequentially searched and swept all private keys under 55 bits and is pressing on at about 20.82 trillion keys per day. So all short private keys are a bad idea.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
May 20, 2019, 05:22:25 PM |
|
LBC has sequentially searched and swept all private keys under 55 bits and is pressing on at about 20.82 trillion keys per day. So all short private keys are a bad idea. Sound advice, but bear in mind that the really low ones (say, 32 bits or so) are likely watched by bots for future activity, rather than simply being checked once by LBC. |
|
|
|
|
|
daboehla
|
|
June 05, 2019, 04:50:12 PM |
|
Last big transaction to weak private key on my radar was 0,06473026 to 0xBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
(1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet)
Why does somebody do this? Donation to the bots? or really accidentally?
|
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16558
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
June 05, 2019, 07:16:37 PM |
|
Last big transaction to weak private key on my radar was 0,06473026 to 0xBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
(1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet)
Why does somebody do this? Donation to the bots? or really accidentally? I'm amazed it lasted that long: it took 7 minutes to be sweeped! The private key to address 1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet was even posted on Bitcointalk in 2011: Addr B: 1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet (PrivKey:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb) |
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1721
|
|
June 05, 2019, 08:07:38 PM |
|
I'm amazed it lasted that long: it took 7 minutes to be sweeped! I'm not. I would imagine almost everything that could be feasibly stolen has been stolen between 2011-2015. Around 2013 it has become increasingly clear that most people choose too easy passwords for brainwallets and their use has been discouraged, and if you really have to use one, at least use one with key-stretching, such as warpwallet. Now thieves can either put increasingly more resources into searching for (most likely older) brainwallets, whose owner might have emptied them anyway, or fight for scraps that occasionally gets sent to some of the easier brainwallets. There probably aren't that many people nowadays who're bothering with monitoring brainwallets, otherwise the address you linked would have been emptied in under 7 seconds instead of 7 minutes. |
Signature space available for rent.
|
|
|
|
daboehla
|
|
June 06, 2019, 06:22:58 AM |
|
I'm amazed it lasted that long: it took 7 minutes to be sweeped! I'm not. I would imagine almost everything that could be feasibly stolen has been stolen between 2011-2015. Around 2013 it has become increasingly clear that most people choose too easy passwords for brainwallets and their use has been discouraged, and if you really have to use one, at least use one with key-stretching, such as warpwallet. Now thieves can either put increasingly more resources into searching for (most likely older) brainwallets, whose owner might have emptied them anyway, or fight for scraps that occasionally gets sent to some of the easier brainwallets. There probably aren't that many people nowadays who're bothering with monitoring brainwallets, otherwise the address you linked would have been emptied in under 7 seconds instead of 7 minutes. I am sure the timestamp of the emptying transaction is wrong. Because I also run a program, which tries to empty these weak private keys. At 29.05.2019 00:41:26.300 I recorded the transaction. (+2 timezone) On 29.05.2019 00:41:26.324 I already got txn-mempool-conflict So I think there are Many very fast out there. |
|
|
|
|
|
daboehla
|
|
June 06, 2019, 11:16:14 AM |
|
Today was also a high value transaction to weak private key:
06.06.2019 10:39:25.107 0,25000000 1FJJTKza3HovjzguAnMY9VYPu5Kd6CRKa -> 07D6D38FF15148A755F8E64F2C3F7860DEBEBB1C / 00000000000000000000000000000000000000000000000000000000000007B7 / LowerAddr
|
|
|
|
|
buwaytress
Legendary
Offline
Activity: 2786
Merit: 3437
Join the world-leading crypto sportsbook NOW!
|
|
June 06, 2019, 11:46:14 AM |
|
I'm amazed it lasted that long: it took 7 minutes to be sweeped! I'm not. I would imagine almost everything that could be feasibly stolen has been stolen between 2011-2015. Around 2013 it has become increasingly clear that most people choose too easy passwords for brainwallets and their use has been discouraged, and if you really have to use one, at least use one with key-stretching, such as warpwallet. Now thieves can either put increasingly more resources into searching for (most likely older) brainwallets, whose owner might have emptied them anyway, or fight for scraps that occasionally gets sent to some of the easier brainwallets. There probably aren't that many people nowadays who're bothering with monitoring brainwallets, otherwise the address you linked would have been emptied in under 7 seconds instead of 7 minutes. I am sure the timestamp of the emptying transaction is wrong. Because I also run a program, which tries to empty these weak private keys. At 29.05.2019 00:41:26.300 I recorded the transaction. (+2 timezone) On 29.05.2019 00:41:26.324 I already got txn-mempool-conflict So I think there are Many very fast out there. Indeed! 7 minutes was merely the time between blocks, as it turns out. So we can actually confirm that after all these years there are still people who actively run programs that automatically empties these addresses, even those as old as 8 years like this one now. Curious to know, does your program know of and then attempts the sweep transaction as soon as confirmation is received or do you already try to sweep it when the incoming tx is recognised? In other words, is your sweep tx created as soon as incoming tx is broadcast or only once confirmed? $500 is not bad at all. |
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16558
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
June 06, 2019, 11:55:17 AM
Last edit: June 06, 2019, 04:08:37 PM by LoyceV |
|
Today was also a high value transaction to weak private key:
06.06.2019 10:39:25.107 0,25000000 1FJJTKza3HovjzguAnMY9VYPu5Kd6CRKa -> 07D6D38FF15148A755F8E64F2C3F7860DEBEBB1C / 00000000000000000000000000000000000000000000000000000000000007B7 / LowerAddr
Someone paid 21% ($400) fee to steal these funds! Bots are competing heavily to get picked by a miner. Curious to know, does your program know of and then attempts the sweep transaction as soon as confirmation is received or do you already try to sweep it when the incoming tx is recognised? The theft gets confirmed in the same block as the original transaction, so it doesn't wait for a confirmation. |
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
June 06, 2019, 12:59:50 PM |
|
Today was also a high value transaction to weak private key:
06.06.2019 10:39:25.107 0,25000000 1FJJTKza3HovjzguAnMY9VYPu5Kd6CRKa -> 07D6D38FF15148A755F8E64F2C3F7860DEBEBB1C / 00000000000000000000000000000000000000000000000000000000000007B7 / LowerAddr
Pure speculation here - I'm not very good at following transaction trails - but the source wallet has a high number of transactions and large cumulative balance, so I'm guessing it could be an exchange wallet, and that 0.25 BTC was a withdrawal by a customer. Question is, how did the funds end up being sent to that address? Was this some internal software deliberately stealing funds, or did this key get imported into someone's wallet somehow? IDEA: exchanges and any other services which allow customers to withdraw should maintain a blacklist of addresses with weak keys / broken brainwallets, so that any attempts to send to such an address are blocked. |
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1721
|
|
June 06, 2019, 07:41:54 PM |
|
I wanted to say someone's watching this thread, but I think $400 is a bit too much to waste on proving a point. I wonder how many more tried to steal those coins.
|
Signature space available for rent.
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
June 06, 2019, 10:52:43 PM |
|
I wanted to say someone's watching this thread, but I think $400 is a bit too much to waste on proving a point. I wonder how many more tried to steal those coins.
Sweep bots existed long before this thread was started... |
|
|
|
|
|
