Private keys posted on Bitcointalk

[o_e_l_e_o]

Those servers run by hackers who snatch coins that are sent to known private keys must have databases of many millions of addresses, I wonder if they run custom code that is much faster than Core because of its more narrow purpose.

Almost certainly. They don't need a wallet in core, and indeed, they don't even need a full node. A pruned node would suffice. They don't care about blocks or historical transactions at all - by the time a transaction is in a block it is already too late for them to steal. All they really care about is a way of maintaining a well connected mempool in order to quickly receive any newly broadcast transactions. For each incoming transaction, they will presumably have something like a huge lookup table database combined with one or more bloom filters so they can as quickly as possible determine if they have the private key for each address.

[1714484241]

1714484241

[1714484241]

1714484241

[LoyceV]

All they really care about is a way of maintaining a well connected mempool in order to quickly receive any newly broadcast transactions. For each incoming transaction, they will presumably have something like a huge lookup table database

I hadn't realized this until you posted it. It makes sense, and they don't even need the mempool anymore, all they need to check is every new transaction the moment it first arrives. So that's at most 7-ish transactions per second, or better: every xxx milliseconds a new transaction arrives, and they check them instantly (one at a time).
Kinda like BitBonkers, but with sweeping instead of visualizing.

[Nwada001]

Someone who introduced me to this forum explained to me back then how he lost everything just by not being careful enough and posting a private key on the proof of authentication instead of a public address and also making the same mistake on the bounty form. 
Mistakes happens that's when one is not careful enough and sometimes they are also voluntery action where the posted wants peoples attention to the wallet, in some cases they fund the wallet with huge either ERC-20 tokens which will require anyone who want to move the send in some gas fee which will immediately be moved by the original wallet owner. In some cases, they are addresses, which make use of more than just a phrase to authorize outgoing transactions. I don't know how they do that, though.

Scrolling through the transactions, it's obvious any incoming transaction instantly gets sweeped, usually at a high fee.

I believe in the case of this nature, it's a mistakenly posted wallet, which has many eyes on it, and because of the constant transactions, lots of bots might have been installed to move out all confirmed transactions immediately. 

[LoyceV]

Yesterday, 1BoatSLRHtKNngkdXEeobR76b53LETtpyT received 0.02429915BTC, which was instantly swept with a 0.001BTC fee.

I tried something new: I pruned Bitcoin Core to 20 GB, then imported the list of private keys, and did a rescan on the past few months. This shows only the recent transactions, and as a result the wallet is 11 MB instead of 2 GB. Bitcoin Core now works as expected without getting too slow to use.

Right when I wanted to post this, a "fatal error occurred" and Bitcoin Core crashed. The debug.log doesn't make sense:

Code:

ERROR: ProcessNewBlock: AcceptBlock FAILED (System error: filesystem error: cannot create directories: Permission denied [/home/user/.bitcoin/blocks])
~
ForceFlushStateToDisk: failed to flush state (System error while flushing: filesystem error: cannot get free space: No such file or directory [/home/user/.bitcoin/blocks])

After reloading, it works again. I've never seen this before.

[GR Sasa]

Yesterday, 1BoatSLRHtKNngkdXEeobR76b53LETtpyT received 0.02429915BTC, which was instantly swept with a 0.001BTC fee.

Maybe the same guy who sent the coins to the exposed private key address, he himself swept the coins again. Maybe he's doing that for fun to create drama. Because the coins are swept instantly. Not even a minute after the receiving the coins

[LoyceV]

Maybe the same guy who sent the coins to the exposed private key address, he himself swept the coins again. Maybe he's doing that for fun to create drama. Because the coins are swept instantly. Not even a minute after the receiving the coins

Unlikely.
It's much more likely someone did something dumb, and many bots tried to sweep the coins at the same time. One of them was fastest and got the money.

[digaran]

What happens if you send some coins and turn off RBF, only the first thief could get them right?

[LoyceV]

What happens if you send some coins and turn off RBF, only the first thief could get them right?

If you send funds to a compromised address, RBF doesn't matter. The thief uses CPFP and will turn off RBF (in his transaction) to prevent another thief from outbidding him.

[CryptoHFs]

have you tried collecting all 'email addresses' posted on bitcointalk including the ones in spreadsheets? some of them include emails

it is legal as posted on public and good for cold emails

[LoyceV]

good for cold emails

I'm not in the business of spamming people.

[CryptoHFs]

good for cold emails

I'm not in the business of spamming people.

Actually.. that is a good reminder and insight. I will make sure we never spam crypto audience.

[LoyceV]

On April 16, someone sent 0.09BTC to an address with publicly known private key. It disappeared instantly with a $12 fee. Someone earned stole $2700 from this.

[digaran]

On April 16, someone sent 0.09BTC to an address with publicly known private key. It disappeared instantly with a $12 fee. Someone earned stole $2700 from this.

Yeah, a lot of other things happened that day, for example the same certain someone (Satoshi) sent around 900 bitcoins to puzzle addresses to increase the prize of solving them, and you know how he is, he likes to tip people with Gs, $. 😉

[LoyceV]

900 bitcoins to puzzle addresses

Link?

[digaran]

900 bitcoins to puzzle addresses

Link?

I thought you already know about the puzzles? https://bitcointalk.org/index.php?topic=5218972.msg62098742#msg62098742

[LoyceV]

I knew the puzzles, but didn't catch the upgrade. For who also missed it: this transaction sent about $25 million to these addresses. That makes it worth it to allocate much more processing power to cracking the puzzles.
Crazy

[digaran]

I knew the puzzles, but didn't catch the upgrade. For who also missed it: this transaction sent about $25 million to these addresses. That makes it worth it to allocate much more processing power to cracking the puzzles.
Crazy

Well, It's not about more power, of course anyone could use hundreds of high end GPUs to solve for example #125, the point is to find a way to solve it with the help of mind not silicon. Now that you said it, $25M is too much yet very little to spend for safety analyzing.

I wish I knew how to automate and sort data processing like you, lol I have millions of public keys I just look for collisions with my eyes.🤣

[LoyceV]

Things will get quite interesting once full RBF becomes commonplace. Any such transaction stealing coins from a brain wallet or leaked private key could be replaced by another transaction, regardless of whether or not is opted in to RBF. We could end up seeing different bots broadcasting more and more replacements, each paying a higher and higher fee, trying to steal the coins for themselves. Since there is no incentive for any one such bot to surrender and let another bot win, then such transactions could just escalate until the entire value (or close to it) is paid in fees.

It looks like this is becoming a reality:

https://bitcointalk.org/index.php?topic=5476101
bc1qn3d7vyks0k3fx38xkxazpep8830ttmydwekrnl
IAJdBrmsgwWQU6IFXu1jC77GJuDguNv82ERXT2R8UywQZ7565idpdZpxjWflFVCnrjEfAJC5YcSnQUa jrgdmaZc=

claim 83BTC refund fee from antpool

That's going to be interesting if several people claim to be the real owner. In that case following the coins up the chain and signing a message from one of the earlier addresses will be more convincing.

My take on what happened:
Address bc1qn3d7vyks0k3fx38xkxazpep8830ttmydwekrnl received funds, which were immediately transferred again. That happens to every compromised private key, and many bots must be competing to be the first to steal funds. Usually, they use a high fee. In this case, my guess is that since more and more nodes accept full RBF, this lead to a very high transaction fee. Eventually, miners will get all stolen funds and the "private key hunters" will only be left with crummies. I hope the real owner can convince Antpool he's the real owner, so they don't send it to any of the private key hunters who also have the same private key.