This is awesome. Great example set by U
Since this thread was bumped, I think I should update it.
There seems to be a new buggy program that reuses the same R value for all signatures in a transaction. It started around September 2014. Because the program uses mostly unique addresses, the bug is not always exploitable. But reuse happened often enough to break over 400 new keys. The list is getting too long to post it here so here are the links:
http://johoe.mooo.com/bitcoin/broken.txthttp://johoe.mooo.com/bitcoin/endangered.txtThe first list contains the addresses whose private key can be computed from the block chain. The second list additionally contains addresses that were used by the faulty client but only in a context where it cannot be broken (unless I'm missing something).
Does anyone know what the buggy program is? Or does anyone recognize any of the more recent addresses?
Note that the addresses that appear only in the second list still may be in danger, e.g., if they stem from a BIP32 wallet and one knows the "xpub" public key.
It looks like there are some bots sweeping all funds that go to such a broken wallet.
May I ask you that after creating an address, if I check it against these 2 lists and my address is not available among them, then am I safe ?
If not, then what is the way to check the safety of a new address ?