Topic: Bitcoin address for sale (Read 1558 times)
guys please stop answering a 7 year old question. an idiot spammer (possibly a bot) initially bumped this topic up but you should at least take a look at the date of the topic before jumping to answer it
Ever heard of cyber squatters? Would it be possible for someone to take possession of all vacant bitcoin addresses and thus gain control over bitcoins?
Theoretically it is possible but it needs much energy, time, so I think nobody will do it. And they are exist addresses so that person can not control all.
Bitcoin address is personal that means it's meant for one individual although an individual can posses more bitcoin addresses but you no two persons can have one bitcoin address
It has come to reality, more than once.
https://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks < - whitehat
https://bitcointalksearch.org/topic/blockchaininfo-security-funds-stolen-277595 <- blackhat stole someone's funds, as quoted further in that thread from 'Jesse James' who explained what happened. Note in this case, no amount of 2FA or secure key storage helps you, that's why any reputable wallet is careful to ensure nonce values are not reused. Only spending from an address once also negates the possibilities of a weak RNG for transaction signing, but it does not negate the keys being computed from a weak RNG in the first place, but that's a different ball game.
https://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks < - whitehat
https://bitcointalksearch.org/topic/blockchaininfo-security-funds-stolen-277595 <- blackhat stole someone's funds, as quoted further in that thread from 'Jesse James' who explained what happened. Note in this case, no amount of 2FA or secure key storage helps you, that's why any reputable wallet is careful to ensure nonce values are not reused. Only spending from an address once also negates the possibilities of a weak RNG for transaction signing, but it does not negate the keys being computed from a weak RNG in the first place, but that's a different ball game.
Quote
Your transaction with the repeated signature R values is this one:
https://blockchain.info/tx/e05d98ee17d4610eb4e63cf27dd4e63f7128dc28187ae73588ca5562d9391bb8
Inputs 0 and 2 specifically. If you can 100% confirm the exact client software / platform / browser that generated this transaction, that would be helpful.
The 'k' value was 0x7f561ff2d0a848480f575773dd8b72f17cabc9f202951d9c7392b331b0565f28
I have a tool that can find these things and solve for the private keys but it's a total kludge and I don't use it to snatch funds nor run it on a rolling basis. However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.
... since the guy currently exploiting this at the moment https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj is just cleaning em up and I'm not holding out hope he has plans to return anything.
https://blockchain.info/tx/e05d98ee17d4610eb4e63cf27dd4e63f7128dc28187ae73588ca5562d9391bb8
Inputs 0 and 2 specifically. If you can 100% confirm the exact client software / platform / browser that generated this transaction, that would be helpful.
The 'k' value was 0x7f561ff2d0a848480f575773dd8b72f17cabc9f202951d9c7392b331b0565f28
I have a tool that can find these things and solve for the private keys but it's a total kludge and I don't use it to snatch funds nor run it on a rolling basis. However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.
... since the guy currently exploiting this at the moment https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj is just cleaning em up and I'm not holding out hope he has plans to return anything.
lawyers are powerful, but i don't think the scenario you just suggested can come to reality - never.
There are people on eBay selling printed paper wallets for £2 a time. What is to stop the seller keeping the private key... People are actually buying them as well! That is a response to the topic title.
In response to the OPs message body, no. Not feasible for storage/generation. Not taking into account quantum computers, it would take more space/time than the entire universe has with the entire sun being burned up to provide energy to find even 1 address private key. It would be more feasible to go up to every bitcoin address owner you know and force them at gunpoint to give you the keys, and even that is impossible to do it to them all.
It has been possible to steal addresses and keys that were generated with bad RNGs OR ones that reused nonce value when signing transactions. Signing two transactions from one address/keypair with the same nonce value (as blockchain wallets did at one point) allows the private key to be computed from the two or more signatures where the nonce was the same. That raw data can be found on the blockchain and hackers have scanned for vulnerable addresses and probably still do, to compute the private keys and sweep them. Some white-hatters who returned the funds, and some black hatters.
https://eprint.iacr.org/2017/1014.pdf
In response to the OPs message body, no. Not feasible for storage/generation. Not taking into account quantum computers, it would take more space/time than the entire universe has with the entire sun being burned up to provide energy to find even 1 address private key. It would be more feasible to go up to every bitcoin address owner you know and force them at gunpoint to give you the keys, and even that is impossible to do it to them all.
It has been possible to steal addresses and keys that were generated with bad RNGs OR ones that reused nonce value when signing transactions. Signing two transactions from one address/keypair with the same nonce value (as blockchain wallets did at one point) allows the private key to be computed from the two or more signatures where the nonce was the same. That raw data can be found on the blockchain and hackers have scanned for vulnerable addresses and probably still do, to compute the private keys and sweep them. Some white-hatters who returned the funds, and some black hatters.
https://eprint.iacr.org/2017/1014.pdf
Quote
RNG failures. Using a given nonce only for one message is crucial: If a nonce is reused for two
different messages, an attacker can trivially calculate the private key for generating signatures. This is
caused by the fact that the underlying primitive – an interactive zero-knowledge proof [1] – requires
distinct nonces in order to be secure. Thus, the developers of cryptographic implementations have
to make sure that nonces are never reused. A common way to achieve this is using a high entropy
RNG to generate fresh nonces per signature. One prominent example where usage of repeating nonces
led to a compromise of signature keys was Sony’s Playstation 3 [2]. The hacker group fail0verflow
showed that Sony was reusing the same nonce for every digitally signed game. The members could
then calculate the private key and create valid signatures for arbitrary files including pirated games or
Linux applications. Another security breach that resulted out of insufficient entropy in the nonce of
ECDSA signatures happened in a Bitcoin Android app [3]. As a result, attackers stole Bitcoins worth
several thousand Dollar.
different messages, an attacker can trivially calculate the private key for generating signatures. This is
caused by the fact that the underlying primitive – an interactive zero-knowledge proof [1] – requires
distinct nonces in order to be secure. Thus, the developers of cryptographic implementations have
to make sure that nonces are never reused. A common way to achieve this is using a high entropy
RNG to generate fresh nonces per signature. One prominent example where usage of repeating nonces
led to a compromise of signature keys was Sony’s Playstation 3 [2]. The hacker group fail0verflow
showed that Sony was reusing the same nonce for every digitally signed game. The members could
then calculate the private key and create valid signatures for arbitrary files including pirated games or
Linux applications. Another security breach that resulted out of insufficient entropy in the nonce of
ECDSA signatures happened in a Bitcoin Android app [3]. As a result, attackers stole Bitcoins worth
several thousand Dollar.
The power harnessed on a theoretical Dyson sphere, alongside the countless quantum computers (should they exist) is very much needed in order to generate all those bitcoin addresses (2^160 possibilities). I doubt someone in our lifetimes would have the resources and capacity to actually do just that, that's why the bitcoin protocol is one of the most secure tool against hacks and brute-forcing techniques.
It is possible but you would like have to harvest the energy from a few stars to power the computers that you had to mine a few solar systems to have the raw materials to create. AFAIK
I don't think that is possible for any one to just use or hijack any empty wallet to take control over them and more so the wallet can only be hack if the private key is not secure by the user and the third party has access to it in other way to Sam the person but in a way to gain access to all unused wallet will be much hard.
i think we don't have it. but if you find this can you sharing me?
It is likely that someone installed malicious code into the backend system of a mining pool, an exchange, or possibly wallet generation code. They are using public information so that they can discover the private keys easily and steal the coins on the side.
Very new to this myself. I understand there is a limit to the number of BitCoins, but are you saying there an actual limit to the number of wallets available as well?
In the same way that there is a limit to the number of atoms on the earth. 
Very new to this myself. I understand there is a limit to the number of BitCoins, but are you saying there an actual limit to the number of wallets available as well?
2^160 = 1461501637330902918203684832716283019655932542976
That's how many addresses you'll have to generate. It's not realistic either in generation or storage. The sun, or even the universe will die before you enumerated them.
That's how many addresses you'll have to generate. It's not realistic either in generation or storage. The sun, or even the universe will die before you enumerated them.
No.
That is as in "No I won't sue you until I find a lawer"?
Read the subject, and thought you were doing somthing else, so it gave me an idea.
So ill post a new thread.
I thought you were selling a wallet that was getting residual income.
I think it'll be hard to take up all the possible addys.
So ill post a new thread.
I thought you were selling a wallet that was getting residual income.
I think it'll be hard to take up all the possible addys.
No.
Ever heard of cyber squatters? Would it be possible for someone to take possession of all vacant bitcoin addresses and thus gain control over bitcoins?
Jump to: