Author

Topic: BITCOIN SECURITY (Read 457 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 03, 2021, 04:17:53 AM
#37
xss

If you're talking about potential XSS attack on their website (https://bitcoincore.org/), you could mention it on their GitHub repository (https://github.com/bitcoin-core/bitcoincore.org/issues).
jr. member
Activity: 33
Merit: 7
October 02, 2021, 09:23:49 AM
#33
xss
So this is related to the security of the site and not to bitcoin itself?
Create a new topic, with a description of the problem, but without technical details.
Most likely, this will attract the attention of developers.
newbie
Activity: 24
Merit: 0
October 02, 2021, 08:38:01 AM
#32
I'm a security researcher and for the past 45 days i've been researching on bitcoin protocol and how it is secured.
I found that each and every single bitcoin in the universe is in danger cuz i found a critical security flaw in bitcoin protocol that would give me infinity private keys and all that private keys work.

If you really are serious that you found a vulnerability then you had better follow the instructions at https://bitcoincore.org/en/contact/ to securely email the developers. Do not open a Github issue or post a proof of concept publicly so that you don't reveal it to hackers.

But the general gist of this thread seems to be that you are bluffing so you should prove otherwise if you want to be taken seriously.
No, they never reply, I've already sent a mail coupe months ago for finding an xss ,still I did not get any reply from them and also it is not patched.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
October 01, 2021, 03:39:37 AM
#31
I'm a security researcher and for the past 45 days i've been researching on bitcoin protocol and how it is secured.
I found that each and every single bitcoin in the universe is in danger cuz i found a critical security flaw in bitcoin protocol that would give me infinity private keys and all that private keys work.

If you really are serious that you found a vulnerability then you had better follow the instructions at https://bitcoincore.org/en/contact/ to securely email the developers. Do not open a Github issue or post a proof of concept publicly so that you don't reveal it to hackers.

But the general gist of this thread seems to be that you are bluffing so you should prove otherwise if you want to be taken seriously.
legendary
Activity: 3472
Merit: 10611
September 29, 2021, 03:38:06 AM
#30
Technically, even if find weakness, I doubt if you can exploit it because technology will always advance and the chain keeps increasing. While you try to find a weakness in point A, point B will definitely block such flaws.
It depends on the weakness. The point @ETFbitcoin is making about weakness in RNG is about examples such as the blockchain.info wallet that used the same k for every signature and led to some funds being lost. This has nothing to do with technology, it is simply flawed implementation due to incompetency of those developers (they were stupidly using random.org website!).
jr. member
Activity: 269
Merit: 4
September 29, 2021, 03:16:46 AM
#29
I think you're really dumb I've said many times that I don't generate keys random like you said, the keys I generate has more probability of getting keys with balance.

Basically you're trying to say that you find weakness on specific RNG source which used by certain Bitcoin software?

Technically, even if find weakness, I doubt if you can exploit it because technology will always advance and the chain keeps increasing. While you try to find a weakness in point A, point B will definitely block such flaws.
newbie
Activity: 24
Merit: 0
September 24, 2021, 07:38:26 AM
#28
It's like you're saying: counting from 0000000000000000000000000000000000000000000000000000000000000001 to FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
is a "security flaw" because "all those private keys work"
Wait until t3xoff discovers he can find all creditcards in existence by counting from 00000000000000001 to 9999999999999999 ! Even if your computer can only generate 1 million numbers per second, you'll find many valid cards per minute!

I'm not sure if OP is a troll, dumb, or really just clueless (or all of the above), but the size of large random numbers usually go straight against the intuition of the average person. We're all so used to create accounts online and have someone verify them for us, that it's really hard to believe Bitcoin allows you to create a private key on your own without connecting to the internet. It's really an amazing thing if you think about it Smiley
I think you're really dumb I've said many times that I don't generate keys random like you said, the keys I generate has more probability of getting keys with balance.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
September 24, 2021, 02:24:56 AM
#27
It's like you're saying: counting from 0000000000000000000000000000000000000000000000000000000000000001 to FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
is a "security flaw" because "all those private keys work"
Wait until t3xoff discovers he can find all creditcards in existence by counting from 00000000000000001 to 9999999999999999 ! Even if your computer can only generate 1 million numbers per second, you'll find many valid cards per minute!

I'm not sure if OP is a troll, dumb, or really just clueless (or all of the above), but the size of large random numbers usually go straight against the intuition of the average person. We're all so used to create accounts online and have someone verify them for us, that it's really hard to believe Bitcoin allows you to create a private key on your own without connecting to the internet. It's really an amazing thing if you think about it Smiley
legendary
Activity: 3472
Merit: 10611
September 23, 2021, 11:40:38 PM
#26
Can problems in bitcoin protocol ever changed or modified. (I do not mean bitcoin core or something).
If yes where can those problems reported.
You should first learn how bitcoin and by extension cryptography works then try to report a "problem" with the protocol. Based on your comments so far it doesn't look like you have a firm grasp on the technology yet and things you think are "problems" and as you put it earlier "a critical security flaw" are just your lack of knowledge.

You shouldn't waste other people's time but here is all you need to do in order to report a bug to bitcoin developers: https://bitcoin.org/en/bitcoin-core/contribute/issues
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
September 23, 2021, 11:12:08 PM
#25
Can problems in bitcoin protocol ever changed or modified. (I do not mean bitcoin core or something).
If yes where can those problems reported.
The thing is, Bitcoin is decentralized, meaning, there's no central authority nor client that can implement the changes solely by itself.
The closest thing there is, is Bitcoin Core (the reference client).
Since majority of the nodes use Bitcoin core, any changes to its implementation of Bitcoin will most likely be implemented to Bitcoin unless the majority refused to update or switched to a different Bitcoin client.
I believe I've already sent you a link to Bitcoin Core's repository together with my response to your PM.

Bitcoin has some flaws but not specifically what you've described in the OP.
It's like you're saying: counting from 0000000000000000000000000000000000000000000000000000000000000001 to FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140
is a "security flaw" because "all those private keys work", sadly it's not "infinity" like your private keys.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
September 23, 2021, 09:05:05 AM
#24
Can problems in bitcoin protocol ever changed or modified. (I do not mean bitcoin core or something).
Problems do not change. They remain... problems. Did you possibly mean if the protocol can somehow change? (And if yes, how)

Yes, it can change if we ever come into an agreement. By we, I mean the community. By the community, I mean the miners, the ones who run nodes, the ones who run SPV servers, the developers, you, me, every person in this forum. If someone proposes a change, we ought to adopt it if it makes the system more practical than before.

If some disagree with the change, they can continue supporting the version prior the change the rest of the community agrees as proper now. If this change isn't backwards compatible we say that a fork occurs where the chain is split in two separate chains. If most of the users decide that the new chain is the proper one, the miners will secure that one and essentially most of the people will abandon the old chain.

An example of a fork is Bitcoin Cash.

If yes where can those problems reported.
Problems in the source code can always be reported. The source code is in github and you can contact with the developing team.
newbie
Activity: 24
Merit: 0
September 23, 2021, 08:53:52 AM
#23
Can problems in bitcoin protocol ever changed or modified. (I do not mean bitcoin core or something).
If yes where can those problems reported.
legendary
Activity: 2268
Merit: 18711
September 11, 2021, 01:43:47 AM
#22
It is like the same as these sites
It's probably worth putting a scam warning if you are going to link to those sites. Anyone who types their private key in to one of those sites to "see which page it is on" or to "see if it is in their database" or to "sign up for monitoring/alerts" or whatever other nonsense they try to sell you will have all their coins stolen. Many newbies will not understand this.

I dont generate those kind of keys, I generate keys on the basis on vulnebrity i did not generate some unknown keys.
Ok, so either tell us what the vulnerability is so we can patch it, or go off and make yourself a millionaire. We know you won't do either.
member
Activity: 504
Merit: 23
Epsilon Omega
September 10, 2021, 07:59:09 AM
#21
It would be nice for people like that to share potential problems with the blockchain. The case is that you can't show solid evidence for what you're saying. There are also many computer language literate people here in this forum just to listen to a post without solid evidence. What good is it for us to listen to you, if you have nothing to lay out more concrete details on that subject.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 10, 2021, 07:02:39 AM
#20
I dont generate those kind of keys, I generate keys on the basis on vulnebrity i did not generate some unknown keys.
I generate keys which is dependent on a vulnebrity, so it gives me more accuracy.
So it don't take years to get keys with balance. Grin

Its not "years" to find keys / addresses with a balance. It's 10s of millions of years to find them.

According to your other post you already found over 60 keys.
Prove a few of them by signing a message or just go away, other then providing some entertainment for us to poke fun of you being an idiot, there is no other reason to be here.

This forum is not hostile to new users, but idiots like yourself who spout garbage are going to be flamed till you leave or stop spouting BS.

-Dave
newbie
Activity: 24
Merit: 0
September 10, 2021, 04:44:47 AM
#19
If I generate much keys would all be valid.
But when i tested some thousands all are valid.
This is not a weakness and you have not found some big security flaw. This is exactly how bitcoin is supposed to work.

Anyone in the world can generate thousands of even millions of valid private keys if they want. It's as simple as starting at 1 and counting up. Pick any number between the two numbers in BlackHatCoiner's reply, and you have found a valid private key. The reason you can't find anyone else's coins is because of the sheer size of that second number. Even if every computer on the planet did nothing but grind private keys for the rest of time, the sun would die and humans would be extinct before you found a collision.
I dont generate those kind of keys, I generate keys on the basis on vulnebrity i did not generate some unknown keys.
I generate keys which is dependent on a vulnebrity, so it gives me more accuracy.
So it don't take years to get keys with balance. Grin
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
September 09, 2021, 06:28:56 PM
#18
If I were you don't waste your time you can't find any private keys with funds there are many people who already did that.

You are just likely the same as the users in the past I couldn't remember the name but he claimed that he found a security hole on Bitcoin and then he made a website that all private keys are listed and leaked but I couldn't find my wallet from the list that he said leaked.

It is like the same as these sites
- https://www.bitcoinlist.io/
- https://privatekeys.pw/
- https://allprivatekeys.com/allprivatekeys.php

I just couldn't remember the exact site but he keeps updating it here on the forum.

However, it doesn't prove anything that there is a security hole on Bitcoin until now he never found a private key with funds.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
September 09, 2021, 04:34:07 PM
#17
The reason I'm not showing any proofs is because i don't want my project leaked.

Well, you just leaked it all by yourself.

I too have same question, If I generate much keys would all be valid.
But when i tested some thousands all are valid.
I just manualy operate my tool, still I did not automate it.
~
I got 61 hits out of 83103.......... Grin

So, joining this info with the one in the other topic, I have a wild guess what you're doing, you've found that there are some people stupid enough to use a brainwallet, like the "correct horse battery staple" generated a ton of addresses based on random heavily used passwords, and now because you've ended up with a million addresses you don't have a clue if they have ever been used or have funds on them you're trying to import them to see if they have a balance?  Cheesy

legendary
Activity: 2268
Merit: 18711
September 09, 2021, 02:30:00 PM
#16
If I generate much keys would all be valid.
But when i tested some thousands all are valid.
This is not a weakness and you have not found some big security flaw. This is exactly how bitcoin is supposed to work.

Anyone in the world can generate thousands of even millions of valid private keys if they want. It's as simple as starting at 1 and counting up. Pick any number between the two numbers in BlackHatCoiner's reply, and you have found a valid private key. The reason you can't find anyone else's coins is because of the sheer size of that second number. Even if every computer on the planet did nothing but grind private keys for the rest of time, the sun would die and humans would be extinct before you found a collision.
newbie
Activity: 24
Merit: 0
September 09, 2021, 09:58:48 AM
#15
Have you studied how things work in cryptography? Or just in Bitcoin? You've registered recently and you keep trying to find a way to cheat the system. Cheating the system isn't as easy as it seems. It's way harder than you thing and infeasible if each user was cautious enough.

I found that each and every single bitcoin in the universe is in danger cuz i found a critical security flaw in bitcoin protocol that would give me infinity private keys and all that private keys work.
This isn't a nice wording. First off, you'll have to define us what you mean by saying “infinity”. Infinite different keys? If yes, then that's impossible, because there's a specific number of available private keys.

Specifically, you cannot pick a number outside the following range as a private key:

[1, 115792089237316195423570985008687907852837564279074904382605163141518161494336]

1. Who maintains and develop bitcoin and its technology?
You're probably referring to the developers. They don't maintain Bitcoin; this task is being managed collectively by the network. They're the ones who contribute by coding.

Here they are: https://github.com/bitcoin/bitcoin/graphs/contributors

2. Can the developer modify the bitcoin protocol?
Anyone can.

3. To whom can I report this security flaw? (I'm always white hat)
To whoever you report it, if it's indeed a security flaw, we'll all gonna learn it.
yeah I cant really understand it gives 9x99x99999999x999x9x99x9x99999x9999x99x9x99 and it's your wish you can get as much you want.
I too have same question, If I generate much keys would all be valid.
But when i tested some thousands all are valid.
I just manualy operate my tool, still I did not automate it.
The reason I'm not showing any proofs is because i don't want my project leaked.
I'm just a noob in cryptography, not a legend.

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
September 09, 2021, 09:01:16 AM
#14
Have you studied how things work in cryptography? Or just in Bitcoin? You've registered recently and you keep trying to find a way to cheat the system. Cheating the system isn't as easy as it seems. It's way harder than you thing and infeasible if each user was cautious enough.

I found that each and every single bitcoin in the universe is in danger cuz i found a critical security flaw in bitcoin protocol that would give me infinity private keys and all that private keys work.
This isn't a nice wording. First off, you'll have to define us what you mean by saying “infinity”. Infinite different keys? If yes, then that's impossible, because there's a specific number of available private keys.

Specifically, you cannot pick a number outside the following range as a private key:

[1, 115792089237316195423570985008687907852837564279074904382605163141518161494336]

1. Who maintains and develop bitcoin and its technology?
You're probably referring to the developers. They don't maintain Bitcoin; this task is being managed collectively by the network. They're the ones who contribute by coding.

Here they are: https://github.com/bitcoin/bitcoin/graphs/contributors

2. Can the developer modify the bitcoin protocol?
Anyone can.

3. To whom can I report this security flaw? (I'm always white hat)
To whoever you report it, if it's indeed a security flaw, we'll all gonna learn it.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
September 09, 2021, 08:35:12 AM
#13
I got 61 hits out of 83103.......... Grin

You are obviously very bored in life, and you are not very intelligent as you want to present yourself here. Do you think that you can only impress someone with your statement without any solid data? Show us proof or find a forum with less intelligent people who believe in fairy tales.



4. Do they give me bounty?

Of course, you just need to sign up on any link on this board Wink
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 09, 2021, 06:46:50 AM
#12
Unless OP actually find weakness on RNG which used to generate private key on specific wallet software.

Yes, someone who has no idea how to find / contact people on github.

Or

How to google search the various discussions of importing / checking massive numbers or private keys [side note I actually had to do that once due to poor programming on someone's part]

and is a new user here who came out of nowhere.

Found a vulnerability that nobody else has.

Sure.....

-Dave
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
September 09, 2021, 01:44:12 AM
#11
Does this have something to do with your "5 million private keys" in this thread: IMPORTING PRIVATE KEY?
If so, I'll just wish you good luck with that  d(-_
newbie
Activity: 24
Merit: 0
September 09, 2021, 12:22:32 AM
#10
Why don't devs give attention to it, why people are investing in bitcoin, hackers can just take it all?
Yes, of course. All you have to do is find my private key on the list. I wish you luck.



No... my post was a joke. It doesn't matter if you can generate 2^256 private-keys (and of course you can generate as many as you want). The thing is that it would take billions and billions of years before you could find the private key of a funded address.
I got 61 hits out of 83103.......... Grin

If I were you, if you really make money through that. I'd rather just hide that. You will earn a lot just in case.
The hardest thing is i did not take anything from it.
Seems so dramamtic but it's the truth.
member
Activity: 504
Merit: 23
Epsilon Omega
September 08, 2021, 11:40:36 PM
#9
Why don't devs give attention to it, why people are investing in bitcoin, hackers can just take it all?
Yes, of course. All you have to do is find my private key on the list. I wish you luck.



No... my post was a joke. It doesn't matter if you can generate 2^256 private-keys (and of course you can generate as many as you want). The thing is that it would take billions and billions of years before you could find the private key of a funded address.
I got 61 hits out of 83103.......... Grin

If I were you, if you really make money through that. I'd rather just hide that. You will earn a lot just in case.
newbie
Activity: 24
Merit: 0
September 08, 2021, 11:21:59 PM
#8
Why don't devs give attention to it, why people are investing in bitcoin, hackers can just take it all?
Yes, of course. All you have to do is find my private key on the list. I wish you luck.



No... my post was a joke. It doesn't matter if you can generate 2^256 private-keys (and of course you can generate as many as you want). The thing is that it would take billions and billions of years before you could find the private key of a funded address.
I got 61 hits out of 83103.......... Grin
member
Activity: 504
Merit: 23
Epsilon Omega
September 08, 2021, 10:35:18 PM
#7
You're late, my friend.

The flaw was already found out and it's out there. Unfortunately, devs don't care. Sad

Proof: https://keys.lol/bitcoin/1

That site is awesome! I try wasting my 5mins of searching funded wallets. It's hard to find anything! LOL
legendary
Activity: 3472
Merit: 10611
September 08, 2021, 10:23:14 PM
#6
Sign a message from one of keys from "every single bitcoin" that is "in danger" or provide a valid transaction to prove you found "a critical security flaw" before wasting precious time of a developer or anyone else for that matter.
Here are two candidates:
bc1qgdjqv0av3q56jvd82tkdjpy7gdp9ut8tlqmgrpmv24sq90ecnvqqjwvw97
1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC
legendary
Activity: 2758
Merit: 6830
September 08, 2021, 10:22:26 PM
#5
Why don't devs give attention to it, why people are investing in bitcoin, hackers can just take it all?
Yes, of course. All you have to do is find my private key on the list. I wish you luck.



No... my post was a joke. It doesn't matter if you can generate 2^256 private-keys (and of course you can generate as many as you want). The thing is that it would take billions and billions of years before you could find the private key of a funded address.
newbie
Activity: 24
Merit: 0
September 08, 2021, 10:18:54 PM
#4
You're late, my friend.

The flaw was already found out and it's out there. Unfortunately, devs don't care. Sad

Proof: https://keys.lol/bitcoin/1
Why don't devs give attention to it, why people are investing in bitcoin, hackers can just take it all?
newbie
Activity: 24
Merit: 0
September 08, 2021, 10:11:51 PM
#3
You're late, my friend.

The flaw was already found out and it's out there. Unfortunately, devs don't care. Sad

Proof: https://keys.lol/bitcoin/1
I knew it before, but what I found is something different.
legendary
Activity: 2758
Merit: 6830
September 08, 2021, 10:01:13 PM
#2
You're late, my friend.

The flaw was already found out and it's out there. Unfortunately, devs don't care. Sad

Proof: https://keys.lol/bitcoin/1
newbie
Activity: 24
Merit: 0
September 08, 2021, 09:53:03 PM
#1
I'm a security researcher and for the past 45 days i've been researching on bitcoin protocol and how it is secured.
I found that each and every single bitcoin in the universe is in danger cuz i found a critical security flaw in bitcoin protocol that would give me infinity private keys and all that private keys work.

I have some questions,
1. Who maintains and develop bitcoin and its technology? (I think bitcoin.org)
2. Can the developer modify the bitcoin protocol?
3. To whom can I report this security flaw? (I'm always white hat)
4. Do they give me bounty?
Jump to: