Pages:
Author

Topic: Finders keepers? I found an address with 50 BTC via brain wallet! (Read 13289 times)

newbie
Activity: 13
Merit: 0
Don't do anything. As others have pointed out, it is just like stealing someone's wallet, even if they weren't too smart to begin with and picked a weak passphrase.
If you found a wallet in a taxi cab, would you keep it or try to find the owner and return it? I guess it depends on your morals. I would return it, but that's just me.

This is a great analogy and if you think about the situation it points out the dilemma that the OP is facing.

Doing nothing is equivalent to leaving the wallet you found alone.  So, you find a wallet in a taxi, and you just leave it there for the next guy to steal.  If the OP does nothing with these bitcoins, then he is just leaving them there for someone else to discover and steal.

Transferring the bitcoins to his own wallet but not spending them is equivalent to picking up the wallet, but not spending the money that is inside.  He can then make sure that nobody else steals it, but he's left with the complicated project of trying to find the original owner.  If that wallet in the taxi has only cash and no identification in it, how would you prove that you are the owner of the wallet?

You say you, "try to find the owner and return it".  Ok fine.  How long do you look for the owner of that wallet in the back of the taxi?  A few days? A few months? A few years?  If you still haven't found the owner after 50 years, what do you do with the cash that is in it? Do you just toss the wallet and all the cash into the trash?

Good point. I guess how long you try depends a little on common sense and your own level of perseverance. I imagine after a reasonable effort has been made to find the owner, without success, then it would be ok to keep the BTC, or, even better, donate them to some charity.
legendary
Activity: 3472
Merit: 4801
Don't do anything. As others have pointed out, it is just like stealing someone's wallet, even if they weren't too smart to begin with and picked a weak passphrase.
If you found a wallet in a taxi cab, would you keep it or try to find the owner and return it? I guess it depends on your morals. I would return it, but that's just me.

This is a great analogy and if you think about the situation it points out the dilemma that the OP is facing.

Doing nothing is equivalent to leaving the wallet you found alone.  So, you find a wallet in a taxi, and you just leave it there for the next guy to steal.  If the OP does nothing with these bitcoins, then he is just leaving them there for someone else to discover and steal.

Transferring the bitcoins to his own wallet but not spending them is equivalent to picking up the wallet, but not spending the money that is inside.  He can then make sure that nobody else steals it, but he's left with the complicated project of trying to find the original owner.  If that wallet in the taxi has only cash and no identification in it, how would you prove that you are the owner of the wallet?

You say you, "try to find the owner and return it".  Ok fine.  How long do you look for the owner of that wallet in the back of the taxi?  A few days? A few months? A few years?  If you still haven't found the owner after 50 years, what do you do with the cash that is in it? Do you just toss the wallet and all the cash into the trash?
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Question is how can you verify the one who contacts you with the correct passphrase is the REAL owner?
He could be just another brainwallet cracker...

He has most likely transferred the coins from his ´normal Wallet to the brain wallet. So have him sign a message with the address the coins have been moved from to the brain wallet and the brain wallet itself.

I'd agree that in many cases people would be transferring BTC from their own "hot wallet" to "cold storage" although of course it is also possible that the transfer was done from an exchange (in which case the input UTXO's would not belong to the person with the address in question at all).
legendary
Activity: 1232
Merit: 1001
Question is how can you verify the one who contacts you with the correct passphrase is the REAL owner?
He could be just another brainwallet cracker...

He has most likely transferred the coins from his ´normal Wallet to the brain wallet. So have him sign a message with the address the coins have been moved from to the brain wallet and the brain wallet itself.
newbie
Activity: 6
Merit: 0
So you've been trying to hack accounts on brainwallet for a few months, you've finally got one, and now you're asking what you should do?  Hmmm...
newbie
Activity: 13
Merit: 0
Don't do anything. As others have pointed out, it is just like stealing someone's wallet, even if they weren't too smart to begin with and picked a weak passphrase.
If you found a wallet in a taxi cab, would you keep it or try to find the owner and return it? I guess it depends on your morals. I would return it, but that's just me.
newbie
Activity: 19
Merit: 0
OMG OMG cant believe that it can happen Shocked. If you can guess someones passphrase imagine what will happen if everyone starts doing the same thing. That means its very unsafe Sad

BTW can you plz send 0.5 btc to me plz plz because i am in need of serious cash :p
newbie
Activity: 39
Merit: 0
  WOW! I am so shocked! Doesn't anyone have morals these days? It is WRONG to steal period! Yet, here is a debate about it. Just because you found a way into someone else's property, doesn't give you ANY right to take it! It shouldn't even be a question! If you do take it, I hope you get caught! Either you will end up in jail or dead! No concept of right or wrong in society anymore.....  This is just sickening. Well, I am about ready to leave this forum as quick as I joined. Seems like there are a lot of criminals on here.  Not everyone is but, lowering my moral standards just to talk on a forum with criminals is not something I wanted to do at all. If this message upsets anyone... I apologize. It is only directed at a certain few, not everyone as a whole. I am just disappointed. Maybe I am just getting too old or I am too old fashioned.  Sad

Justbyteme
legendary
Activity: 4522
Merit: 3426
I don't understand this.
Does this mean that anyone exploring can pick phrases at random and try them against my wallet til it breaks (best of luck heh)?

This discussion is not about cracking someone's wallet by guessing their password. The discussion is about using common or simple phrases as the source for a private key.

This post demonstrates the problem very clearly:

I mean, even a classic phrase like...
Quote
it was the best of times it was the worst of times
has had 1 whole coin in it!
https://blockchain.info/address/17WenQJaYvqCNumebQU54TsixWtQ1GQ4ND
and it's literally the first thing i tried.
...
I guess the moral is never make a memorable brainwallet Tongue
full member
Activity: 209
Merit: 148
Sorry, maybe I am not being clear.

Let's say someone did guess my passphrase, and they knew my BTC address.

How in the world could they transfer? Are there transfer services where these two are all you need?Huh

Ritual.

Ps: /paranoid mode on

Www.brainwallet.org
member
Activity: 84
Merit: 10
Sorry, maybe I am not being clear.

Let's say someone did guess my passphrase, and they knew my BTC address.

How in the world could they transfer? Are there transfer services where these two are all you need?Huh

Ritual.

Ps: /paranoid mode on
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
But where does THIS go? Like, once the phrase is turned into a hash, where exactly do you start throwing this at addresses?

The private key is a SHA256 of your "pass phrase" (when you use something like brainwallet.org).

So the problem is that your "pass phrase" needs to something that someone with a lot of computing power and a huge set of "common pass phrases" won't find.

You can be secure using a "pass phrase" but you would probably want to consider doing a few things to be sure:

1) Length should be 20 characters minimum (better 40 or more).

2) You should mix languages, slang as well as numbers and special characters.

3) Do not pick any lyric or "saying" or famous quote (for sure people are mining these as we post).
member
Activity: 84
Merit: 10
I don't understand this.

Does this mean that anyone exploring can pick phrases at random and try them against my wallet til it breaks (best of luck heh)?

OK, so I can see that brainwallet generates a private key from a phrase, which you can then throw at whatever.

But where does THIS go? Like, once the phrase is turned into a hash, where exactly do you start throwing this at addresses?

I ask purely because I am now concerned for the security of my wallet. Wallet security is something I have been trying to figure out, but haven't yet quite grasped.

I don't get it? Can anyone explain? I'm about to deposit significant funds (to me) to bitcoins, and I don't want to get attacked like this :/

Rit/
full member
Activity: 209
Merit: 148
The noble thing to do is to move the BTC to a new address and leave a message in the tx for the owner to contact you.
Question is how can you verify the one who contacts you with the correct passphrase is the REAL owner?
He could be just another brainwallet cracker...

Exactly.  
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Question is how can you verify the one who contacts you is the REAL owner?
He could be just another brainwallet cracker...

Indeed that is the problem and "the lesson" people need to learn about creating a "brain wallet". If you pick any sort of phrase, lyric or quote that is known you are going to lose your coins.

Perhaps the best thing (if the OP is determined to move those coins) is to just send them to either a charity or to some project so at least they are used for something to benefit the ecosystem.
legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
The noble thing to do is to move the BTC to a new address and leave a message in the tx for the owner to contact you.
Question is how can you verify the one who contacts you with the correct passphrase is the REAL owner?
He could be just another brainwallet cracker...
member
Activity: 112
Merit: 10
Be kind man, don't be mankind
I was about to leap on this thread to call bullshit, but seems people do in fact pick wildly insecure brainwallet passphrases.

I mean, even a classic phrase like...
Quote
it was the best of times it was the worst of times
has had 1 whole coin in it!
https://blockchain.info/address/17WenQJaYvqCNumebQU54TsixWtQ1GQ4ND

and it's literally the first thing i tried.

ridiculous. I guess I believe OP now.

I guess the moral is never make a memorable brainwallet Tongue
legendary
Activity: 2506
Merit: 1030
Twitter @realmicroguy
You could withdraw the funds and move them into your wallet. Then send a small about of BTC to the address using blockchain.info and attach a message with your contact information. The only problem is the owner would have to look at blockchain.info to see the message. Keep the passphase a secret, otherwise it will be impossible for you to know when the legitimate owner contacts you.  Or you could do nothing.

Sending messages: https://bitcointalksearch.org/topic/sending-a-message-using-bitcoin-413666
full member
Activity: 139
Merit: 100
RatingExpertise.com
Do nothing. It's not your wallet or your concern. You are about to steal someones savings even though he/she would never touch them again. You could as well steal someones car from their yard and drive it to your own garage and say that it's better to keep it there just in case someone would steal it.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Move the funds to a secure address (if you have found this brainwallet manually, it means it is very vulnerable to automated bruteforcing attacks by hackers) then reveal the passphrase to give an example of how NOT to choose a passphrase.

This is also a good suggestion (but I hope if you do this you will plan to give back the 50 BTC to the original owner - so do not publish the password before they have a chance to show their ownership because once you have published it there will be no way to know).
Pages:
Jump to: