Hack 10 "easy" segwit addresses - Bitcoin bounty

pooya87

legendary

Activity: 3444

Merit: 10558

Quote from: BTCW on June 17, 2020, 11:52:27 AM

This frames it. 10k satoshi isn't worth it. Which is part of the question, I guess. Are the bots worth it? They are clearly advanced and quick. Must have taken some time and effort to code, precalculate store and query billions of hashes, and require server and electricity costs to keep going. The "most successful" bot paid 85% in transaction fees, so those 90 cents became 13.5 cents...

if it is for making profit then no it is not worth it. it might have been many years ago when these obvious weaknesses (such as key=SHA256(password)) weren't publicly known and a silly idea like brainwallet was hyped up. and it is not just about the fee, it is about the fact that people don't make mistakes like that anymore. not to mention that it is unethical since you would be stealing other people's money!
but it could be as a white hat thing like what Johoe did back in the days with blockchain.info mess-up.

BTCW

copper member

Activity: 193

Merit: 235

Click "+Merit" top-right corner

Quote from: btc_angela on June 16, 2020, 11:15:12 PM

Quote from: pooya87 on June 16, 2020, 10:56:18 PM

Quote from: dsa90 on June 16, 2020, 12:54:08 PM

Round 2:
https://btcleak.com/2020/06/16/steal-our-bitcoin-again/

the amount they have put in those addresses is too tiny that it is not even worth the time trying to create the transaction claiming them let alone writing some code that searches for the hashes and finds the correct key. for 10k satoshi or 90 cents i won't even open my Visual Studio...
and again this has nothing to do with SegWit!

Hahaha, yeah, when I try to look at the rewards, it seems that they have reduce it dramatically that's why those bots didn't even bother to make any effort or at least the people behind. Perhaps the OP was amaze on how the first bounty was sweep in literally in seconds. Not worth a try, as @pooya87 have said.

This frames it. 10k satoshi isn't worth it. Which is part of the question, I guess. Are the bots worth it? They are clearly advanced and quick. Must have taken some time and effort to code, precalculate store and query billions of hashes, and require server and electricity costs to keep going. The "most successful" bot paid 85% in transaction fees, so those 90 cents became 13.5 cents...

btc_angela

hero member

Activity: 2604

Merit: 542

Quote from: pooya87 on June 16, 2020, 10:56:18 PM

Quote from: dsa90 on June 16, 2020, 12:54:08 PM

Round 2:
https://btcleak.com/2020/06/16/steal-our-bitcoin-again/

the amount they have put in those addresses is too tiny that it is not even worth the time trying to create the transaction claiming them let alone writing some code that searches for the hashes and finds the correct key. for 10k satoshi or 90 cents i won't even open my Visual Studio...
and again this has nothing to do with SegWit!

Hahaha, yeah, when I try to look at the rewards, it seems that they have reduce it dramatically that's why those bots didn't even bother to make any effort or at least the people behind. Perhaps the OP was amaze on how the first bounty was sweep in literally in seconds. Not worth a try, as @pooya87 have said.

pooya87

legendary

Activity: 3444

Merit: 10558

Quote from: dsa90 on June 16, 2020, 12:54:08 PM

Round 2:
https://btcleak.com/2020/06/16/steal-our-bitcoin-again/

the amount they have put in those addresses is too tiny that it is not even worth the time trying to create the transaction claiming them let alone writing some code that searches for the hashes and finds the correct key. for 10k satoshi or 90 cents i won't even open my Visual Studio...
and again this has nothing to do with SegWit!

dsa90

newbie

Activity: 3

Merit: 1

Round 2:

https://btcleak.com/2020/06/16/steal-our-bitcoin-again/

BTCW

copper member

Activity: 193

Merit: 235

Click "+Merit" top-right corner

Quote from: suzanne5223 on June 14, 2020, 06:50:30 PM

Quote from: dsa90 on June 14, 2020, 05:10:48 PM

If it's true the addresses are simple P2WPKH and they are simple brainwallets, all you gotta do is use Brainflayer that's been upgraded to work with segwit

Firstly, the assignments posted by the OP was not about telling the Pay to Witness Public Key Hash of the wallet but empty all the coins in the 7 wallets and from the look of things 5 of the wallet address are exchange wallet which i don't think it possible/easy for you to empty it as claimed by the OP.

Turns out all 10 public addresses were P2WPKH. 5 P2WPKH-P2SH ("3") and 5 native P2WPKH/Bech32 ("bc1").

dsa90, have you modified Brainflayer to work with segwit addresses, or was it a wish? If you have the code, please make it public!

Bitcoingirly123

newbie

Activity: 4

Merit: 0

The link in the OP has been updated with details. Wow! Funny that they mention Brainflayer as the recommended vector, which requires offline analysis. Much slower than online bots that constantly scan the mempool. Would be interesting to see a next round with more difficult passwords that aren't found in any list from for example hashes.org, but not superhard for tools like hashcat. Like "MyPrivateWallet2020". Will the bots steal those too in seconds? If they can, it means they must have tables of billions of hashes and are able to search them superfast. What do we know about these brainwallet bots, have any codes been publishes? Thanks.

RXUser

newbie

Activity: 7

Merit: 5

It is possible that a bot can double spend any transaction if it manage to find the private key within a few seconds from the time that transaction shows up in the mempool ? (there's some addresses in the 32 Bitcoin Puzzle that if we know the pub key for those addresses we can find the private key in less than 30 seconds)

pooya87

legendary

Activity: 3444

Merit: 10558

there are always bots on bitcoin network watching the known keys such as the ones from weak brainwallets that these newbies in that link you posted were using. it is obvious that it will be claimed quite fast (a couple of seconds after the transaction was published to the network).

BTCW

copper member

Activity: 193

Merit: 235

Click "+Merit" top-right corner

Wait a minute.... all 10 addressers were robbed within ONE minute by someone (a bot obviously) paying insane tx fees....

That was the end of that, I guess.

suzanne5223

hero member

Activity: 2590

Merit: 650

Want top-notch marketing for your project, Hire me

Quote from: dsa90 on June 14, 2020, 05:10:48 PM

If it's true the addresses are simple P2WPKH and they are simple brainwallets, all you gotta do is use Brainflayer that's been upgraded to work with segwit

Firstly, the assignments posted by the OP was not about telling the Pay to Witness Public Key Hash of the wallet but empty all the coins in the 7 wallets and from the look of things 5 of the wallet address are exchange wallet which i don't think it possible/easy for you to empty it as claimed by the OP.

dsa90

newbie

Activity: 3

Merit: 1

If it's true the addresses are simple P2WPKH and they are simple brainwallets, all you gotta do is use Brainflayer that's been upgraded to work with segwit

BTCW

copper member

Activity: 193

Merit: 235

Click "+Merit" top-right corner

A friend asked me to share this Bitcoin bounty that was published only a few minutes ago

https://btcleak.com/2020/06/14/steal-our-bitcoin-a-small-segwit-bounty/

It's about hacking 10 addresses for a total of 0.001 BTC. A number of clues are given by the creator. I'll give it a try myself. You too? Good luck!

Topic: Hack 10 "easy" segwit addresses - Bitcoin bounty (Read 511 times)