Topic: I hacked (database) Bitcoin private keys but i cant get the money out :( ????? ? (Read 31007 times)

OP hasn't been online for 2 months (with that account anyway).

take these also https://bitcointalksearch.org/topic/1-1179542

Thanks for making me laugh mate!

I could tell you but i would consider that immoral to steal money from other businesses.
Create your own and stop stealing money that is not yours!

@op you are a BIG IDIOT so steal money/bitcoins!

You Won't Be able To Spend Them Because They Are Already Double spent. Moreover If you Try to Sweep Those Private keys you would Get An error Like Output Value> Input Value.

No. There is no "balance". Think of bitcoin like lumps of gold. A transaction is like melting one or more old lumps of gold into one or more new lumps of gold. In this case we have gold dust and if you want to melt them into something bigger you need to create a transaction that does so. It does not happen automatically in your wallet and it does not happen over time either. To create a transaction that melts 200 inputs of 1000 satoshi each into a single one of 200,000 satoshi has a size of (roughly) 200*180 (per input) + 1*32 (per output) + 10 byte (for the rest of the TX) = ~36044 bytes. A good fee is 10,000 satoshi per 1000 bytes or in this case 360,000 satoshi, but we only have 200,000 satoshi to use. Even if we use 90% of all inputs as fee (180k satoshi), we are still only at half of the suggested fee. This can work under "normal" circumstances. When there is a bit of room left in blocks every now and then. A miner will eventually put such a TX into the block even though its fee is a bit low. A low fee is better than no fee. Now durring the spam, most fees where high thus it was extra difficult to get such a TX confirmed.

I hope this helps to understand the problem. "Income" from faucets often is very similar even though they send amounts bigger than 1000 satoshi.

Can these addresses be the ones that were created for spamming the bitcoin network? I don't understand how it works but i read it was something like that:

The spammers created addresses with a little bit of coins on it but with huge transactions. People claimed those addresses but in fact they should have to pay more coins in fees than the amount of coins on the address is worth. So they would help spamming the network.

Though i wonder how it works since the coins should be one value now and an outgoing transaction should be small. Anyone knows?

Edit: I see now it's already mentioned but i'm still puzzled why these transactions are expensive because the coins should be on one address now. And they are spent from there then. One amount isn't it?

this is exactly what they are aiming to do.

a couple of days back i saw a somewhat similar post on reddit with a single private key of one of the addresses that was involved in the attack. the person posting the key was claiming to be a newbie and begged people not to steal the bitcoin but to help him with the balance!!
then after checking his history i saw that he released more than hundreds of bitcoin private keys of addresses which were involved in the spam attack.

that day blockchain.info service was messed up and gave every user a time out (max request achieved)

I tried pywallet. Seems like it isn't suited for the last version of Bitcoin Core. Now it just shows a lot of N/A transactions, instead of the dust transactions.
Are there any other tools for that?
(I backuped everything so no real harm done)

My wallet.dat I backed up 6 months ago, has ~ 5 MB
The file with the stolen keys in it has ~ 91 MB
and the file I edited with pywallet also has ~ 91 MB

I am trying a backup-file. It is rescanning.
I don't really use Bitcoin Core much, there isn't much money on it(I have most of it in Paper Wallets and some on Mycelium). So I thought there couldn't be much harm in trying that out.

Edit:
Backup looks fine, there is my transaction from 2 days ago in there, only my labels are gone.

Well its a bit late, but you can safely "play" with bitcoin core. Just close it, rename your wallet.dat to e.g. wallet.dat.regular (or something like that) and let bitcoin core generate a new wallet for you to play with. Once you are done you can rename/delete/whatever the play wallet and just rename your regular wallet file.

uhh, maybe will be better to send your BTC to some temporary address first and then play with pywallet and delete related keys.

but I would suggest to simply delete dat file (once you will send BTC to temp address), let generate bitcoin core new address (by restart the client) and then send it back from temp one. anyway, for similar purposes like playing with all this stuff (like importing unknown private keys), just use some online wallet or install electrum/multibit. is quite dangerous to play with this anyway..

You need to use pywallet to open the wallet.dat file and delete the keys.

So, I imported 2 of this private keys in Bitcoin Core.
I guess that was not a smart move.
Can anybody tell me, how I delete them again. My transaction history looks horrible.

To anyone actually considering to buy the private keys off of the OP - you are most likely going to effectively get scammed because the inputs will most likely be unspendable.

To anyone considering to help the OP spend his funds - if the inputs are all .00001 then you more likely then not will not be able to spend any of the inputs for a long time, if ever, and if you eventually can spend the inputs, there is the possibility that someone else with the private keys will attempt to spend them. If the inputs are at least .0001 each then it may be possible to spend them, however the process will probably not be worth your time.

The OP is most likely (IMO) an alt of whoever is behind the stress tests. I am also going to speculate that these private keys are being released to put additional "stress" on various bitcoin related services, causing them to be less reliable. For example, after these private keys were released, many people probably accessed brainwallet to try to spend inputs from one (or more) of the private keys, and brainwallet will, by default try to download a list of unspent outputs from blockchain.info, and once they have created a signed transaction, brainwallet will attempt to push the transaction via blockchain.info's pushtx page (via their node). I would also think that many people would visit blockchain.info (it being the most popular AFAIK block explorer) to review the address's transaction history, and the transaction history being very long, will use more of their resources then someone visiting a "normal" address's transaction history. These are just two examples of how blockchain.info would become "stressed" as a result of this, and I am sure there are other examples for both bc.i and other bitcoin related services.

I would not recommend anyone trying to loan such a wallet file on your computer or your node. I have had such a file loaded as my wallet.dat file on my node (for security reasons, I do not keep any personal funds stored on my node) since this weekend, and I believe it has negatively affected performance. bitcoind crashed one time yesterday and twice today. After it crashed the most recent time, I checked the debug.log file and there were over 20k entries over the past ~5 hours, probably 2/3 of which were errors of transactions being relayed whose inputs were already spent and the other third of which were it logging transactions into the wallet. This is obviously taking up a log of valuable resources.

To fight the above issue, I changed some settings (less free transactions per minute), and deleted the wallet file with the spam addresses attached to it.

I was told that brainwallet was able to pick up 40 inputs at a time and even create a signed, raw TX out of those. The problem is that you need to get it to a miner and due to the low inputs (1000 satoshi each) you cant actually pay a high enough fee currently.

101 private keys with ~450k inputs total IIRC, 450k*180 byte per input = 81,000,000 bytes, thats ~81 full blocks.

At the same time though the number of unconfirmed TX keep rising.

I tried to spend some of them with brainwallet.org/#tx, but it seems brainwallet is unable to load the UTXO itself. Probably brainwallet uses blockchain.info node and there node is already informed about the multiple Tx trying to spend the same UTXO. Hence brainwallet is showing balance of each address as Zero. I wish, these spam gets picked up by some miner quickly before they clog up the N/W again.

They are involved in the spam attack and I tried to spend them myself, the full list includes 101 private keys. I have a >110 MB[1] bitcoin core wallet.dat that was up to date a few days ago. Without the help of a miner or other inputs you can use they are impossible to get confirmed. You can try to spend them, but even 90% fees (e.g. 100 inputs with 1000 satoshi each and 90k satoshi fee) did not confirm for me. I doubt this will be different for anyone else.

AFAIK bitcoin core is the only wallet that can handle the amount of TX btw. Normal memory usage is ~400 MB, with that wallet file it went to ~1.2GB. It constantly froze when using the UI and locked up for ~2 minutes with 100% CPU load on a single core (i5 3.2Ghz). It responded fine via RPC calls, but as I said I did not manage to get confirmations. The same private keys are also heavily used by at least two different parties, which makes selecting inputs via RPC call a hassle. It happend more often than not that an input was already used when the script returned a TX ready to get signed.

I know that someone[2] was able to spend a few of the inputs with the help of a mining pool, but the amount of work needed for that was on "faucet level". The mining pool also asket them to stop pushing the TX directly to them. To the best of my knowledge said mining pool is currently using these private keys to create blocks with a single TX that removed as much of the spam inputs as possible. I didnt check up on the situation recently though, so take that information with a grain of salt as its possibly outdated.

Disclaimer: If you PM me for the wallet.dat file or the list of private keys you will be ignored and possibly reported. They are public knowledge, get them yourself.


[1] for comparisson: my regularly used personal wallet is <3MB.
[2] that someone is active here and can speak up if they want I will not name them.

most likely people would just stay away from this type of activity due to the over board questions of this individual asking for help but still able to ripoff some private keys.