Author

Topic: It appears BurtW had his BTC/CLAM addy private key collide with a Dogecoin addy. (Read 602 times)

legendary
Activity: 2940
Merit: 1333
Your crypto currencies are still safe from collisions...

... unless you use a brainwallet.

Thanks for posting the conclusion to this little drama.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Did you try using clamaddress.org instead of bitaddress.org? That will give you the hex bytes which you can then put into bitaddress. But you should just end up with the BTC address and privkey you already have.

Thanks!  Mystery solved.  I did the following:

1  On my CLAM wallet:          dumpprivkey xWAS3PbHr3FBdLsV1s8UYKuwXaJWMsTcjw
2  Result is:                  Lh7Zb7kRDPx49HwZaefEbWz1duS3ofGDDPFpqAR6kGheH49fU1S3
3  On ClamAddress.org entered: Lh7Zb7kRDPx49HwZaefEbWz1duS3ofGDDPFpqAR6kGheH49fU1S3
4  Result is:                  1DAEBDD0A5D524ED3AE5CD301F00017E21574013DC916206183F447F6B8EED26
5  On BitAddress.org entered:  1DAEBDD0A5D524ED3AE5CD301F00017E21574013DC916206183F447F6B8EED26
6  Result is:                  KxDQjJwvLdNNGhsipGgmceWaPjRndZuaQB9B2tgdHsw5sQ8Rtqje
7  On Google entered:          KxDQjJwvLdNNGhsipGgmceWaPjRndZuaQB9B2tgdHsw5sQ8Rtqje
8  Result is:                  https://github.com/libbtc/libbtc/blob/master/test/tool_tests.c
9  On Google entered:          1DAEBDD0A5D524ED3AE5CD301F00017E21574013DC916206183F447F6B8EED26
10 Result is:                  http://www.apexforum.com/threads/re-bitcoin-technicalties.286/
11 On Goolge entered:          1Nro9WkpaKm9axmcfPVp79dAJU1Gx7VmMZ
12 Interesting result:         bayareacoins


In fact this is just our old friend the "crazy horse battery staple" example for the BIP32 Deterministic Key Generator.

From tool_tests.c

Quote
size_t pubkeylen = 100;
    char pubkey[pubkeylen];
    u_assert_int_eq(pubkey_from_privatekey(&btc_chainparams_main, "KxDQjJwvLdNNGhsipGgmceWaPjRndZuaQB9B2tgdHsw5sQ8Rtqje", pubkey, &pubkeylen), true);
    u_assert_str_eq(pubkey, "02fcba7ecf41bc7e1be4ee122d9d22e3333671eb0a3a87b5cdf099d59874e1940f");

From http://www.apexforum.com/threads/re-bitcoin-technicalties.286

Quote
1.) Each payment address consists of a public / private key-pair. For example:

ADDRESS: 1Nro9WkpaKm9axmcfPVp79dAJU1Gx7VmMZ
PUBLIC: 02fcba7ecf41bc7e1be4ee122d9d22e3333671eb0a3a87b5cdf099d59874e1940f
PRIVATE: 1daebdd0a5d524ed3ae5cd301f00017e21574013dc916206183f447f6b8eed26

This is a very public private key.

So, I expect that at some point I used this private key for testing or something in a BTC wallet and it got imported into my CLAM wallet or I imported it directly into my CLAM wallet on a whim or for a test (it has been a while).  It is a known fact that people have used this private key and actually done BTC transactions using it.  And finally someone else used this private key in a DOGE wallet and did some transactions with it and this person also imported this private key into their CLAM wallet to claim their CLAM.

So, as expected, I shot myself in the foot and made a big public splash about it.

Your crypto currencies are still safe from collisions...
legendary
Activity: 2940
Merit: 1333
Is there any way I can see if a private key was imported into my CLAM wallet versus having been generated by the wallet?  That would help.  If I imported this private key that might explain some of the mystery.

What if you use the "dumpwallet" RPC call. It shows a date next to each address along with other information.

Next question:

I did a dumpprivkey on the CLAM wallet and got the private key.

However, when I go to BitAddress.org and enter it I get "The text you entered is not a valid private key, Version 133 not supported"

Is there anywhere I can decode the private key and get the HEX bytes?

It starts out correct:  Lh7Zb...

Did you try using clamaddress.org instead of bitaddress.org? That will give you the hex bytes which you can then put into bitaddress. But you should just end up with the BTC address and privkey you already have.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Next question:

I did a dumpprivkey on the CLAM wallet and got the private key.

However, when I go to BitAddress.org and enter it I get "The text you entered is not a valid private key, Version 133 not supported"

Is there anywhere I can decode the private key and get the HEX bytes?

It starts out correct:  Lh7Zb...
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
I am having a very hard time believing this is an actual private key collision, especially since it appears to have happened twice with this same private key.  When I get a chance I am going to look at the actual private key and see if it is "special" in some way.

The most likely scenario is that I screwed up and shot myself in the foot - somehow.  But, so far, I have not been able to come up with any theories as to how I did that.

Is there any way I can see if a private key was imported into my CLAM wallet versus having been generated by the wallet?  That would help.  If I imported this private key that might explain some of the mystery.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
I thought all those probabilities said this was unlikely, 256-bit private keys, 160 bits for ripemd160.
legendary
Activity: 4004
Merit: 1250
Owner at AltQuick.com
The title of this thread is a bit misleading.  It should probably read "It appears BurtW had his CLAM address private key collide with a Dogecoin address". Maybe we can get it changed.

I've changed the title, but I've left BTC in the title because it did involve Bitcoin and mods here are quick to shit can posts that maybe relevant to Bitcoin.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
The title of this thread is a bit misleading.  It should probably read "It appears BurtW had his CLAM address private key collide with a Dogecoin address". Maybe we can get it changed.

tldr: It appears to me that the same private key was generated by someone else's DOGE wallet and my CLAM wallet and may have also been generated by a BTC wallet.  So the provable collision is between my CLAM wallet and someone else's DOGE wallet.

I have 26 CLAM addresses where I claimed CLAM using an old BTC address.

Just to make sure I am not losing my mind I went to Just Dice and did the /addr check on all 26 addresses.

In all cases I got the expected result:
  
  • The BTC address shows my activity from 2014
  • The CLAM address shows my recent activity
  • There is no activity on the LTC address
  • There is no activity on the DOGE address

There is something very strange and fishy about the private key for xWAS3PbHr3FBdLsV1s8UYKuwXaJWMsTcjw.  You do not have to take my word for it, you can see for yourself.  Go to the chat room at Just Dice and type in "/addr xWAS3PbHr3FBdLsV1s8UYKuwXaJWMsTcjw" then open up separate browser tabs for the four addresses calculated.

  • The BTC address shows activity from 2015-06-29 to 2017-05-19 which is not mine
  • There is no activity on the LTC address, the only expected result
  • The DOGE address shows activity from 2014-05-10 to 2015-12-28 which is not mine
  • The CLAM address shows the claim activity from 2015-01-21 which is not mine
  • The CLAM address also shows the recent activity from 2017-10-26 13:35:44 where I sent 25 CLAM and then 2017-10-31 14:16:16 when the 25 CLAM were moved by the other owner of the private key

So unless the owner of the DOGE address that claimed the CLAM address are the same person as the owner of the BTC address and that person used the private key for his DOGE address to create a BTC address on purpose, then this specific private key has collided twice.
legendary
Activity: 4004
Merit: 1250
Owner at AltQuick.com
Against all odds I believe I have proof of a private key collision!

It all started when 25 CLAMs just up and left my wallet without my permission.

The transaction is shown here.

Notice that my 25 clams left my address of xWAS3PbHr3FBdLsV1s8UYKuwXaJWMsTcjw and ended up at the new address of x8f8YKkNJk6mU92ZmerhWqwqqvZKnTaZ9Y where, at the time of this post, they sit.

The source address is valid and is mine:

Quote
validateaddress xWAS3PbHr3FBdLsV1s8UYKuwXaJWMsTcjw

{
"isvalid" : true,
"address" : "xWAS3PbHr3FBdLsV1s8UYKuwXaJWMsTcjw",
"ismine" : true,
"isscript" : false,
"pubkey" : "02fcba7ecf41bc7e1be4ee122d9d22e3333671eb0a3a87b5cdf099d59874e1940f",
"iscompressed" : true,
"account" : "Stake 43"
}

The new address is valid and is not mine:

Quote
validateaddress x8f8YKkNJk6mU92ZmerhWqwqqvZKnTaZ9Y

{
"isvalid" : true,
"address" : "x8f8YKkNJk6mU92ZmerhWqwqqvZKnTaZ9Y",
"ismine" : false
}

Digging into the source address we find that it was originally funded in the airdrop:

Quote
Date   In Block   Transaction ID   Sent   Received   Total Minted   Total Change
31 Oct 2017   1753170   e33f67ae6a7c48e47e01ed9e10a6811c7fccd4ffd29ad0875064462079076a76   25.0000 (0.013 BTC)   0.0000 (0.000 BTC)   0.0000 (0.000 BTC)   -25.0000
26 Oct 2017   1745987   29f0acb9a407110f3f669f37457d8db0b3eb5ad4879e64947860172a62175279   0.0000 (0.000 BTC)   25.0000 (0.013 BTC)   0.0000 (0.000 BTC)   25.0000
21 Jan 2015   305965   09d59571fa24ab78c29d06df5f68574997a0990010d1d78978fc4efa24568000   4.6055 (0.002 BTC)   0.0000 (0.000 BTC)   0.0000 (0.000 BTC)   -4.6055
16 May 2014   2091   ccac1b2ef05dd9054ffa8bb814cdc9bfb66df6e9aba826bfde11173036a78bc9   0.0000 (0.000 BTC)   4.6055 (0.002 BTC)   0.0000 (0.000 BTC)   4.6055

This means that the CLAM private key is either a BTC, LTC, or DOGE private key.

FACTS:  I have never owned LTC or DOGE and I only imported BTC private keys into my CLAM client.  The three possible source addresses for the airdrop are:

Quote
22:19:55 INFO: CLAM: [xWAS3PbH] has the same private key as: BTC: [1Nro9Wkp], DOGE: [DSztgmhT], and LTC: [Lh5kQj4e]

Remember, I only imported BTC private keys.  Therefore the only key that could have been mine is the private key for the Bitcoin address of 1Nro9WkpaKm9axmcfPVp79dAJU1Gx7VmMZ

Taking a closer look at that address you will see that the first transaction made on that address was on 2015-06-29 20:35:06.  Therefore this could not have been the address used to claim the CLAMS.  Also, I do not recognize this address as one of mine and my first CLAM transaction was on 4/19/2017 so I could not have moved the claimed CLAMs off the address on 2015-01-21 19:42:08!

My conclusion is that this address is an address that was generated by my wallet that collided with all this past activity.

The person that owned the DOGE address DSztgmhTsjfS7xxDPyVNeunmBbjaJMfz92 is the person that claimed the CLAMs and them moved them on 2015-01-21 19:42:08.

My client appears to have generated the same private key!

I expect this person noticed 25 CLAMS magically appear in their wallet and then moved them to another address.

I must have incredible luck - which I hope will someday translates into a win in the lottery Wink

If you owned the DOGE address DSztgmhTsjfS7xxDPyVNeunmBbjaJMfz92, used it to claim CLAMs back in 2015, saw 25 CLAM magically appear in your wallet 2017-10-26 13:35:44, moved them 2017-10-31 14:16:16, and are feeling honest or guilty about it let's talk.

I would love another explanation.  Right now I am out 25 CLAMs.

https://bitcointalksearch.org/topic/m.23853363
Jump to: