Topic: Private keys posted on Bitcointalk - page 2. (Read 1039 times)

Someone who introduced me to this forum explained to me back then how he lost everything just by not being careful enough and posting a private key on the proof of authentication instead of a public address and also making the same mistake on the bounty form. 
Mistakes happens that's when one is not careful enough and sometimes they are also voluntery action where the posted wants peoples attention to the wallet, in some cases they fund the wallet with huge either ERC-20 tokens which will require anyone who want to move the send in some gas fee which will immediately be moved by the original wallet owner. In some cases, they are addresses, which make use of more than just a phrase to authorize outgoing transactions. I don't know how they do that, though.
I believe in the case of this nature, it's a mistakenly posted wallet, which has many eyes on it, and because of the constant transactions, lots of bots might have been installed to move out all confirmed transactions immediately. 

I hadn't realized this until you posted it. It makes sense, and they don't even need the mempool anymore, all they need to check is every new transaction the moment it first arrives. So that's at most 7-ish transactions per second, or better: every xxx milliseconds a new transaction arrives, and they check them instantly (one at a time).
Kinda like BitBonkers, but with sweeping instead of visualizing.

Almost certainly. They don't need a wallet in core, and indeed, they don't even need a full node. A pruned node would suffice. They don't care about blocks or historical transactions at all - by the time a transaction is in a block it is already too late for them to steal. All they really care about is a way of maintaining a well connected mempool in order to quickly receive any newly broadcast transactions. For each incoming transaction, they will presumably have something like a huge lookup table database combined with one or more bloom filters so they can as quickly as possible determine if they have the private key for each address.

That's interesting, I thought Bitcoin Core would be more efficient and effortlessly check new transactions in both mempool and new blocks for the addresses in the wallet with some fast search structure.

Those servers run by hackers who snatch coins that are sent to known private keys must have databases of many millions of addresses, I wonder if they run custom code that is much faster than Core because of its more narrow purpose.

They will trawl forums like this one, Reddit, Twitter, etc., on the hunt for private keys which have been shared. Then they import those private keys in to their software, which generates the corresponding addresses and watches them for any incoming transactions.

Other sources of private keys they could import include hacked cloud storage, hacked password manager databases, hacked email accounts, brain wallets, and so on.

Simply search for any 51 character string beginning with "5", or 52 character string beginning with "K" or "L".

I'm not sure. I guess it's some customized wallet software.

Clams aren't worth much anymore. And I'm pretty sure someone thought of claiming them already

Good point. They're probably being sold already.

It was a nice experiment, I know there were some public "private keys" on this forum but never think they were that big amount.

There is a way that you can make money with them, if they are old keys and moved coins in the past, then you can get clam coins with those keys. You can use the service on Just-Dice for that, or install the core and make the swap direct from there.

And another fun way to make money with that list is by selling it in one of those services that let you sell files or compressed folders for cryptos. For sure some users would be interested in buying that list.

This is interesting. As regular user of crypto I would have never imagined that there is stuff like this. In fact this was new learning for me and made me think I should be extra cautious about my private keys. Anyways, I am guy who after creating an address would think thrice which key is to be shared to public and which one not even when they mention in BOLD which one is private key and public key. Idk, there might be many of such users out there doing the same thing to avoid what has happened / mentioned in the OP.


I am surprised to read this. What kind of systems are these? How are they able to monitor if a private key is leaked or not. Its confusing to understand and it should be known to everyone so that I won't be making the mistake of leaking my private key by accident.

For example, whether it is phishing sites, or a software downloaded from play store, or any browser extension? What kind of monitor? & how does it recognize the gibberish code as pvt key anyways?

That's not going to be easy without manual checks. Many people post keys knowing they're compromised already, or they're partial private keys for (secure) vanity address generation. Many keys gets posted more than once (or quoted), and I don't really want to check 10k+ posts.

I agree with Loyce. If you are already running a device 24/7 anyway to host a node, then it costs you nothing to have a script running on that device watching a database of compromised addresses and waiting to sweep any funds which appear. And when we occasionally see transactions like the one Loyce mentioned of ~0.84 BTC, or the one in the post I linked to above of almost 1 BTC, that is more than enough incentive for several people to continually run bots. Each individual will be hoping that their database contains unique addresses, or even actively seeking out unique brain wallets or less common sources of compromised keys.

considering that there is a lot and more and more talk about security, there are warnings everywhere, "keep safe your PK" or "not your key not your coins", now I'm interested in how effective such a campaign really is.
is it possible to see statistics or a graph of the number of posts with an exposed private key over a period of time? is the trend decreasing or are we talking about wallet security here in vain?

No, that can't happen. Just one bot is enough to take the money, and if nobody runs it, someone will. If it's profitable for one person, someone else will do the same. So even if some people stop their bots, others will join.
It's never going to change: once a private key is compromised, funds will disappear.

Not all transactions are dust.

After a while it makes you wonder if it could actually work the other way. More and more people stop running the bots since it really does become pointless and they are slowly forgotten about.
Kind of like the way junk fax senders have been disappearing. Just no work / no profit and more and more people pursuing legal action against them. They just left the field.

Yes in theory this is 'free money' just by running a script. But the 1st time they go to consolidate all the dust they have since fees ate the rest do they just walk away.

-Dave

I once entered my private key in a Google search field. It's such a common thing to do: "CTRL-V > Enter", and it's gone. The best way to prevent this is by making sure you can't make this mistake: never handle private keys on a system that's connected to the internet.

I was curious about that scenario too. That would mean that (eventually) only miners profit from funds sent to addresses with leaked private keys.

This is definitely the case. I remember a few years ago looking more closely at coins being sent to brain wallets being stolen - https://bitcointalksearch.org/topic/m.46603379. In short, within only one or two seconds of a transaction being made to a brain wallet, there are multiple competing transactions detected by different nodes attempting to sweep the coins to another address. And bear in mind that as soon as a node has seen one such non-RBFed transaction, it will reject all others, meaning that although we may only see 3 or 4 such transactions across the entire network, there are likely many more than that which are being rejected. Given that we know there are multiple bots running with huge databases of addresses from brain wallets, it is only logical to assume their databases also include all leaked private keys and seed phrases they can find as well.

Things will get quite interesting once full RBF becomes commonplace. Any such transaction stealing coins from a brain wallet or leaked private key could be replaced by another transaction, regardless of whether or not is opted in to RBF. We could end up seeing different bots broadcasting more and more replacements, each paying a higher and higher fee, trying to steal the coins for themselves. Since there is no incentive for any one such bot to surrender and let another bot win, then such transactions could just escalate until the entire value (or close to it) is paid in fees.

FYI, Bitcoin Core load whole wallet to RAM which may be reason of long loading time[1].


And with HEX, i expect you'll receive many false positive since 64 character HEX also mentioned as hash of a file, as block hash, as TXID or explaining SHA-256.


That doesn't make sense. Bitcoin don't have smart contract which can be used to perform scam through sharing recovery/mnemonic words.

[1] https://bitcointalksearch.org/topic/m.60252176

I've made such mistake some years ago when I was really new to crypto. I wanted to send someone my wallet address and I mistakenly sent him my private keys and I was lucky I noticed it before the recipient got the message. I quickly had to transfer my funds to a different wallet and forfeited that very wallet.

It is advisable to always have a clear head when performing sensitive transactions to avoid making costly mistakes.

Did you click the first 2 words of this topic?

Coming from a newbie account? It may be intentional, some greedy members will want to outsmart the poster but the smart will get hunted in the end, I don't go after people's private keys or recovery seeds when I see them online, I believe no one is stupid enough to post them online, they did it to lure greedy people.

I wonder if the forks get claimed at the same time too or if you checked any of them (similar to what neurotic said, an ethereum private key can look similar to a bitcoin one).


I think they scan in advance to see how big your wallet gets (somehow) or at least decide to load a certain number of addresses (via a tree) and decide if the tree is too big to process or not (whatever it is, it's kept those servers very fast).