Topic: Private keys posted on Bitcointalk (Read 1039 times)

Details of this one item:

WIF uncomp: 5JgC6gcHCkyBqmgbyarpFHBHzpfNkZYKNJA3piM42ZYbvCUc1fW
WIF comp: L11yz5piWu4zrGDoNkSsY2QS2DNP1GdE4ziwTbVWMteV7g7f8RhP
addr uncomp: 1LxPSrR3t8mFLKKsb8W3PxBP77WDmxWPyK
addr comp: 17iXQPBDASPrfN3tQfGEMhBZN3Rreuz6vW
pubkey 130: 04D23B03FFF149F69CC9C5813B1F2F4550DF93E44CE3D2E273C18653A71DF454662805C0F759799 F1E84D4DEAD60F1C4E5C0E023B8916D4FA62C5D02A8F47DD5F5
pubkey 66: 03D23B03FFF149F69CC9C5813B1F2F4550DF93E44CE3D2E273C18653A71DF45466
pvk: 7151048F7EDC2AB2399C0FD0B0DCE404F06231FB8EB44616454D6B2D7EE28876
there was balance - https://www.blockchain.com/explorer/addresses/btc/1LxPSrR3t8mFLKKsb8W3PxBP77WDmxWPyK
no balance - https://www.blockchain.com/explorer/addresses/btc/17iXQPBDASPrfN3tQfGEMhBZN3Rreuz6vW

other addresses:
17iXQPBDASPrfN3tQfGEMhBZN3Rreuz6vW
3QvHnN5f1ky5Yg3tmozee7oeKeLtT2MAyT
bc1p83e0jgs402g4wg86w6h5yjtuk0d8v83wyrchrxu45n8a4nn9tt4sg9gt3c
bc1qfx4nqweynxuts7y98umdgxtqvh0n68d38dqw6y
bc1qmtjqz22jnfeze9nzzqxc0dsr9mk8qw3vw02fcs

We all know "not your keys, not your coins", but some people are just not made for that. Even this year, someone sent $224 to this address. Thanks to full RBF, most of it is burned as miner fees (1,293 sat/vbyte) and whoever drained it only got $21.

So you're saying you copied a private key from a website, but you may be wrong that such sites exist? Must reach that signature quotum, right?
I've removed your post. This board is not for discussing centralized shitcoins.

There are bots that I believe are just built for such activity. I have encountered one myself with a friend's wallet, which got compromised due to his carelessness running after airdrops. Once you make any single deposit to withdraw whatever you have in that wallet, the bot will automatically move the funds over to another wallet, and in most cases all the transactions are sent to just one wallet. 
 
Recently, there is one new but old pattern of scam where the scammer will post their seed phrase online with a good amount of holding on them, and when you try to send a gas fee on whatever network the fund is located, it's either automatically moved out or you can't even move it out yourself because you don't have the complete access key to carry out such a transaction.

I remember once participating in a discussion on Facebook and a member posted a WIF private key as a joke, when I went to import this private key into Electrum, the server took several minutes to synchronize, as there were more than 800 incoming and outgoing transactions.

When I saw this post, I remembered all the lore surrounding this address, it's a private key of a standard brainwallet, probably with an empty string.

Addr I'm referring to:


This address once received 50BTC, it is not known if it was a donation or a mistake that some unlucky person made.


From time to time someone sends some sats to this address and it is emptied instantly, it's certainly monitored by monitoring bots.

It could also be someone practicing dusting attacks...

I am gathering many things related to Bitcoin (WIFs, addresses, pvks, pubkeys, seeds hex, mnemos) and surroundings and as I can recall I was converting addresses<=>WIFs when I stepped into that 5JgC6gcHCkyBqmgbyarpFHBHzpfNkZYKNJA3piM42ZYbvCUc1fW WIF.

As I remember it was some stupid conversion like making WIFs from addresses or the oppostie using Base58Check both ways and so on.

That's all the story.

It looks like this is becoming a reality:

Well, It's not about more power, of course anyone could use hundreds of high end GPUs to solve for example #125, the point is to find a way to solve it with the help of mind not silicon. Now that you said it, $25M is too much yet very little to spend for safety analyzing.

I wish I knew how to automate and sort data processing like you, lol I have millions of public keys I just look for collisions with my eyes.🤣

I knew the puzzles, but didn't catch the upgrade. For who also missed it: this transaction sent about $25 million to these addresses. That makes it worth it to allocate much more processing power to cracking the puzzles.
Crazy

I thought you already know about the puzzles? https://bitcointalksearch.org/topic/m.62098742

Link?

Yeah, a lot of other things happened that day, for example the same certain someone (Satoshi) sent around 900 bitcoins to puzzle addresses to increase the prize of solving them, and you know how he is, he likes to tip people with Gs, $. 😉

On April 16, someone sent 0.09BTC to an address with publicly known private key. It disappeared instantly with a $12 fee. Someone earned stole $2700 from this.

Actually.. that is a good reminder and insight. I will make sure we never spam crypto audience.

I'm not in the business of spamming people.

have you tried collecting all 'email addresses' posted on bitcointalk including the ones in spreadsheets? some of them include emails

it is legal as posted on public and good for cold emails

If you send funds to a compromised address, RBF doesn't matter. The thief uses CPFP and will turn off RBF (in his transaction) to prevent another thief from outbidding him.

What happens if you send some coins and turn off RBF, only the first thief could get them right?

Unlikely.
It's much more likely someone did something dumb, and many bots tried to sweep the coins at the same time. One of them was fastest and got the money.

Maybe the same guy who sent the coins to the exposed private key address, he himself swept the coins again. Maybe he's doing that for fun to create drama. Because the coins are swept instantly. Not even a minute after the receiving the coins

Yesterday, 1BoatSLRHtKNngkdXEeobR76b53LETtpyT received 0.02429915BTC, which was instantly swept with a 0.001BTC fee.

I tried something new: I pruned Bitcoin Core to 20 GB, then imported the list of private keys, and did a rescan on the past few months. This shows only the recent transactions, and as a result the wallet is 11 MB instead of 2 GB. Bitcoin Core now works as expected without getting too slow to use.

Right when I wanted to post this, a "fatal error occurred" and Bitcoin Core crashed. The debug.log doesn't make sense:
After reloading, it works again. I've never seen this before.

Someone who introduced me to this forum explained to me back then how he lost everything just by not being careful enough and posting a private key on the proof of authentication instead of a public address and also making the same mistake on the bounty form. 
Mistakes happens that's when one is not careful enough and sometimes they are also voluntery action where the posted wants peoples attention to the wallet, in some cases they fund the wallet with huge either ERC-20 tokens which will require anyone who want to move the send in some gas fee which will immediately be moved by the original wallet owner. In some cases, they are addresses, which make use of more than just a phrase to authorize outgoing transactions. I don't know how they do that, though.
I believe in the case of this nature, it's a mistakenly posted wallet, which has many eyes on it, and because of the constant transactions, lots of bots might have been installed to move out all confirmed transactions immediately. 

I hadn't realized this until you posted it. It makes sense, and they don't even need the mempool anymore, all they need to check is every new transaction the moment it first arrives. So that's at most 7-ish transactions per second, or better: every xxx milliseconds a new transaction arrives, and they check them instantly (one at a time).
Kinda like BitBonkers, but with sweeping instead of visualizing.

Almost certainly. They don't need a wallet in core, and indeed, they don't even need a full node. A pruned node would suffice. They don't care about blocks or historical transactions at all - by the time a transaction is in a block it is already too late for them to steal. All they really care about is a way of maintaining a well connected mempool in order to quickly receive any newly broadcast transactions. For each incoming transaction, they will presumably have something like a huge lookup table database combined with one or more bloom filters so they can as quickly as possible determine if they have the private key for each address.

That's interesting, I thought Bitcoin Core would be more efficient and effortlessly check new transactions in both mempool and new blocks for the addresses in the wallet with some fast search structure.

Those servers run by hackers who snatch coins that are sent to known private keys must have databases of many millions of addresses, I wonder if they run custom code that is much faster than Core because of its more narrow purpose.

They will trawl forums like this one, Reddit, Twitter, etc., on the hunt for private keys which have been shared. Then they import those private keys in to their software, which generates the corresponding addresses and watches them for any incoming transactions.

Other sources of private keys they could import include hacked cloud storage, hacked password manager databases, hacked email accounts, brain wallets, and so on.

Simply search for any 51 character string beginning with "5", or 52 character string beginning with "K" or "L".

I'm not sure. I guess it's some customized wallet software.

Clams aren't worth much anymore. And I'm pretty sure someone thought of claiming them already

Good point. They're probably being sold already.

It was a nice experiment, I know there were some public "private keys" on this forum but never think they were that big amount.

There is a way that you can make money with them, if they are old keys and moved coins in the past, then you can get clam coins with those keys. You can use the service on Just-Dice for that, or install the core and make the swap direct from there.

And another fun way to make money with that list is by selling it in one of those services that let you sell files or compressed folders for cryptos. For sure some users would be interested in buying that list.

This is interesting. As regular user of crypto I would have never imagined that there is stuff like this. In fact this was new learning for me and made me think I should be extra cautious about my private keys. Anyways, I am guy who after creating an address would think thrice which key is to be shared to public and which one not even when they mention in BOLD which one is private key and public key. Idk, there might be many of such users out there doing the same thing to avoid what has happened / mentioned in the OP.


I am surprised to read this. What kind of systems are these? How are they able to monitor if a private key is leaked or not. Its confusing to understand and it should be known to everyone so that I won't be making the mistake of leaking my private key by accident.

For example, whether it is phishing sites, or a software downloaded from play store, or any browser extension? What kind of monitor? & how does it recognize the gibberish code as pvt key anyways?

That's not going to be easy without manual checks. Many people post keys knowing they're compromised already, or they're partial private keys for (secure) vanity address generation. Many keys gets posted more than once (or quoted), and I don't really want to check 10k+ posts.

I agree with Loyce. If you are already running a device 24/7 anyway to host a node, then it costs you nothing to have a script running on that device watching a database of compromised addresses and waiting to sweep any funds which appear. And when we occasionally see transactions like the one Loyce mentioned of ~0.84 BTC, or the one in the post I linked to above of almost 1 BTC, that is more than enough incentive for several people to continually run bots. Each individual will be hoping that their database contains unique addresses, or even actively seeking out unique brain wallets or less common sources of compromised keys.

considering that there is a lot and more and more talk about security, there are warnings everywhere, "keep safe your PK" or "not your key not your coins", now I'm interested in how effective such a campaign really is.
is it possible to see statistics or a graph of the number of posts with an exposed private key over a period of time? is the trend decreasing or are we talking about wallet security here in vain?

No, that can't happen. Just one bot is enough to take the money, and if nobody runs it, someone will. If it's profitable for one person, someone else will do the same. So even if some people stop their bots, others will join.
It's never going to change: once a private key is compromised, funds will disappear.

Not all transactions are dust.

After a while it makes you wonder if it could actually work the other way. More and more people stop running the bots since it really does become pointless and they are slowly forgotten about.
Kind of like the way junk fax senders have been disappearing. Just no work / no profit and more and more people pursuing legal action against them. They just left the field.

Yes in theory this is 'free money' just by running a script. But the 1st time they go to consolidate all the dust they have since fees ate the rest do they just walk away.

-Dave

I once entered my private key in a Google search field. It's such a common thing to do: "CTRL-V > Enter", and it's gone. The best way to prevent this is by making sure you can't make this mistake: never handle private keys on a system that's connected to the internet.

I was curious about that scenario too. That would mean that (eventually) only miners profit from funds sent to addresses with leaked private keys.

This is definitely the case. I remember a few years ago looking more closely at coins being sent to brain wallets being stolen - https://bitcointalksearch.org/topic/m.46603379. In short, within only one or two seconds of a transaction being made to a brain wallet, there are multiple competing transactions detected by different nodes attempting to sweep the coins to another address. And bear in mind that as soon as a node has seen one such non-RBFed transaction, it will reject all others, meaning that although we may only see 3 or 4 such transactions across the entire network, there are likely many more than that which are being rejected. Given that we know there are multiple bots running with huge databases of addresses from brain wallets, it is only logical to assume their databases also include all leaked private keys and seed phrases they can find as well.

Things will get quite interesting once full RBF becomes commonplace. Any such transaction stealing coins from a brain wallet or leaked private key could be replaced by another transaction, regardless of whether or not is opted in to RBF. We could end up seeing different bots broadcasting more and more replacements, each paying a higher and higher fee, trying to steal the coins for themselves. Since there is no incentive for any one such bot to surrender and let another bot win, then such transactions could just escalate until the entire value (or close to it) is paid in fees.

FYI, Bitcoin Core load whole wallet to RAM which may be reason of long loading time[1].


And with HEX, i expect you'll receive many false positive since 64 character HEX also mentioned as hash of a file, as block hash, as TXID or explaining SHA-256.


That doesn't make sense. Bitcoin don't have smart contract which can be used to perform scam through sharing recovery/mnemonic words.

[1] https://bitcointalksearch.org/topic/m.60252176

I've made such mistake some years ago when I was really new to crypto. I wanted to send someone my wallet address and I mistakenly sent him my private keys and I was lucky I noticed it before the recipient got the message. I quickly had to transfer my funds to a different wallet and forfeited that very wallet.

It is advisable to always have a clear head when performing sensitive transactions to avoid making costly mistakes.

Did you click the first 2 words of this topic?

Coming from a newbie account? It may be intentional, some greedy members will want to outsmart the poster but the smart will get hunted in the end, I don't go after people's private keys or recovery seeds when I see them online, I believe no one is stupid enough to post them online, they did it to lure greedy people.

I wonder if the forks get claimed at the same time too or if you checked any of them (similar to what neurotic said, an ethereum private key can look similar to a bitcoin one).


I think they scan in advance to see how big your wallet gets (somehow) or at least decide to load a certain number of addresses (via a tree) and decide if the tree is too big to process or not (whatever it is, it's kept those servers very fast).

My list is indeed not complete. I didn't search for Hex keys either, only WIF.

I didn't search for altcoin private keys.

That must be why the wallet grew to 2.2 GB. With just private keys, it was only a few MB.

I think that the number is bigger, since some have posted them as images which you could not "scan".

Even more, in some cases I remember there was a scam spree of posting "by mistake" ETH private keys for wallets containing tokens and no ETH. Obviously, at funding a smart contract was sending the ETH away.
So it was not only mistakes.


Impressive! I've intended a similar test some years ago with Electrum (my set was much smaller and I don't even remember if I've done my test with keys or just addresses). But for some addresses the number of transactions was too big and the Electrum servers were cutting me off (I knew less back then). So I've abandoned the idea of watching those. However, I've noticed even back then that even if some addresses were known to be leaked and unsafe, some people still were playing with them long afterwards (by funding with small amounts). But I was not aware of huge mistakes like that 0.84BTC... wow...

This post made me curious: how many private keys have been posted on Bitcointalk?
To find out, I searched all downloaded posts (which took hours) for anything that could be a Bitcoin private key. That resulted in 9375 potential keys (not all of them are valid, and no, I won't post the list).
Yesterday, I imported the private keys into a new Bitcoin Core wallet (this took only a few minutes), and did a rescan. This took forever, but was mesmerizing to watch: the balance went up and down by many Bitcoins, and this kept going for hours! I left it to finish overnight.
This morning, Bitcoin Core was hanging. I killed it, restarted it, and it took forever to load the wallet (which had grown to 2.2 GB during the rescan). Eventually, it worked! It's up to date, and the total balance is 0 (as expected). Every few minutes, Bitcoin Core is unresponsive for a few minutes, most likely because of the large wallet combined with a lack of processing power. It's not very nice to work with, and consumes 1 full CPU core.

Scrolling through the transactions, it's obvious any incoming transaction instantly gets sweeped, usually at a high fee. I assume many people have systems monitoring all compromised private keys, and they're competing against each other to steal the funds before someone else does. Back in the days, it happened to large amounts of Bitcoins, but the more recent transactions are mostly small. Except for last month (January 24): this address received 0.84362383BTC, which was instantly sweeped. The private key was posted 2 months earlier:
Someone made a very expensive mistake funding it. I'm hoping pbies can tell me where the private key comes from.

TL;DR
Don't post your private keys! Don't post your seed phrases! Don't try to be smart by creating a brain wallet!

No spam
Self-moderated against spam. Discussion is of course allowed.