Topic: Thoughts on this private key stealing mystery (Read 23320 times)
Other blockchains outside for bitcoin are also subject to this. I've been able to find some private keys for rippled wallets generating the private key from random and random string generator.
What's amazing is that you can have the private key for those addresses MONTHS in advance of it being used. Those txids are sometimes recorded in the blockchain way in the past. To be clear, this isn't an exploit. I think there is some system out there that possibly isn't initializing memory (or something). So they seem to be creating private keys based on the occasional information found in the blockchain, probably because they are processing transactions and that's what happens to be in memory at the time. But you'd think that after all this time, someone would notice BTC going missing. They get swept instantly though, so good luck trying to capture them.
Are there any instances of this also happening on Forked bitcoin block-chains? If the issue is occurring with Bitcoin, then perhaps it has been ported to other flavours of Bitcoin that have come after it that have been spun out of thin air and are presumably based on the original code. ??
Incredible to think this is still going on today... some 3.5 years after it was initially highlighted by the OP.
I wonder if something is using "random" chunks of data from the actual blockchain data, which is why occasionally we see addresses, txids and blockhashes being used. It's certainly an interesting mystery.
I wonder if something is using "random" chunks of data from the actual blockchain data, which is why occasionally we see addresses, txids and blockhashes being used. It's certainly an interesting mystery.
It's largely because competent wallets would never make a private key by SHA256ing something, instead of generating the random bytes properly. This looks largely restricted to ancient exchanges, web wallets and mining pools running custom software for which they can't be bothered to change it to something safer.
And I wonder if they have any bug bounties for these kinds of security vulnerabilities considering that there was a lot of time (years!) for people to ID these addresses to the major service using them.
Incredible to think this is still going on today... some 3.5 years after it was initially highlighted by the OP.
I wonder if something is using "random" chunks of data from the actual blockchain data, which is why occasionally we see addresses, txids and blockhashes being used. It's certainly an interesting mystery.
I wonder if something is using "random" chunks of data from the actual blockchain data, which is why occasionally we see addresses, txids and blockhashes being used. It's certainly an interesting mystery.
FYI: One of the experiments the OP explained all that time ago is STILL happening to this day. I created my own database and saw these three transactions fly by just in the last few days:
1Kfayq6DeA5SztT79nmX4LFwG2bWmZwYKE derived from txid 40f087dd977495465c75f433772d4f7d07084d3933c4a444198403935f40ceea
19PBWUGcTt4QDi4sCtaogBsn4q58EXKUE8 derived from txid 1d613bce91a4087d78d671442710367350d24e01949d880a81c4a97edfa92a99
1Gs3BeD1TdB85aSy8xvyPegQYaPJUMo2so derived from txid 27c0e69e629658c264da83391b5ab2ccee10ecd357d4da2b4b0e52cd9d7faa9f
(That last one is for 0.11959621 BTC which is over $3k USD at today's prices)
What's amazing is that you can have the private key for those addresses MONTHS in advance of it being used. Those txids are sometimes recorded in the blockchain way in the past. To be clear, this isn't an exploit. I think there is some system out there that possibly isn't initializing memory (or something). So they seem to be creating private keys based on the occasional information found in the blockchain, probably because they are processing transactions and that's what happens to be in memory at the time. But you'd think that after all this time, someone would notice BTC going missing. They get swept instantly though, so good luck trying to capture them.
1Kfayq6DeA5SztT79nmX4LFwG2bWmZwYKE derived from txid 40f087dd977495465c75f433772d4f7d07084d3933c4a444198403935f40ceea
19PBWUGcTt4QDi4sCtaogBsn4q58EXKUE8 derived from txid 1d613bce91a4087d78d671442710367350d24e01949d880a81c4a97edfa92a99
1Gs3BeD1TdB85aSy8xvyPegQYaPJUMo2so derived from txid 27c0e69e629658c264da83391b5ab2ccee10ecd357d4da2b4b0e52cd9d7faa9f
(That last one is for 0.11959621 BTC which is over $3k USD at today's prices)
What's amazing is that you can have the private key for those addresses MONTHS in advance of it being used. Those txids are sometimes recorded in the blockchain way in the past. To be clear, this isn't an exploit. I think there is some system out there that possibly isn't initializing memory (or something). So they seem to be creating private keys based on the occasional information found in the blockchain, probably because they are processing transactions and that's what happens to be in memory at the time. But you'd think that after all this time, someone would notice BTC going missing. They get swept instantly though, so good luck trying to capture them.
Wow 
Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
Amazing, if any of it were true, Upon reviewing this article, I took to myself to spend 1/2 hour and run some of these things, I have a database of 5 million BTC addresses, and every public-key ever used, both hashed and open, and I ran the addresses though the system, I found less than 1,000 addresses have been used as 'seeds', and I found of that only 'one' had ever had a transaction, ... Not VERY INTERESTING .....
IMHO this article is a sci-fi fairy-tale that can be told to bitcoin wannabe's and their boyfriends.
I am afraid arguing "against this" is like arguing against the theory of God.
You cannot prove your point.
There are an infinite number of possible variations on the embedded hints and seeds and secrets.
For example, assume not that "seed" is embedded and with "seed you can discover the private key.
Now consider k=numeric value(seed)+c
Where c is a constant.
Have fun....
Well then goes to show you didn't actually do it yourself your 'god test' is just a mind-test that you decided on your own.
Let's take two test's, one is run through all hashes in the black-chain links and try them as 'used addresses', then hash all the rainbow tables of all human made words 80gb, you will find 1,000's of used-addresses, in the rainbow, and zero in the hash-links.
Why is this? Because of determinism, and entropy, but mostly entropy the rainbow tables is has low entropy, but the links of all blocks is extreme high entropy.
The argument here was high-entropy could lead to high-value keys, and no it doesn't; on the other hand low-entropy will lead you to +5,000 used-addresses, but sadly all the priv-keys were swept years ago.
Lastly, keep god out of this, he already knows you don't know what you think you know.
A few folk asked me if the code for iterating wallets and checking them was available anywhere:
I have it up on github; it has a few other interesting features now like anagrams. It's older code though, python2.7 only. I haven't updated it to Python3.x yet.
https://github.com/induane/walleter
I have it up on github; it has a few other interesting features now like anagrams. It's older code though, python2.7 only. I haven't updated it to Python3.x yet.
https://github.com/induane/walleter
Tell me please. How did you automate this process? What programs did you use? It is also necessary to copy all hashes, check their addresses...
sha256(666) leads to 1Az4F5yC19WZt5XMuc6x11xJM81VcJyHQA which in 2014 received 666 satoshi. Hell, that's funny.
i run my javascript that iam devloping
SHA256 (6)
1JmrvhqYP4EpSRAhuKkn2NtmPvPNCxA9Kd
SHA256 (66)
1NDx9Sw74RYP5EA6iqgb52C97ncswCy2kp
SHA256 (666)
1Az4F5yC19WZt5XMuc6x11xJM81VcJyHQA
Quote
Experiment 4
------------
My last experiment is the one that led me to believe someone was siphoning bitcoin from some service on a regular basis and has been since 2014.
Take a look at this private key:
KyTxSACvHPPDWnuE9cVi86kDgs59UFyVwx2Y3LPpAs88TqEdCKvb
The public address is:
13JNB8GtymAPaqAoxRZrN2EgmzZLCkbPsh
The raw bytes for the private key look like this:
4300d94bef2ee84bd9d0781398fd96daf98e419e403adc41957fb679dfa1facd
Looks random enough. However, these bytes are actually sha256 of this public address!
1LGUyTbp7nbqp8NQy2tkc3QEjy7CWwdAJj
I discovered this by performing Sha256 on all the public addresses I had collected from the setup of my experiments and then seeing if those addresses (from the generated private keys) were ever used. Bingo! Lots were coming up. I searched a fraction of the chain and found dozens. I also found these addresses had bitcoin sent to them very recently (within weeks/days of when I discovered them.)
I asked myself, "Why would someone do this?"
At first, I thought this was someone who thought they could get away with having to remember only one piece of information rather than two. Maybe they have one favorite address/private key combo and derived another from that one? I thought it was possible. You could keep doing this in a chain and derive as many as you wanted and only ever have to remember the first one. But I ruled this out for one simple reason; bitcoins transferred into those addresses were being transferred out within minutes or SECONDS. If someone generated these private keys for themselves, then why would the coins be almost immediately transferred out in every case I looked at?
Here are some more (complete list at end of this doc):
16FKGvEtu5KPMZqiTK4yjmsSZsJLyxz9fr from Sha256(1CRWfJdgVrfKLRS4G3vTMRhEQrCZZyHNMo)
1HwxL1vutUc42ikh3RBnM4v2dVRHPTrTve from Sha256(1FfmbHfnpaZjKFvyi1okTjJJusN455paPH)
1FNF3xfTE53LVLQMvH6qteVqrNzwn2g2H8 from Sha256(1H21ndKEuMqZbeMMCqrYArCdV8WeicGehB)
Note: I skipped experiment no. 3 since it was just a few random inputs not related to information stored in the BTC blockchain.------------
My last experiment is the one that led me to believe someone was siphoning bitcoin from some service on a regular basis and has been since 2014.
Take a look at this private key:
KyTxSACvHPPDWnuE9cVi86kDgs59UFyVwx2Y3LPpAs88TqEdCKvb
The public address is:
13JNB8GtymAPaqAoxRZrN2EgmzZLCkbPsh
The raw bytes for the private key look like this:
4300d94bef2ee84bd9d0781398fd96daf98e419e403adc41957fb679dfa1facd
Looks random enough. However, these bytes are actually sha256 of this public address!
1LGUyTbp7nbqp8NQy2tkc3QEjy7CWwdAJj
I discovered this by performing Sha256 on all the public addresses I had collected from the setup of my experiments and then seeing if those addresses (from the generated private keys) were ever used. Bingo! Lots were coming up. I searched a fraction of the chain and found dozens. I also found these addresses had bitcoin sent to them very recently (within weeks/days of when I discovered them.)
I asked myself, "Why would someone do this?"
At first, I thought this was someone who thought they could get away with having to remember only one piece of information rather than two. Maybe they have one favorite address/private key combo and derived another from that one? I thought it was possible. You could keep doing this in a chain and derive as many as you wanted and only ever have to remember the first one. But I ruled this out for one simple reason; bitcoins transferred into those addresses were being transferred out within minutes or SECONDS. If someone generated these private keys for themselves, then why would the coins be almost immediately transferred out in every case I looked at?
Here are some more (complete list at end of this doc):
16FKGvEtu5KPMZqiTK4yjmsSZsJLyxz9fr from Sha256(1CRWfJdgVrfKLRS4G3vTMRhEQrCZZyHNMo)
1HwxL1vutUc42ikh3RBnM4v2dVRHPTrTve from Sha256(1FfmbHfnpaZjKFvyi1okTjJJusN455paPH)
1FNF3xfTE53LVLQMvH6qteVqrNzwn2g2H8 from Sha256(1H21ndKEuMqZbeMMCqrYArCdV8WeicGehB)
I could reproduce the findings of OP without a problem for experiment 4. The given examples all match with addresses provided. So it was time for me to run the same experiment on every known address on the blockchain (up until block 536830)
And I found a total of a whooping 148 addresses where an existing BTC-address was used as the passphrase for another one. My findings:
Code:
Used as Passphrase: Resulting used address:
1KrutzZZ7rth6D9wasfGz2oy9R6k1RCL9n -> 1HJx3CqdaHAX6ZYRBHDvM5skg2Vh7GeZBD
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T -> 19QBydCuMiY7aRTbkP2tb3KQJUWkTrr5Xi
1JoshVWQDa7DzXqN3wQ9dbig5WEfaAzHcM -> 1Hg9pi75XWAT9pB3faXQFKKZbh98cbM5m
15SP99eiBZ43SMuzzCc9AaccuTxF5AQaat -> 18XAotZvJNoaDKY7dkfNHuTrAzguazetHE
1Q81rAHbNebKiNH7HD9Mh2xtH6jgzbAxoF -> 1LgwKwv9kt8BwVvn6bVWj8KcqpP9JSP1Mh
145Sph2eiNGp5WVAkdJKg9Z2PMhTGSS9iT -> 1HhNZhMm4YFPSFvUXE6wLYPx63BF7MRJCJ
1FEwM9bq3BnmPLWw5vn162aBKjoYYBfyyi -> 18VZKyyjNR8pZCsdshgto2F1XWCznxs86P
1CVPe9A5xFoQBEYhFP46nRrzf9wCS4KLFm -> 1LVRWmpfKKcRZcKvi5ZGWGx5wU1HCNEdZZ
1BBBvd9G5YThYVVMSGSxJzQvQiQm3WxJC2 -> 1EFBsAdysTf81k72v9Zqsj3NMuo6KoWD2r
18AsiEQoLLKaF4Co1z4rxHyzJu9oqTVbFE -> 1Jsz6mahqVMJn2ayWzN6TfeWTti9tqfbSM
1HqQBiqgFK6ChJ2Vq7kbWRCbc73cjyNXv5 -> 1M2uEGihcwUPiRGETE7vF8kUiS2Z4rtV2Q
1MVqDAJo8kbqKfTJWnbuzvfmiUXXBAmX3y -> 1LWU4SbnqnfctAMbtivp2L98i8hSSCm7u7
18EF7uwoJnKx7YAg72DUv4Xqbyd4a32P9f -> 1G6qfGz7eVDBGDJEy6Jw6Gkg8zaoWku8W5
1Pjg628vjMLBvADrPHsthtzKiryM2y46DG -> 12B1bUocw8rQefDcYNdckfSLJ6BsUwhRjT
1KxUVU9DKfdaTLMnXBLS5BZRf56cFnRosk -> 1L2a5n9ar7e2v3Wz6NDFnxisigvR6urGaY
1PoHkMExsXDDBxpAwWhzkrM8fabmcPt6f4 -> 1G2rM4DVncEPJZwz1ubkX6hMzg5dQYxw7b
1PeCGFsJgqz8CcjGugGq5bPBiRDXUZHLUH -> 1FjEL7TBazaJN7WyND4uwq9wiaWDzfizkP
12XuaKzEheWbFJBno9QiV6kPCWrnWpUYTK -> 1KwUfu3gGk7n8Wz969tAztvvM4Mp4ZY57s
1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX -> 16VrwSmUyvCKTXoeyrUcZ5zC7s3wkteAeF
1FfmbHfnpaZjKFvyi1okTjJJusN455paPH -> 1HwxL1vutUc42ikh3RBnM4v2dVRHPTrTve
14PnZgX8ZDABJZ8RnatkK7DQzdpkwRRPX2 -> 11EuerTwe9rxtT3T56ykX5K7J3AksPzU3
1BxzenHnSuKwqANALE5THeTCSRZkv3ReRP -> 1MJKz1M7dEQCHPdV5zrLSQPa4BGFAuNJyP
1CJBqJ3MwUVVNsqXpJx8Aecc3PWxSWPmUc -> 17S5HsEY4CLxSCU94C1Nx6pTKXWBUh7e37
1DMwZeQJXfWToRRHr5uRiKeucwDWkWLvkm -> 1ERKXYeaCy97KPdJTRbWjJDVzMbStJYqCm
1PLpQDyqDUcpK6fWpRhkkFVBw4tSK4sHkS -> 14mRxKmeEw9DCBbpR596FYmfZVdBD8MJxh
1BynBc2YUAoNcvZLWi24URzMvsk7CUe2rc -> 1MkaTR3642ofrstePom5bbwGHbuQJmrnGD
144BV4Y7tgnetk5tDKAYTGS4mjprA75zJz -> 114LdauSAu2FTaR2ChPsPTRRhjYD9PZzn2
1Ca15MELG5DzYpUgeXkkJ2Lt7iMa17SwAo -> 15ZwrzrRj9x4XpnocEGbLuPakzsY2S4Mit
1PAVELxB51neRmWMFqgaV3Nd78udSyEMFg -> 12G63HnPAhmBLwDfDuexaDo9ExTqbfuC59
1UvM3rBJ8Sa1anQ8Du1mj5QZapFmWF7vH -> 1MG1dTqtWVNqq3Qht88Jrie7SXp2ZVkQit
16era4SgYEcbZD1pu6oCBXGXjK2wSrePe8 -> 1MWBsFxWJrNtK2cN2Vt7j3a9r5ubfn41nx
1A7grBEjor6Sapj8KRbEGj2UrbnNt1Usxo -> 1J9SzdYMZFsLqunQfPAswzogLNBitbREMD
1JcsBzKio1curbu9AtxTySxddvT4MKT3Da -> 1kN83e7WRtsXD7nHn51fwdEAi51qk5dEe
17S3XjtEFXQoGdXnUjJJtGB1D7PTa9SsLZ -> 1KyUNmmJu3JjauVEZQUYLUEBg48GXXS1ii
1PhqA75qNM23aH9zV3uWvUhDbdwcab6q5L -> 192qwAD31JB9jHiAwaTDkd6teb2hLAkY3b
1F3sAm6ZtwLAUnj7d38pGFxtP3RVEvtsbV -> 13mbvCyxCYvATNzranCkQdpCT19VGpMFZa
1Je3tz5caVsqyjmGgGQV1D59qsCcQYFxAW -> 1A17F9NjArUGhkkiATyq4p8hVVEh2GrVah
1EjWVhiTyCdpTa29JJxAVLq27wP4qbtTVY -> 1GUgTVeSFd2L5zQvpYdQNhPBJPi8cN3i4u
16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG -> 1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD
197HxXUSehthdqXM6aEnA1ScDSCR7tQmP3 -> 12eGusvkCcJb2GWqFvvE1BLDJ8pVX49fQv
1KzSULbG3fRVjWrpVNLpoB6J62xYL42AdN -> 1mbcQaPzsaBoaYP4V6uwCA74BRPhroK3r
1LFCEek8FobJRXb5YrzWJ6M2y8Tx2Xg3NB -> 1gHad7cKWDcVKFeKcLRW4FhFAyw2R7FQZ
1C1KjGATUXP6L6nnGTAh4LQcnSyLt13XyB -> 17SaWquajZZBRF5qz6HuXMRt6gvnrDyoqE
1JZwnSQz64N3F9D3E24oS4oGhSxMWDsXYM -> 1GSkK6KBVSycEU57iK6fRvSXYJ4dgkkuNt
17XQfW1R66aRBNYyJMwzn7zLf3D6sZgda3 -> 14XAGCAeUxieSzvGK3TX915PJLvX54n2Pd
13PctMqzyBKi5CpZnbastHQURrSRrow4yj -> 1pmZwNDZjpuAqW3LjYYQCEjbQYBtSxzWc
18SV4DVmytRDYB5JBAFkewUbVAp6FRpi5c -> 1KiGdZ9TUeWyJ3DyHj7LQLZgjvMHd6j2DZ
1E3D7NabEX971uV2gXT47rWQwPm3zbmvd8 -> 1Kka5bgXvpHTNDsPmhLPHae2qcK9mLS2qS
17FaMY613bKfwhrdTv5PHnucSGTJBcw3k5 -> 19cMyj9KqVq78yZe32CNhgpyuGLMwM9X8S
19cMyj9KqVq78yZe32CNhgpyuGLMwM9X8S -> 1LzGrd5QX1rG5fk7143ps9isUTEwGyzRJE
1LzGrd5QX1rG5fk7143ps9isUTEwGyzRJE -> 1Q2a1ytfujskCEoXBsjVi1FqKWHegfFKwD
1LeuaozTUT5UJX6DD4Q1VJsHh6aHpZ3YRU -> 1Mpw88XWQzLTZnq1eNs5SegZYGJu5Epky8
1XAeTJCaYJgoBDwqC1rhPhu3oXiKuMs9C -> 1EqSvLnMhbRoqZkYBPapYmUjMS9954wZNR
1FLeb3zCVG63NYAMBiUoqKYgW1tUwgMMfF -> 131XQfvE7E1NzdRQnE8XFmtkxWVRXTsb9q
1HAQB99WfrV2ttRjttUPMzRi4R1uC2ftMy -> 1Kc324Y6UUMffeYdtuXgzVC28Kx3U8cqQk
1Lu49ZKmGoYmW1ji3SEqCGVyYfEw7occ86 -> 12GZz1D1kdX3Fj7M87RFvqubam8iGrK77R
1AYKSUqCtDX1E34q4YoFnjwWSj41huWgGG -> 1cQH5XCsezkKt9zpwjHizz8YJZudDSwri
1DCfq8siEF698EngecE69GxaCqDmQ2dqvq -> 1GGFXUL1GoHcEfVmmQ97getLvnv6eF98Uu
39oArFLKkWBEqRBM7cxJnrrJihMnRmz2PT -> 1AXECcFUaSJXPk86zUrB19WJyeagVd4Qp2
1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD -> 1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu
1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu -> 153jMRXn251WyxT9nmJW2XDsFUJ648jyY5
1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV -> 1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1
1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9 -> 1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe
1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1 -> 1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9
1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe -> 1qA59Na3WysruJbCPoomryDRCtJ4f4aLu
153jMRXn251WyxT9nmJW2XDsFUJ648jyY5 -> 1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV
1qA59Na3WysruJbCPoomryDRCtJ4f4aLu -> 18VZG5Dr8bYJWadHUgh7kC4RPS1VsvH4Ks
1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g -> 1Gwz14Cty45h3hZ4nCEno6jSdxtQn5bc7h
16bjY7SynPYKrTQULjHy8on3WENxCmK4ix -> 15M7QfReFDY2SZssyBALDQTFVV1VDdVBLA
3LD39qD1D2tuRDs1N7kojtqVdEf9MKASXJ -> 15ymvzZR7xs5FkhRXk1JR4ufeUxukoQyuX
1LTZ9kaxRHBZH43eSmZ2KoGLHHUBV3P2S5 -> 1PcExYX3mUJ1rwa4aTLNJUpxqRLU8MxPXm
19o4Yjrd74qnZ3z87C67BShbbF4fSNHy8W -> 1CoyRECWJ4LHNiZAgAz9719chFkrDJuNMC
16bEpxSc1FDyQDXR7ZYKbyyDDxzyaaCnNS -> 1LkwU9xbVroLkH9EvxDfmMnsCikQzaUv9S
1CRWfJdgVrfKLRS4G3vTMRhEQrCZZyHNMo -> 16FKGvEtu5KPMZqiTK4yjmsSZsJLyxz9fr
1KEkEmadjTYHCiqhSfourDXavUxaiwoX7f -> 1JQ2shEPzkd3ZL3ZQx7gmmxFLvyhSg14cb
1V8tWZw4J3G5kBgafGsfoVSNQEgkxDmeA -> 1L5pzdXL4hhtMHNxFXHjjdhhSidY9kJVRk
1NPSWKXdnHa17NWTU3J6nVkyogZjmAh7N6 -> 13wY5CtwQhd7LYprEpFpkt1g9R7ErMkAwT
1AixDffKCd1cV1tz1sp8fwJQDEAYCWzQcR -> 1M5jhEDKQCYbMCXHgcRUmaxwqYmcbrEfGD
1FAv42GaDuQixSzEzSbx6aP1Kf4WVWpQUY -> 13qsbkaJM7TkA5F2dsvHeGVQ7kCo74eGxh
1H21ndKEuMqZbeMMCqrYArCdV8WeicGehB -> 1FNF3xfTE53LVLQMvH6qteVqrNzwn2g2H8
1Poi5SE42WVR2GKPrwp9U3wYqEBLN6ZV1c -> 1DBXjdbMWXmgt81E1W7AYRANVPiq12LsGd
1LdkWzq9DxopPkY1hCmQ3DezenP5PQLNC3 -> 1JvaK7jYWFNbDsJZLarXnq1iVicFW4UBv5
1JvaK7jYWFNbDsJZLarXnq1iVicFW4UBv5 -> 137XrofaWZhaZW2uB7eDsPjcwCNMTXVLot
137XrofaWZhaZW2uB7eDsPjcwCNMTXVLot -> 1D97u8Pet8YmNwKaCPUXLyi4zk1HnLF5RQ
1D97u8Pet8YmNwKaCPUXLyi4zk1HnLF5RQ -> 1G7B5eVnAQgeuGrKxcRnrmEqPLsjRkgnVF
191XapdsjZJjReJUbQiWAH3ZVyLcxtcc1Y -> 1CcSiLzGxXopBeXpoNSchagheK9XR61Daz
1Nk6a8ZfN86gaHJifcF8iGahx4scCKkwF5 -> 17hMEK4i8Nsi56huBU4i9N4Gjiw5G6X5iG
13Q8rTtdGUUt8Q8ywcEffj4oiNrY6ui3cu -> 1JhWnRjRm7AhbvSBtEifcFL8DkEKQiWRZw
1GRdTKgSq5sY3B4PiALPjKTXSXPXs6Ak7X -> 125PcPD4QXzgDwNPForSFji8PPZVDr2xkp
1Et9zapAxsBLJ3bvY7LDTuHif5cH7mZiBE -> 1AoocdeZC64PaQ15Gbv1kXyYYnN8FWXAST
1PVn2gxgYB8EcjkpJshJHfDoBoG8BntZWM -> 134Kia3XhZV6oXE4EUvjc1ES8S8CY7NioU
1E7kRki9kJUMYGaNjpvP7FvCmTcQSih7ii -> 13eYNM5EpdJS7EeuDefQZmqaokw21re4Ci
12GvGqEQuQTW4Rr8dZ1o397KAYCMGWPYkq -> 16bEBNuc7JQ4QzyoFAkmxdVvW4wJqicjVN
1E4yLggKcgHcpSKX336stXWgheNU2serVz -> 1HMGSkDB9ZhRoUbSEEG6xR7rs9iPT2Ns5B
1p4gsrzTc3mFAgJKYqMzhm6UsJzhgy1KX -> 1CSMVivJfFynvbZRrLFHVGnehpXLUjdGRc
1FFAdm2BWoCfTkTwFLJ4o3b5xG7cuRxbWb -> 167dyxowdWwBdofck3WuAwvUpVfn2ewx8Q
1J1ZPHbbEwgcwniH3F7AgBeFZxQXJoKCGf -> 1CRq6nj3a7vXdJJN2YSWdW6fVwydr6kqWs
1KPDwnrzJAfD2V4oiPf55WBTAi6UJDvMjN -> 13CnacdjvuuTJkCWrZf33yMrQh5aVX5B14
1FDWY63R3M87KkW2CBWrdDa4h8cZCiov9p -> 1LsFFH9yPMgzSzar23Z1XM2ETHyVDGoqd5
3Jz6sH2ZE4ey4QzingeKaUNTjm715RLfKs -> 1MRpBEdFqWK2qCYm5o8toa8BRUN7c3SQVg
1JuP7JXhHabGLVAqp9TJj5N171qLVHrcVq -> 1BwjscJC3P47uW5GXR7tjeHkdXQk6CuAFb
17Xok12pBFkXxNcE8J4gTSm3YKkatyX4ad -> 1NWCqz8nr8ZRZt1zEKidyWcZDyNtK3THps
1EGeEk4YUrXyDL4zNXpWdqJopoVxs2vExJ -> 1C9HtVz7H8NArfV613wQNHs4PrK2oLZEYh
1268xJ8iYUdRxK2vArkyoa5es6bR99hjhR -> 15XWgB1biKGd1JyuYecobfFtfBcVt6Jnok
1FBxoyGYaC9GEKLokfyrHUbZyoZmmm1ptJ -> 14JpZ9Bogo4p83xt6cKS1Fh1rLSFRat8PN
19aNbfFfZEWwstuy97C1GsHHELNCxZSEYV -> 1DT4Q4ocUFgekXvBqBM6kFmvQYB6Y4PnHo
1HzJPqLEpbeXiYhyoA8M8cuuds3FEAnw3B -> 17kYPYbELyVfMSYihD4YETJSZq5yCs3diM
1PhmMsdwamJA6soKw5mNMXxzGomHEHWY5P -> 15RjQKt6D4HBn87QqgbyvhKFNDDjXncp8Y
17iLALAyra1W5KSUjjkGN5LeUsWdeoQQx3 -> 1BVNt39u32LLkxMvBeBHXXNaTJqWe1Xcu5
1MB3L1eTnHo1nQSN7Lmgepb7iipWqFjhYX -> 17iqGkzW5Y7miJjd5B2gP5Eztx8kcCDwRM
1K79KaFs4D6wqz1wjP1QoYiY18fw8N3bZo -> 16eePivj1nTVvLpBGkmFoeGxNyMU7NLbtW
1E1rSGgugyNYF3TTr12pedv4UHoWxv5CeD -> 13FzEhD3WpX682G7b446NFZV6TXHH7BaQv
15nXjzf8EXy8Lji3czM1HAVw14mEKoEiTw -> 141V8fK9Kuofit8AXh9SLV9N9bLTfftETA
1LFGKkDZ21FZVsBh1A1S5Xr6aXuV3x9N4k -> 1P9ZZGDG1npYd4d7jiCfPya6LQGkF5sFm7
1LGUyTbp7nbqp8NQy2tkc3QEjy7CWwdAJj -> 13JNB8GtymAPaqAoxRZrN2EgmzZLCkbPsh
1FEYXtchFFJft6myWc6PyxLCzgdd8EHVUK -> 1FXi6kEJjnZUBqpwjVJKPsgVHKag86k6qq
17A16QmavnUfCW11DAApiJxp7ARnxN5pGX -> 1MThTn1XmUYcUtBs7GPdUBB7cmZWr2BPft
1MbzspFCdXjtqAUx3t6A11vzrk5c847mvE -> 1DHWP6UjSKBBUR8WzTviWAGNgLfDc6V6iL
1NbBTJQ5azGEA1yhGnLh39fE8YoEbePpCm -> 1Ads6ZWgRbjSCZ37FUqcmk82gvup1gQurB
1LdgEzW8WhkvBxDBQHdvNtbbvdVYbBB2F1 -> 1NHvPBaxKFuDec27mWcyCf7szUUvNnfimK
1LdgEzW8WhkvBxDBQHdvNtbbvdVYbBB2F1 -> 1Kap8hRf8G71kmnE9WKSBp5cJehvTEMVvD
1Frj1ADstynCYGethjKhDpgjFoKGFsm5w5 -> 19T6HNnmMqEcnSZBVb1BNA6PrAKd5P2qZg
1Frj1ADstynCYGethjKhDpgjFoKGFsm5w5 -> 14XxBoGgaJd1RcV3TP8M4qeKKFL9yUcef1
1LDqitspsYaiLH6AMW5EzJYuZG5vTGzRNg -> 1Lv6T9RegiNHpES1DHu6AasDcUqp2SeqLb
1MywYg5vwBk2G5Wkmfh2Mo26j1jFTADCkP -> 1L2CdFdZUzYLwXqmWffJhkwamtDXwr6NX2
15WLziyvhPu1qVKkQ62ooEnCEu8vpyuTR5 -> 1MNhKuKbpPjELGJA5BRrJ4qw8RajGESLz6
16SH69WgJCXYXWV58sxjTxonhgBh5HCZTt -> 12fcWddtXyxrnxUn6UdmqCbSaVsaYKvHQp
1C91NNyzXE1dBC4dDKjx6y5VnhihifrpCY -> 1HPnYqbMvV4bGRcpSP28mMyekhjKiudcFY
1ESkNMa9Z37of4QdJmncvibrXxZ7suPjYm -> 1Gj2uRnxDztM7dTDQEUQGfJg4z5RtAhECh
14nuZCWe76kWigUKAjFxyJLFHQyLTsKXYk -> 1HamTvNJfggDioTbPgnC2ujQpCj4BEJqu
14nuZCWe76kWigUKAjFxyJLFHQyLTsKXYk -> 1DvtF6X5b9cBrMZa4Yff9tARCLqP5ZyB47
3BHsbqZnUGM5Gbwsxe7ukk8NJc81kfhY8Y -> 1MH2HaDcKYBFhdBEdE4DKoXZWVdtEqMRag
3BHsbqZnUGM5Gbwsxe7ukk8NJc81kfhY8Y -> 14nuZCWe76kWigUKAjFxyJLFHQyLTsKXYk
1ENCBKFsqxJVCqR2TS1WfDV3rDi6zA8J6Y -> 1NzWscae8v3sKmTVJYwq8yhkizK8hUS5qP
16oTV1jZPJ5wm3QLhN96xVF7DchihmpL1k -> 16nXouTPm5gVedr4Betb8KRWLSBtmXGUbD
1Lp93D7qA4E7rzFD24LsAD3STbVypxP8Mu -> 18sgB1rVs5FSNCD2KDoNySA1wfnirAqdot
1ERdvKTCxP1gZvdNndLKtYotW7qpR3xhuQ -> 1FP8j4zUPoJkpKwYpd8zYGHVaKygRHzx3d
1BCvHvXCceu1pfXgqyTegzDVTiG7KBPUrB -> 19e7wSvRggJdBNLbjJwiB7K43J1PWCyGa9
19Yyqo5rsKQQLQP85LcqQkttRAAY87xwPk -> 1AaDf5H3LWgS6axUXRaww8tZmHqZTKK6D6
16nH7UJSSabJLadDGhFiyxPjMp7zT9Frqe -> 1JGA2mTkfPw6wKn5eNZ5kBJ3iN4K62HScA
3BTxuixRkhMQfTSqCLmq9Wn4jJ9H3dszhX -> 1CEvDrbju2qx4DW59C1Q1ZhvzoqjxJ2YX4
15hMTbxp2Z6dwFKDKcHkm2tnu28gR4994r -> 18zHNXq7UZV4VfUZjqdaHNbj8K5G6YFu4n
1ELZAjiXwZsmrqbvakVJzG6RRZtJDhJ2Rf -> 1LNGJ64rL2KA4VEMGRFBA5vSqaxpTAR7fv
14Ca26QMhDoyZEhmAUbadBHSMtynuFDFEr -> 19ChjJDaqhyPzRePyCwJvAUAcWsb3jwYne
167ZUAUMyeKbsXNDP4S5g7ey1MBucipm5e -> 1FiMHBECGC6QnbH93BgfQxA1BbjmoNEdDZ
34zQQeLLjmYNXdrWehtSmZb8fuP8jLZBqc -> 14dXxWwfg8MUiDpVbF8gg7WoCvxCFgfuh9
1MMBdLWiAK71oevANJrLHXXKAK8bZrPtqx -> 18bRpCq7yDccXrhy49ayv18vBQy6TjLtxV
1J2FqR94hjiriJoFxbN2apw3tyXZZvmdrm -> 19RtmcuK6Uk16uLzFSg23FxfWGCS8Eaxao
This concludes my checking of the experiments OP described. I will do a few follow-up experiments myself and if I find something interesting I will report my findings here. I also added all the results from these experiment in my published sets of compromised brainwallets at https://eli5.eu/brainwallet/ (which reports almost 19k compromised addresses).
Quote
Experiment 1
------------
My first experiment was to see if anyone used a block hash as a private key. That would actually be a nifty way to 'compress' 32 bytes in your head. You would only have to remember the block height (which is only maybe 6 digits) and the corresponding larger 32 byte number would be saved for all time in the chain itself!
Results: Success! I found 46 addresses that had some amount of bitcoin sent to them between 2009 and 2016. As expected, these all had 0 balances either because the owner had taken them back or they were discovered by someone else.
Here are two examples. You can use blockchain.info to see these hex values are actually block hashes from early in the chain. This happened on/off up until mid-2016.
1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd
1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr 000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485
[/quote]------------
My first experiment was to see if anyone used a block hash as a private key. That would actually be a nifty way to 'compress' 32 bytes in your head. You would only have to remember the block height (which is only maybe 6 digits) and the corresponding larger 32 byte number would be saved for all time in the chain itself!
Results: Success! I found 46 addresses that had some amount of bitcoin sent to them between 2009 and 2016. As expected, these all had 0 balances either because the owner had taken them back or they were discovered by someone else.
Here are two examples. You can use blockchain.info to see these hex values are actually block hashes from early in the chain. This happened on/off up until mid-2016.
1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd
1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr 000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485
Please note my previous conlcusion on using blockhashes as private keys were not correct as pointed out by Thirdspace. This is a correction post with the results of a proper experiment on block hashes
The first experiment as was stated by the OP was to use a block hash as a private key. He/she was even kind enough to provide two examples. What wasn't clear to me before but is now is the fact those blockhashes themselves were used as private keys instead of using those block hashes as phrases.
Code:
Used as private key : 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd
Remark : block hash from block #2
OP address found : 1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk
My address found : 1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk
Remark : 80 + '000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd' as the full private key
Code:
Used as private key : 000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485
Remark : block hash from block #4
OP address found : 1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr
My address found : 16X3KngmmQ1x5roBz71boZ3b55qCRC1D51
So after my previous attempt of using all blockhashes as a private key I this time ran the correct experiment by checking each blockhash as the actual private key. I found 48 (!) addresses this way (including the 2 OP provided as an example):
Code:
000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f -> 164qRoL9B3oxAZCn2RS6kAFejJQyAEcjaw
000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd -> 1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk
000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485 -> 1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr
00000000841cb802ca97cf20fb9470480cae9e5daa5d06b4a18ae2d5dd7f186f -> 1CLoKbp4a5du6Nzs21UbFFqDZE3Ls7GnAF
0000000067a97a2a37b8f190a17f0221e9c3f4fa824ddffdc2e205eae834c8d7 -> 1Kn9aRbWxxnTsnLcFTS2LjDV9PDLQGzJpZ
000000006f016342d1275be946166cff975c8b27542de70a7113ac6d1ef3294f -> 1MGFq4ot2DqMJQG5tGPEpwA1ZG6XPGmSsV
0000000098b58d427a10c860335a21c1a9a7639e96c3d6f1a03d8c8c885b5e3b -> 1FSK393znD9i4ViQSTfXKbuhw1pPLjjrvC
000000000cd339982e556dfffa9de94744a4135c53eeef15b7bcc9bdeb9c2182 -> 1JAj2zj9Fj68y4EKZkbtGv4z6XvbBQ5iY4
00000000fc051fbbce89a487e811a5d4319d209785ea4f4b27fc83770d1e415f -> 15CL3ezLrNq4YVGxAXyu7rb2hWQmEhPSH8
00000000314e90489514c787d615cea50003af2023796ccdd085b6bcc1fa28f5 -> 1NJvd1gcxiGmxS7NSub1HsazVewrJH7r3K
000000001fa8db1f15a9abd900cce0df7823a8397f2728b1d275e8fe0c0d2df0 -> 1w9FMNMRcwQ6g7uU3cDxo9QjXh4qKgS1s
00000000ee1d6b98d28b71c969d4bc8a20ee43a379ce49547bcad30c606d8845 -> 18AZXGaaexCt7H6URZxCHWnp4bZb3mnXGk
0000000066bd6eb18ac2a759d0287a0ce3c874de071a18fe191ee2181c652c89 -> 19MeQVWWiQRCzxb9Hhh6myThk7xSQ1FZKs
00000000c5fef55bc9cc3d4bd26d4f5495af1dba2c4e284a3e9915f7c4a77980 -> 1MyRduQBLWe1dRdFaeFEQsWUwC8Ng3NRwN
00000000d2650ca85996b3a6766fcfecfa0d18a433d6c482e3a400eb46c4507d -> 12uoPJKtoogGYQRh2a8vQEAc6Rwsi5jhnk
0000000000511a5356c93057e512af0c87f3db86a5c24285f8870d2f9f5d4005 -> 1QCnp7ifrJxZVZYov7MFvENG4arKZzSWnv
00000000000002d214e1af085eda0a780a8446698ab5c0128b6392e189886114 -> 18ot9XCfzfWkaGQLcDR9xdzBDtimhEsPTG
00000000000005129a339a388082bb6dcd185560dab135f048d0021912bf2c96 -> 19iQR6Pmjk6zKN7XaSTZJ3NLpwg2bSxAfN
000000000000056a303dd8a19509c1a74176c1324a923e237b1e7ffbadf38849 -> 15XQrFhNbiQQW71tYxp8ySTVpmb4pmoLRU
0000000000000a2c73285546b59ad9c523bbaa9b2d9b9a9b7e4bfb074a700008 -> 12Mdmf8AD4YurjnjtpwcEbUzoHkvPuffqD
00000000000004c9c29225b11b3ec75294d201613046fad170848d919c61f279 -> 13MTQYzxyqEF9yB4BjztwNQfJ52dWfgUdk
00000000000001aeceb6762e33bb6fbdbdb75b99f229992d99f726286bfef6eb -> 1ECEY4i6PN8rVuain78BrcDEr3VWx8z8c3
0000000000000453918365cc3bd4cc332f1cdaa9d634090585102d299a70dd8b -> 1Czo9PruXzXmChGAXs7LFg9U29ZeitgHSz
000000000000031d5731617e8014e2efd7524bc728976f736c4217d9888e9eb8 -> 16N2LPXmu1V5KSiRiJ5yznuHzUF6sSkHPw
0000000000000040412b763328116fea4b69a1f30e5cf18ababbd3ac59ab2159 -> 1BiSjbXeMfTE5mUxiLxE8VTaaDA3evJWkj
000000000000012e75d835d232050cf42f7a250846cd544fbd97d4d6b1079f9a -> 17nffrVW4YyoEQo7dTbbz58FiaE31RQFEv
000000000000002383789cd830d99c6488d1555a19ed8bc9a6ed6f785f44aa2b -> 1A9R831fPkbh4XpVdttdbdiua1akpRGc22
0000000000000043371e55643e3cb2b48eb4681bc82e7be5c88e5f85272e7bfb -> 1Gu8UmXCEjaFmcycAg3tjih9BvmMuQWUVe
00000000000000e09b60cf59246a697d7e7f449d1f8b6528faad28bb2ad23fd3 -> 1FJ46MfT7ib527NvKUkU8bdTsJGmz1aoB
000000000000029f4bc71ecd64f13068876ee910cafe4bca8d46d1c38a5bb6bb -> 171t2vYmyrsiNNCNp5Zwh7VJ4HYtjUP85z
00000000000003fd22aba8da396d0d3a0edebe0ee52a717c8b86cca25c069be4 -> 15Caj8dTaVV96ePfTZWEg6MZqy1GQoRynT
0000000000000370f35f87be6d291757cb7d711d8dbeda7251484dc4090738f7 -> 1FGQJrCpjcxcNE9abpwejg5DprymaQdEVe
000000000000028387c182975dd5dff74cfec7c5e539b19d2d53e59f2ea1d2ae -> 17g7p5aGKU9v7Y6qqpdeiPVFZ5rEzdLh3p
000000000000038a4eb01e85c45fcbd5ebf2d1b2e0dafeb9d4b9cf0ea983964c -> 17yb2XAcaMn7u9UF7vLSMB3LCuziFV8q3u
0000000000000114420273c901e448a0a51a89fe2e6964541994c7eb1a3e615b -> 1LddbPU8TuMepABqL4enkvTUnHfp43xZmk
0000000000000061edd85e375b354773f096081a20829a3ca376eb2ef3a41ba2 -> 1EvbFBWc9yBCNb1LYSkstVXwu9gA6rkEfX
0000000000000026a26d1ff45a72236f12de3ad5ff703aebec322f52ac8ed9dd -> 1MV3wHfgFr3xF8LRxW16opXt8PbowT3Euu
000000000000001f19cf4788a71e35949b261a62e90f09027d76c57fda7d75ba -> 1M7NPSWTX5MjkbrsrastjTH7bT76RmhLEP
00000000000000000577caf7823c048ee34cec0ab2fc82d4b8e55b022fe35cfd -> 1Ph44tVkbEm4GivAfUR7u2i1925ZzUcs8x
0000000000000000104f6217dcedfda795fa34278ddc67e485f243314de9de77 -> 14VYx8XFeRtyAV33BLvGX3ZTBu4YNT4Bzv
0000000000000000116309fe12f087fed3acdcd7622d93e5cc898b6bc5040160 -> 1Lhndi7kuTZNG3XiTn4Lvb4EM8x8DesvUx
Thanks to Thirdspace who pointed out my previous mistake I was able to reproduce the experiment OP has done and came up with 48 addresses based on a private key equal to a blockhash from a block in the range of 0-536830.
I've tried a few examples that you posted and I got exactly the same addresses as OP said
how did you use those block hashes & transaction ids to generate addresses?
it seems that you used them as phrases for brainwallet instead of as private keys
you should use them as Private Key Hexadecimal Format (64 chars)
how did you use those block hashes & transaction ids to generate addresses?
it seems that you used them as phrases for brainwallet instead of as private keys
you should use them as Private Key Hexadecimal Format (64 chars)
Thanks for pointing this out! You are absolutely right.
I got off track when OP later on did use the input (for instance the BTC addresses) as a brainwallet and also when I found the six claimed merkle roots which also were found by using them as a brainwallet -> SHA256(Merkle Root) is private key.
I will rerun the first experiment and will update my first post accordingly. In the meantime I have succeeded in reproducing the experiment where BTC addresses were used as input to generate a private key.
Unless I've done some terribly wrong (and if I did please let me know!) I think the claim of OP block hashes have been used as private keys is false!
I've tried a few examples that you posted and I got exactly the same addresses as OP said how did you use those block hashes & transaction ids to generate addresses?
it seems that you used them as phrases for brainwallet instead of as private keys
you should use them as Private Key Hexadecimal Format (64 chars)
000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd
used as phrase,
Bitcoin Address: 1C85rYD83TgHB8kAWZvF2UvUBPjrLphwCy
Private Key (WIF): 5KZQinREXBJSpHH2UYmSk1rM7MqMszNWUDbWre3LqM6mxgd64dv
used as Private Key (HEX),
Bitcoin Address: 1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk
Private Key (WIF): 5HpHagTDEjnWh4JUN94a3CyZrPpWQyWL5zh9jHAry27BwcDig3s
000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485
used as phrase,
Bitcoin Address: 16Aci1HqAAKZtLWRGJAqhfzm8bSFS6X4iB
Private Key (WIF): 5KZQinREXBJSpHH2UYmSk1rM7MqMszNWUDbWre3LqM6mxgd64dv
used as Private Key (HEX),
Bitcoin Address: 1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr
Private Key (WIF): 5HpHagTBNndKifofNeYPqTB4EkCBV88DHdvFbNtFRrvrmC89VBJ
Quote
Experiment 2
------------
Similar to my first experiment, I then searched for addresses that were generated from the merkle root used as a private key. (BTW, I searched for both compressed/uncompressed keys, so each 32 bytes resulted in two address look-ups from my database).
Results: Yes! I found 6 addresses again up until mid-2016. Even though every address I found had a 0 balance (again expected), I was having fun with my success!
Example:
13bkBdHRovsBkjM4BUsbcDNr9DCTDcpy9W 6c951c460a4cfe5483863adacafad59e5de7e55876a21857733ca94049d7d10c
Similar to merkle root and block hashes, transaction ids (hashes) also seem to have been used as private keys. Still nothing alarming to me thus far.
I conducted the second experiment myself to check the claims of the OP. I first tried to reproduce the given example:------------
Similar to my first experiment, I then searched for addresses that were generated from the merkle root used as a private key. (BTW, I searched for both compressed/uncompressed keys, so each 32 bytes resulted in two address look-ups from my database).
Results: Yes! I found 6 addresses again up until mid-2016. Even though every address I found had a 0 balance (again expected), I was having fun with my success!
Example:
13bkBdHRovsBkjM4BUsbcDNr9DCTDcpy9W 6c951c460a4cfe5483863adacafad59e5de7e55876a21857733ca94049d7d10c
Similar to merkle root and block hashes, transaction ids (hashes) also seem to have been used as private keys. Still nothing alarming to me thus far.
Code:
Used as private key : 6c951c460a4cfe5483863adacafad59e5de7e55876a21857733ca94049d7d10c
Remark : merkleroot of block 3647
OP address found : 13bkBdHRovsBkjM4BUsbcDNr9DCTDcpy9W
Found compressed : 16jhNgoeuthu38TSS4RmuyACUugCnVwuKD
Found uncompressed : 16kGmzXkysx12qUSRDWruvNng8ewUV6rPL
Quote
Results: Yes! I found 6 addresses again up until mid-2016.
So next thing om my agenda checking all the merkeroots from blocks 0-536830. And yes, I also came up with 6 results:Code:
4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b -> 1Gt4G9kRDNCRNAoiLPwLZdLcdn7VUSfqMN [UNC]
749845497284ecf84ad16baa69d342d5c828403a53d5df3dba1d6743ad54db13 -> 1CSsutw7JFAj66AkyMPsDVvZ7yi2aoNyh2 [UNC]
04b9ac63b6ef06cc5a68502c6d220f70f0758850fd0ec2433112949cdf5c2323 -> 1D2YW26aTq5vxhZtYKAKeWJ9hsBxCkVNVu [COM]
fdd88c26ee8a3ddaf73819f612ffcfcb48104a6c38a333caee870ddbd75d4f5a -> 1FhuJVi4EAvQw3DzTcyuati22JgALKQiKq [UNC]
3cdd40a60823b1c7356d0987078e9426724c5b3ab439c2d80ad2bdd620e603d8 -> 1G3JHzv2gCUZC5CAzm2fqnaiEcCcyqEsS5 [UNC]
072723a6a5fd8fde8ee76370f6317ac9395d54b72bd8a0a54093f2980f6fb23e -> 18cFhmZgsiDe9y2J7wTs7VmdcdTyg5tsB4 [UNC]
Update: I also ran all merkleroots as a private key as opposed to the abover where I used the merkleroot as a phrase. This experiment yielded another 4 addresses:
Code:
7dac2c5666815c17a3b36427de37bb9d2e2c5ccec3f8633eb91a4205cb4c10ff -> 198MRUHD2cvgUTBKcnroqmoTSs4b8xyLH9
2a0053e41c5e66a5f5de94ab5527c04b61b3f47b2266475bdb16025009a8b934 -> 12SyZiNJhDzNWN6Si8Na4Na5UmebKMWprY
2c8837415676c2c0fda60998ac658c89f4c6839f3dad8f81dc80da69b42fc207 -> 1PkiKjtFdwDZ9ehRx1X2G5WRfkT2AQHq91
422ced71eac08061c053b010e2b65e7704b80f7b044c2ec707cd49c9f902f25d -> 12N1t4G9nKKQE5opNSCGSg57HfkKgZTnRY
Quote
Experiment 1
------------
My first experiment was to see if anyone used a block hash as a private key. That would actually be a nifty way to 'compress' 32 bytes in your head. You would only have to remember the block height (which is only maybe 6 digits) and the corresponding larger 32 byte number would be saved for all time in the chain itself!
Results: Success! I found 46 addresses that had some amount of bitcoin sent to them between 2009 and 2016. As expected, these all had 0 balances either because the owner had taken them back or they were discovered by someone else.
Here are two examples. You can use blockchain.info to see these hex values are actually block hashes from early in the chain. This happened on/off up until mid-2016.
1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd
1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr 000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485
------------
My first experiment was to see if anyone used a block hash as a private key. That would actually be a nifty way to 'compress' 32 bytes in your head. You would only have to remember the block height (which is only maybe 6 digits) and the corresponding larger 32 byte number would be saved for all time in the chain itself!
Results: Success! I found 46 addresses that had some amount of bitcoin sent to them between 2009 and 2016. As expected, these all had 0 balances either because the owner had taken them back or they were discovered by someone else.
Here are two examples. You can use blockchain.info to see these hex values are actually block hashes from early in the chain. This happened on/off up until mid-2016.
1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd
1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr 000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485
I will be conducting the same experiments and would like to share the results with you. The first experiment as was stated by the OP was to use a block hash as a private key. He/she was even kind enough to provide two examples. I tried to reproduce the findings only to find out the claim simply isn't true:
Code:
Used as private key : 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd
Remark : block hash from block #2
OP address found : 1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk
Found compressed : 1BVwDR5zkyz9zEVvMnETQdQcupHZrTx5rR
Found uncompressed : 1C85rYD83TgHB8kAWZvF2UvUBPjrLphwCy
Code:
Used as private key : 000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485
Remark : block hash from block #4
OP address found : 1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr
Found compressed : 16X3KngmmQ1x5roBz71boZ3b55qCRC1D51
Found uncompressed : 16Aci1HqAAKZtLWRGJAqhfzm8bSFS6X4iB
I used every single block hash for blocks 0-536830 as a compressed/uncompressed private key and couldn't find a single one used to generate an address which has been used in the past. Unless I've done some terribly wrong (and if I did please let me know!) I think the claim of OP block hashes have been used as private keys is false!
EDIT: As pointed out by Thirdspace in this thread below my conclusion was not correct. I will let this post up and correct my errors in a follow-up post
Actually they are not all empty... several have "dust" and one did have a transaction just few weeks ago...
This is mind boggling, thought provoking and quite an eye opening piece. The author is simply genius and those folks exploiting this are geniuses too. Wished I know how to code, I will be a white hacker like this dude right here. 
I did something similar with Ethereum:
d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3 is the Genensis hash of Ethereum, which is also used as the private key of this address: 0xf7656Eeec49cC7c2DBee3c08c9f203B25F093cDF
The Merkle root of Bitcoin block 229670 f7a9b2306585fb4801e4b61424dd5523c50f18b2b10011583f265b1d70f481ea is the private key of this address: 0xb8629E8E54f393DCAc2990e59887594C94A7E45F
The hash of Bitcoin block 478610 00000000000000000028389f5b592cbf08ca0451c675432f6060f97d8425fe51 is the private key of this address: 0x91f5A4A03614F131B36671006511f75580c4E550 (a user on BitcoinTalk.org used it, I contacted him to change it)
SHA-256 of the Bitcoin Genesis address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa, which is 31a9d2e8a70a091d65a58d2a08f8833abf5e8fa1d741c5400c538c38668cb83e, is the private key of this address: 0x700683cFcFE580318CB338E1a8AfCe6C25bB8ceB
Some "brain-wallets":
SHA-256: password : 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 : 0xfb35AD702E715E61A3F362C62DA7C1BD235102FC
Keccak-256: 123456789 : 2a359feeb8e488a1af2c03b908b3ed7990400555db73e1421181d97cac004d48 : 0x62F689837da39B1B50aD39D79E924989E340E0bB
Keccak-256: hello : 1c8aff950685c2ed4bc3174f3472287b56d9517b9c948127319a09a7a36deac8 : 0x5ccfa55C29F0522f062E3C15004E35a69dD45F6B
SHA-256: asdf : f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b : 0x5aF95f4e0803B739E49B1239bB5Fbe91bD058caD
Keccak-256: testing : 5f16f4c7f149ac4f9510d9cf8cf384038ad348b3bcdc01915f95de12df9d1b02 : 0x89112E3aE3D40362373153c9f08D665ED1e39a7c
Keccak-256: spiderman : ed16b5577f12fd01d27e13991713b21024a88f47de0a0cc9683c6b9391636ad9 : 0xE607194804516037b14Aa050584c4e950975b0F3
Keccak-256: knickers : 6f4fb7f3b1f4ba1b2d4ee901fff911e8ab97299dade221706b7ee65d72343c7a : 0x5de7e496AAc28C05b93d05e4449635b08AEB26Bb
Keccak-256: eeee : 6a7eac42970039e18dca0f0dbd37da2b9e1c04d2026fada6125ee7bfc086708a : 0xc4709734FeAafb57F2CB4c3537F2dfB721f5E3DA
Keccak-256: 12qwaszx : 53652a8bf2e5daa4e38965cb1474f651a62cfd01cdd23d9ca3c64d97fd3a4165 : 0xC5989f90f41c2F4dF71076680A597432136bC10d
Keccak-256: 2 : ad7c5bef027816a800da1736444fb58a807ef4c9603b7848673f7e3a68eb14a5 : 0xDCEceAF3fc5C0a63d195d69b1A90011B7B19650D
Keccak-256: 8 : e4b1702d9298fee62dfeccc57d322a463ad55ca201256d01f62b45b2e1c21c10 : 0xe0FC04FA2d34a66B779fd5CEe748268032a146c0
Keccak-256: 14 : 5c4c6aa067b6f8e6cb38e6ab843832a94d1712d661a04d73c517d6a1931a9e5d : 0x00c40FE2095423509B9fd9B754323158Af2310f3
Keccak-256: 123 : 64e604787cbf194841e7b68d7cd28786f6c9a0a3ab9f8b0a0e87cb4387ab0107 : 0xF46b6B9C7cB552829C1D3dFd8FFb11aaBaE782F6
SHA-256: 935 : b064bdba191139689139124101c1c39926326a9b221bd8dfcd603f065c3dc3b8 : 0xc4704D90cE139d919903ABFD8519F6D393c01B4C
SHA-256: 1870 : cf085574d40ec95878b1c306a9b2432d86c05f888edc87a39708000b3e58b5f9 : 0x3e371363C6B77c0819817bFeb8C98D6A4dbc9efE
SHA-256 of an "empty string" e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 : 0x41aD2bc63A2059f9b623533d87fe99887D794847
I didn't check txids of either Ethereum or Bitcoin if they've been used as private keys, didn't check token addresses, contracts, and I only used Bitcoin addresses that currently have some BTC in them, not every address ever used, so there still might be some addresses to be found.
Needless to say, there's nothing in these addresses any more.
d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3 is the Genensis hash of Ethereum, which is also used as the private key of this address: 0xf7656Eeec49cC7c2DBee3c08c9f203B25F093cDF
The Merkle root of Bitcoin block 229670 f7a9b2306585fb4801e4b61424dd5523c50f18b2b10011583f265b1d70f481ea is the private key of this address: 0xb8629E8E54f393DCAc2990e59887594C94A7E45F
The hash of Bitcoin block 478610 00000000000000000028389f5b592cbf08ca0451c675432f6060f97d8425fe51 is the private key of this address: 0x91f5A4A03614F131B36671006511f75580c4E550 (a user on BitcoinTalk.org used it, I contacted him to change it)
SHA-256 of the Bitcoin Genesis address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa, which is 31a9d2e8a70a091d65a58d2a08f8833abf5e8fa1d741c5400c538c38668cb83e, is the private key of this address: 0x700683cFcFE580318CB338E1a8AfCe6C25bB8ceB
Some "brain-wallets":
SHA-256: password : 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 : 0xfb35AD702E715E61A3F362C62DA7C1BD235102FC
Keccak-256: 123456789 : 2a359feeb8e488a1af2c03b908b3ed7990400555db73e1421181d97cac004d48 : 0x62F689837da39B1B50aD39D79E924989E340E0bB
Keccak-256: hello : 1c8aff950685c2ed4bc3174f3472287b56d9517b9c948127319a09a7a36deac8 : 0x5ccfa55C29F0522f062E3C15004E35a69dD45F6B
SHA-256: asdf : f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b : 0x5aF95f4e0803B739E49B1239bB5Fbe91bD058caD
Keccak-256: testing : 5f16f4c7f149ac4f9510d9cf8cf384038ad348b3bcdc01915f95de12df9d1b02 : 0x89112E3aE3D40362373153c9f08D665ED1e39a7c
Keccak-256: spiderman : ed16b5577f12fd01d27e13991713b21024a88f47de0a0cc9683c6b9391636ad9 : 0xE607194804516037b14Aa050584c4e950975b0F3
Keccak-256: knickers : 6f4fb7f3b1f4ba1b2d4ee901fff911e8ab97299dade221706b7ee65d72343c7a : 0x5de7e496AAc28C05b93d05e4449635b08AEB26Bb
Keccak-256: eeee : 6a7eac42970039e18dca0f0dbd37da2b9e1c04d2026fada6125ee7bfc086708a : 0xc4709734FeAafb57F2CB4c3537F2dfB721f5E3DA
Keccak-256: 12qwaszx : 53652a8bf2e5daa4e38965cb1474f651a62cfd01cdd23d9ca3c64d97fd3a4165 : 0xC5989f90f41c2F4dF71076680A597432136bC10d
Keccak-256: 2 : ad7c5bef027816a800da1736444fb58a807ef4c9603b7848673f7e3a68eb14a5 : 0xDCEceAF3fc5C0a63d195d69b1A90011B7B19650D
Keccak-256: 8 : e4b1702d9298fee62dfeccc57d322a463ad55ca201256d01f62b45b2e1c21c10 : 0xe0FC04FA2d34a66B779fd5CEe748268032a146c0
Keccak-256: 14 : 5c4c6aa067b6f8e6cb38e6ab843832a94d1712d661a04d73c517d6a1931a9e5d : 0x00c40FE2095423509B9fd9B754323158Af2310f3
Keccak-256: 123 : 64e604787cbf194841e7b68d7cd28786f6c9a0a3ab9f8b0a0e87cb4387ab0107 : 0xF46b6B9C7cB552829C1D3dFd8FFb11aaBaE782F6
SHA-256: 935 : b064bdba191139689139124101c1c39926326a9b221bd8dfcd603f065c3dc3b8 : 0xc4704D90cE139d919903ABFD8519F6D393c01B4C
SHA-256: 1870 : cf085574d40ec95878b1c306a9b2432d86c05f888edc87a39708000b3e58b5f9 : 0x3e371363C6B77c0819817bFeb8C98D6A4dbc9efE
SHA-256 of an "empty string" e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 : 0x41aD2bc63A2059f9b623533d87fe99887D794847
I didn't check txids of either Ethereum or Bitcoin if they've been used as private keys, didn't check token addresses, contracts, and I only used Bitcoin addresses that currently have some BTC in them, not every address ever used, so there still might be some addresses to be found.
Needless to say, there's nothing in these addresses any more.
I was trying to do the same steps pointed in the original article, but first of all I tried to get the whole database from the blockchain.
I used ABE library to copy the data from bitcoinCore to a SQL database, unfortunately, It take a looooong time to make this job. So, I was wondering if anyone could tell me how to make this job as faster as possible. I'm trying to do this as exercise. I'm new in the bitcoin world, but i'm used to programming in a python and C/C++ throughout my career.
Could anyone explain me the faster way to put the whole blockchain into a database?
Thanks for your time!
I used ABE library to copy the data from bitcoinCore to a SQL database, unfortunately, It take a looooong time to make this job. So, I was wondering if anyone could tell me how to make this job as faster as possible. I'm trying to do this as exercise. I'm new in the bitcoin world, but i'm used to programming in a python and C/C++ throughout my career.
Could anyone explain me the faster way to put the whole blockchain into a database?
Thanks for your time!
I would like to know as well. What software he used to store database and also what program to manipulate/query it
Anyone know what program to create a bot with?
I was trying to do the same steps pointed in the original article, but first of all I tried to get the whole database from the blockchain.
I used ABE library to copy the data from bitcoinCore to a SQL database, unfortunately, It take a looooong time to make this job. So, I was wondering if anyone could tell me how to make this job as faster as possible. I'm trying to do this as exercise. I'm new in the bitcoin world, but i'm used to programming in a python and C/C++ throughout my career.
Could anyone explain me the faster way to put the whole blockchain into a database?
Thanks for your time!
I used ABE library to copy the data from bitcoinCore to a SQL database, unfortunately, It take a looooong time to make this job. So, I was wondering if anyone could tell me how to make this job as faster as possible. I'm trying to do this as exercise. I'm new in the bitcoin world, but i'm used to programming in a python and C/C++ throughout my career.
Could anyone explain me the faster way to put the whole blockchain into a database?
Thanks for your time!
I would like to know as well. What software he used to store database and also what program to manipulate/query it
Anyone know what program to create a bot with?
Jump to: