Pages:
Author

Topic: Thoughts on this private key stealing mystery - page 3. (Read 23226 times)

newbie
Activity: 48
Merit: 0
I don't understand much about the technical stuff talked, but i'm worried the more recognition this gets, the more people (bad people) will try to replicate it in order to try to steal.
legendary
Activity: 2926
Merit: 1386

Is it possible to create a similar "capture" program that simply captures and returns the btc back to the sender, along with some sort of message that can be used to flag the transaction? This way, over time, it will be easier to determine the source of the code.

This can be done.  Great idea.

This would require in real time, immediately after the theft, determining the relation between the private and public key, then deducing the private key, then sending a transaction with a higher fee.

That would be a program. It would have to be activated by a signal from the victim, and he would have to notice the theft pretty quickly and log the request.

I would note that there could be any number of algorithms each with a variety of constants which could be used to deduce the private key from the public key. Once the bad guys knew these counter attacks existed, they would go to more subtle algorithm.

full member
Activity: 406
Merit: 105

Is it possible to create a similar "capture" program that simply captures and returns the btc back to the sender, along with some sort of message that can be used to flag the transaction? This way, over time, it will be easier to determine the source of the code.

This can be done.  Great idea.

It can be done but can be abuse by some scammers if this feature will be made. It's like paypal, even if your transaction is legit the sender may open a ticket or dispute about the transaction. So this feature is still not advisable. Before, I was also wondering if we can get back the btc we sent, but now Im understanding well why it cannot be done.
member
Activity: 322
Merit: 54
Consensus is Constitution

Is it possible to create a similar "capture" program that simply captures and returns the btc back to the sender, along with some sort of message that can be used to flag the transaction? This way, over time, it will be easier to determine the source of the code.

This can be done.  Great idea.
newbie
Activity: 16
Merit: 0
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.

What I am saying who put those code there and why Blockchain.info did not aware that the key generation program had been modified.
You are a noob so I will give you the benefit of my doubt:  Are you confusing blockchain.info with "the blockchain"?

Your words make zero sense, stop replying me. Thank you.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Few moths ago I also found a site that looks like a directory of btc address private key which could be import to wallet, I try to pick random wallet keys there around 50-70 address out of thousands listed on the said site but no wallet has balance on them off course the one who listed the directory maybe had already withdraw all btc on those address I just think..lol
Is this the site you are talking about:  http://directory.io/

If so that is simply a web page that calculates a group of sequential private keys based on the "page number" and then calculates the two possible Bitcoin addresses for each of the private keys on the page.

Nothing special or new there.
newbie
Activity: 20
Merit: 0
Few moths ago I also found a site that looks like a directory of btc address private key which could be import to wallet, I try to pick random wallet keys there around 50-70 address out of thousands listed on the said site but no wallet has balance on them off course the one who listed the directory maybe had already withdraw all btc on those address I just think..lol
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.

What I am saying who put those code there and why Blockchain.info did not aware that the key generation program had been modified.
You are a noob so I will give you the benefit of my doubt:  Are you confusing blockchain.info with "the blockchain"?
sr. member
Activity: 434
Merit: 251
physics, mathematics and engineering
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?

Nobody said they did.

Maybe it was a hacked wallet, or a key logger running on a computer whee the transaction occurred.

According to the facts of the OP I think it is safe to say that this was a dev of a company which implemented it into the code.

A malware would act different (f.e. Hardcode priv key's so nobody can recognize it)
newbie
Activity: 16
Merit: 0

If you did read the thread, then you must be smoking something good Grin
Blockchain.info checked their code repository, these addresses are not generated from them.

It is well explained in the thread why it was not a hacked wallet. Because if someone hacked into the wallet, he was no need to import a "blockhash or txhash based address", just hardcode one will be good.
legendary
Activity: 2926
Merit: 1386
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?

Nobody said they did.

Maybe it was a hacked wallet, or a key logger running on a computer whee the transaction occurred.
member
Activity: 350
Merit: 13
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.

What I am saying who put those code there and why Blockchain.info did not aware that the key generation program had been modified.

If you did read the thread, then you must be smoking something good Grin
Blockchain.info checked their code repository, these addresses are not generated from them.
newbie
Activity: 16
Merit: 0
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.

What I am saying who put those code there and why Blockchain.info did not aware that the key generation program had been modified.
sr. member
Activity: 438
Merit: 291
And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.
There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.

You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)


Make that only a few million.... bitcoinj.org and a few 1000 lines of java and you are done. Only need a 5-50 gig leveldb database...
Maybe a few days work plus another few to test it and get the sweep to work...
full member
Activity: 294
Merit: 125
Alea iacta est
Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.
I fail to see what authorities have to do with this in the first place.

But regardless, super interesting find. I'm going to read up a lot more on this when I find some free time over the weekend.

first3 methods are nothing new, i saw the same methods in some video , posted here .

using merkle roto and tx id as a private key and generate bitcoin address.,

but its like shooting in dark.


Is there a way you can provide me with a link to that video. I would like to aquire some more information on this matter.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
The do not.  Stop spreading FUD.  Don't be an idiot, read the thread.
full member
Activity: 706
Merit: 111
first3 methods are nothing new, i saw the same methods in some video , posted here .

using merkle roto and tx id as a private key and generate bitcoin address.,

but its like shooting in dark.




What's the video link?
newbie
Activity: 16
Merit: 0
How comes Blockchain.info generates private keys using block hashes or tx id instead of random numbers. Who had the privilege to change the key generation methods?
legendary
Activity: 2926
Merit: 1386
Very interesting technical story.

Luckily that in today's age, most generated keys are derived from a high degree of randomness...

How do you know for sure?
sr. member
Activity: 770
Merit: 305
Luckily that in today's age, most generated keys are derived from a high
degree of randomness, instead of easily guessable keywords / phrases
Sure?  Grin
Pages:
Jump to: