Pages:
Author

Topic: Thoughts on this private key stealing mystery - page 4. (Read 23226 times)

newbie
Activity: 18
Merit: 0
Very interesting technical story.

Luckily that in today's age, most generated keys are derived from a high degree of randomness, instead of easily guessable keywords / phrases
hero member
Activity: 641
Merit: 505
Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.

He have done a good work. I guess hackers are also upgrading their way of hacking and must come up with a new way of stealing. I do also hope that authorities will be concerned about it especially now that there are many new users in this forum. Bitcoin have attracted many attention when it reached $10 000 and of course it also looks so good in the eyes of hackers. We should always be careful.
sr. member
Activity: 434
Merit: 270
first3 methods are nothing new, i saw the same methods in some video , posted here .

using merkle roto and tx id as a private key and generate bitcoin address.,

but its like shooting in dark.

legendary
Activity: 2926
Merit: 1386
Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.

There is reason to suspect, and to look for more such issues.

hero member
Activity: 2744
Merit: 541
Campaign Management?"Hhampuz" is the Man
Wow  Shocked

Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.

I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.
member
Activity: 350
Merit: 13
And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.
There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.

You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)


No more than a dozen.....lol... Roll Eyes

I always thought that double-spender with the highest sending fee got favored. But it seems like the one with 312sat/B got included in the block first.
legendary
Activity: 2097
Merit: 1070
And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.
There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.

You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)


No more than a dozen.....lol... Roll Eyes
sr. member
Activity: 770
Merit: 305
sr. member
Activity: 2506
Merit: 368
So is the problem here that blockchain.info is fingered unfairly?
Or is the problem here that there exists private keys that are discover-able.
There's no exact issues here but my guess is this is just a buzz or a human made error. It is impossible to assume that blockchain.info could be hack.

And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.
There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.
What if this is possible but we don't know it yet. Well apparently i don't like this idea it might be an exploit but who knows?
member
Activity: 78
Merit: 10
It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.
Did you read the post right before yours?
So is the problem here that blockchain.info is fingered unfairly?
Or is the problem here that there exists private keys that are discover-able.
sr. member
Activity: 770
Merit: 305
Interestingly - this one appears to be part of a series.

looks like blockchain spam by coinwallet.eu or similar.
the owner did not care about security of funds.
newbie
Activity: 2
Merit: 0
1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD Sha256(16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG)

Interestingly - this one appears to be part of a series.

If I feed the generated address back in to generate the next keypair I find a series of wallets with deposits:

Code:
┌brant@SlugJuice~
└─(walleter)─> $ walleter -s 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG -i 1000
   INFO: Opening BlockchainInfo session
   INFO: Session open
   INFO: Using custom seed: 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG
   INFO: Wallet found: 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG; Received: 0.00001174; Address: 1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD; Private Key: 5Ja1Q4SAxcssJv2yWEFNVxGKvGqoqJorbpnxFY3qLft1pcfypqi; Balance: 0.00000000
   INFO: Wallet found: 1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD; Received: 0.00004430; Address: 1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu; Private Key: 5JDvk8iw55dQVCHbmgeUshNRMKKyEx8GSv33coU7bi9WYLbseyT; Balance: 0.00000000
   INFO: Wallet found: 1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu; Received: 0.00002000; Address: 153jMRXn251WyxT9nmJW2XDsFUJ648jyY5; Private Key: 5Kg983m3WD3aNUrbEVUKxbUbm8GEJjsmrqghXtUQr84qxPy43fp; Balance: 0.00000000
   INFO: Wallet found: 153jMRXn251WyxT9nmJW2XDsFUJ648jyY5; Received: 0.00002000; Address: 1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV; Private Key: 5Jdmm6mWLShx8a2qPHe6ccWf2qW6ceeRnYYC9qgv1CwHMu9DggY; Balance: 0.00000000
   INFO: Wallet found: 1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV; Received: 0.00001000; Address: 1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1; Private Key: 5K5fbsMQ6G11rYDUDMdCmYngiX2df2Xoe5vZL9NqL75Rzf9s1L2; Balance: 0.00000000
   INFO: Wallet found: 1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1; Received: 0.00001000; Address: 1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9; Private Key: 5HxUgMBhacrzwqdHxkRW1SVPYKPAKyPYCbqfNoTKtSJPuC2XBc3; Balance: 0.00000000
   INFO: Wallet found: 1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9; Received: 0.00002000; Address: 1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe; Private Key: 5JRSZfbr5BntG7btk2b8k1X2LgQ6N55LQVbTzfRyX4XDJWykU16; Balance: 0.00000000
   INFO: Wallet found: 1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe; Received: 0.00001000; Address: 1qA59Na3WysruJbCPoomryDRCtJ4f4aLu; Private Key: 5KAmGhufm2PXy86UTGYdvDeThu1aDyFysTYGQmQ3BuoiuWAWkg3; Balance: 0.00000000
   INFO: Wallet found: 1qA59Na3WysruJbCPoomryDRCtJ4f4aLu; Received: 0.00001000; Address: 18VZG5Dr8bYJWadHUgh7kC4RPS1VsvH4Ks; Private Key: 5JuXhZgfUQQKpBSVtcoXnU66fcvQL7oT4uGAf8nozqMmidSL1MH; Balance: 0.00000000
   INFO: Wallet never had any coins. Moving along...
   INFO: Wallet never had any coins. Moving along...
   INFO: Wallet never had any coins. Moving along...
   INFO: Wallet never had any coins. Moving along...
   INFO: Wallet never had any coins. Moving along...
   INFO: Wallet never had any coins. Moving along...
   INFO: Wallet found: 1JZQmZdLVySibjxf3kFfBBa3RBExRonEiD; Received: 0.00001000; Address: 1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g; Private Key: 5KJqWAYiTwV9Uwg2RqrL8XRBaBxD1fPeXmTvbHHtZZFCryYSpfn; Balance: 0.00001000
   INFO: Wallet found: 1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g; Received: 0.00001000; Address: 1Gwz14Cty45h3hZ4nCEno6jSdxtQn5bc7h; Private Key: 5J5JURHZJSG49sTmwiDRw6hEUb7NFb5BmnMyJeWtMaNESpv2fJo; Balance: 0.00000000
   INFO: Wallet never had any coins. Moving along...
   INFO: Wallet found: 1KgAg47rgkX78JtQq2tt52pSVSGnhuacGG; Received: 0.00013000; Address: 1JsHqZBZi7vU1ygsL4GwZh56nNRfBWVcQN; Private Key: 5JZytZfiZkNpofnBhwSkREvnn5GfiVZe6KbBzixo8yXCypFun3M; Balance: 0.00000000


sr. member
Activity: 770
Merit: 305
Did you read the post right before yours?
No. Why should I? Tell me one reason why should I read anything before write anything?
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Unfortunately this isn't the first time that a wallet provider has failed to generate a truly random key.
There's a long thread on it somewhere on this form.
But here's their website:  https://lbc.cryptoguru.org/trophies

It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.


Did you read the post right before yours?
member
Activity: 78
Merit: 10
Unfortunately this isn't the first time that a wallet provider has failed to generate a truly random key.
There's a long thread on it somewhere on this form.
But here's their website:  https://lbc.cryptoguru.org/trophies

It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.

legendary
Activity: 3808
Merit: 1723
Blockchain.info replied sayings its not an issue with them

https://www.reddit.com/r/Bitcoin/comments/7gpami/blockchaininfo_responds_to_address_generation/

Quote
Recently we were contacted by a researcher regarding a potential address generation issue that resulted in private keys being discoverable as well as the funds associated with those addresses. Through his research he identified 128 addresses that were potentially vulnerable including one that he linked to a Blockchain wallet.
Security and the safety of user funds is a top priority at Blockchain. We have a variety of internal mechanisms in place to prevent against malicious attacks and work diligently to educate our users on security best practices. We also investigate all security reports that we receive. For this particular issue, here’s what we discovered:
After an extensive code review across all of our platforms by our lead engineers and security engineering staff, we did not find any patterns in the logic that would cause the same address generation issue this researcher discovered.
Our QA and security team also tried to reproduce the issue and were unable to generate any similar addresses or reproduce this issue.
We then analyzed the transactions characteristics of the 128 impacted addresses reported to us and were able to definitively rule out 94 addresses as not associated with a Blockchain Wallet.
Of the remaining 34 addresses, while we could not rule them out immediately because of our data and privacy constraints, we have strong data to believe they are not connected to a Blockchain Wallet. It is highly unlikely that they were generated by our software.
We scanned the entire block chain during the company’s duration (2011 to present) for similarly generated addresses and discovered six additional addresses, previously undiscovered by the researcher, that were generated in the same manner. We were also able to rule these addresses out as associated with a Blockchain Wallet.
There is only one address we have be able to definitively identify as associated with a Blockchain Wallet. However, this address was imported into the user’s Blockchain Wallet. We’re collaborating with this user to continue to investigate what happened in this specific instance. In other words, the one impacted address that is associated with a Blockchain wallet was imported into that wallet and was not generated by our software.
After extensive investigation and failure to reproduce in our wallet software the kinds of addresses observed by the researcher, we are confident that the address generation issue he discovered did not originate from our Blockchain Wallet software.
We welcome security inquiries and actively support our bug bounty program. If you would like to review our code it’s available on Github here.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Fascinating read.  I plan to look at it more when I have some time.

Some of the Bitcoin addresses that were used to generate the private keys are "well known" long standing vanity addresses, for example 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN
legendary
Activity: 1092
Merit: 1001
Touchdown
Someone pointed out that the issue may be linked to an old PHP library.

See https://github.com/coinables/Bitcoin-NoAPI-Shopping-Cart/issues/2

One of the addresses in the OP is mentioned in the above github issue.
legendary
Activity: 3808
Merit: 1723
newbie
Activity: 2
Merit: 0
November 30, 2017, 11:50:28 AM
#9
it also looks like u/fitwear made a post https://www.reddit.com/r/Bitcoin/comments/6u940t/bitcoin_paper_wallet_help/

Looks like he would have typed in his private key on bitaddress.org .. potential issues there?
Pages:
Jump to: