Very interesting technical story.
Luckily that in today's age, most generated keys are derived from a high degree of randomness, instead of easily guessable keywords / phrases
Topic: Thoughts on this private key stealing mystery - page 4. (Read 23050 times)
Wow 
Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.
He have done a good work. I guess hackers are also upgrading their way of hacking and must come up with a new way of stealing. I do also hope that authorities will be concerned about it especially now that there are many new users in this forum. Bitcoin have attracted many attention when it reached $10 000 and of course it also looks so good in the eyes of hackers. We should always be careful.
first3 methods are nothing new, i saw the same methods in some video , posted here .
using merkle roto and tx id as a private key and generate bitcoin address.,
but its like shooting in dark.
using merkle roto and tx id as a private key and generate bitcoin address.,
but its like shooting in dark.
Wow
Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.
There is reason to suspect, and to look for more such issues.
Wow
Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
hes really a genius and an expert in hes field,its one of a kind to find such discovery Amazing discovery of a amazing coup. The guy who made this and the guy which discovered it are pure genious.
I am really excited to find out in which priv key generation code this thing is implemented.
but what made me think is how many people in crypto can do this kind of key generating
code hacking,hope this one will alarm the authorities to make precautionary measures.
And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.
You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)
No more than a dozen.....lol...
I always thought that double-spender with the highest sending fee got favored. But it seems like the one with 312sat/B got included in the block first.
And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.
You can do a following test: send a small amount ( 0.0010 btc ) to "the most compromissed address"
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T sha("correct horse battery staple")
and count the sweep attempts here:
https://bitaps.com/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
(this block-explorer shows conflicting transactions)
No more than a dozen.....lol...
It is impossible to assume that blockchain.info could be hack.
You've made my day.https://www.reddit.com/r/Bitcoin/comments/2onl1y/at_least_hundreds_of_coins_were_stolen_from/
So is the problem here that blockchain.info is fingered unfairly?
Or is the problem here that there exists private keys that are discover-able.
There's no exact issues here but my guess is this is just a buzz or a human made error. It is impossible to assume that blockchain.info could be hack.Or is the problem here that there exists private keys that are discover-able.
And soon there will be many more people trying to steal coins from that kind of addresses.
Not many.There are no more than a dozen people in the whole world who can create and
run such software. Keeping and updating in realtime the database is not simple and cheap task.
It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.
Did you read the post right before yours?Or is the problem here that there exists private keys that are discover-able.
Interestingly - this one appears to be part of a series.
looks like blockchain spam by coinwallet.eu or similar.
the owner did not care about security of funds.
1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD Sha256(16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG)
Interestingly - this one appears to be part of a series.
If I feed the generated address back in to generate the next keypair I find a series of wallets with deposits:
Code:
┌brant@SlugJuice~
└─(walleter)─> $ walleter -s 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG -i 1000
INFO: Opening BlockchainInfo session
INFO: Session open
INFO: Using custom seed: 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG
INFO: Wallet found: 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG; Received: 0.00001174; Address: 1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD; Private Key: 5Ja1Q4SAxcssJv2yWEFNVxGKvGqoqJorbpnxFY3qLft1pcfypqi; Balance: 0.00000000
INFO: Wallet found: 1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD; Received: 0.00004430; Address: 1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu; Private Key: 5JDvk8iw55dQVCHbmgeUshNRMKKyEx8GSv33coU7bi9WYLbseyT; Balance: 0.00000000
INFO: Wallet found: 1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu; Received: 0.00002000; Address: 153jMRXn251WyxT9nmJW2XDsFUJ648jyY5; Private Key: 5Kg983m3WD3aNUrbEVUKxbUbm8GEJjsmrqghXtUQr84qxPy43fp; Balance: 0.00000000
INFO: Wallet found: 153jMRXn251WyxT9nmJW2XDsFUJ648jyY5; Received: 0.00002000; Address: 1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV; Private Key: 5Jdmm6mWLShx8a2qPHe6ccWf2qW6ceeRnYYC9qgv1CwHMu9DggY; Balance: 0.00000000
INFO: Wallet found: 1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV; Received: 0.00001000; Address: 1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1; Private Key: 5K5fbsMQ6G11rYDUDMdCmYngiX2df2Xoe5vZL9NqL75Rzf9s1L2; Balance: 0.00000000
INFO: Wallet found: 1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1; Received: 0.00001000; Address: 1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9; Private Key: 5HxUgMBhacrzwqdHxkRW1SVPYKPAKyPYCbqfNoTKtSJPuC2XBc3; Balance: 0.00000000
INFO: Wallet found: 1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9; Received: 0.00002000; Address: 1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe; Private Key: 5JRSZfbr5BntG7btk2b8k1X2LgQ6N55LQVbTzfRyX4XDJWykU16; Balance: 0.00000000
INFO: Wallet found: 1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe; Received: 0.00001000; Address: 1qA59Na3WysruJbCPoomryDRCtJ4f4aLu; Private Key: 5KAmGhufm2PXy86UTGYdvDeThu1aDyFysTYGQmQ3BuoiuWAWkg3; Balance: 0.00000000
INFO: Wallet found: 1qA59Na3WysruJbCPoomryDRCtJ4f4aLu; Received: 0.00001000; Address: 18VZG5Dr8bYJWadHUgh7kC4RPS1VsvH4Ks; Private Key: 5JuXhZgfUQQKpBSVtcoXnU66fcvQL7oT4uGAf8nozqMmidSL1MH; Balance: 0.00000000
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet found: 1JZQmZdLVySibjxf3kFfBBa3RBExRonEiD; Received: 0.00001000; Address: 1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g; Private Key: 5KJqWAYiTwV9Uwg2RqrL8XRBaBxD1fPeXmTvbHHtZZFCryYSpfn; Balance: 0.00001000
INFO: Wallet found: 1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g; Received: 0.00001000; Address: 1Gwz14Cty45h3hZ4nCEno6jSdxtQn5bc7h; Private Key: 5J5JURHZJSG49sTmwiDRw6hEUb7NFb5BmnMyJeWtMaNESpv2fJo; Balance: 0.00000000
INFO: Wallet never had any coins. Moving along...
INFO: Wallet found: 1KgAg47rgkX78JtQq2tt52pSVSGnhuacGG; Received: 0.00013000; Address: 1JsHqZBZi7vU1ygsL4GwZh56nNRfBWVcQN; Private Key: 5JZytZfiZkNpofnBhwSkREvnn5GfiVZe6KbBzixo8yXCypFun3M; Balance: 0.00000000
└─(walleter)─> $ walleter -s 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG -i 1000
INFO: Opening BlockchainInfo session
INFO: Session open
INFO: Using custom seed: 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG
INFO: Wallet found: 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG; Received: 0.00001174; Address: 1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD; Private Key: 5Ja1Q4SAxcssJv2yWEFNVxGKvGqoqJorbpnxFY3qLft1pcfypqi; Balance: 0.00000000
INFO: Wallet found: 1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD; Received: 0.00004430; Address: 1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu; Private Key: 5JDvk8iw55dQVCHbmgeUshNRMKKyEx8GSv33coU7bi9WYLbseyT; Balance: 0.00000000
INFO: Wallet found: 1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu; Received: 0.00002000; Address: 153jMRXn251WyxT9nmJW2XDsFUJ648jyY5; Private Key: 5Kg983m3WD3aNUrbEVUKxbUbm8GEJjsmrqghXtUQr84qxPy43fp; Balance: 0.00000000
INFO: Wallet found: 153jMRXn251WyxT9nmJW2XDsFUJ648jyY5; Received: 0.00002000; Address: 1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV; Private Key: 5Jdmm6mWLShx8a2qPHe6ccWf2qW6ceeRnYYC9qgv1CwHMu9DggY; Balance: 0.00000000
INFO: Wallet found: 1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV; Received: 0.00001000; Address: 1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1; Private Key: 5K5fbsMQ6G11rYDUDMdCmYngiX2df2Xoe5vZL9NqL75Rzf9s1L2; Balance: 0.00000000
INFO: Wallet found: 1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1; Received: 0.00001000; Address: 1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9; Private Key: 5HxUgMBhacrzwqdHxkRW1SVPYKPAKyPYCbqfNoTKtSJPuC2XBc3; Balance: 0.00000000
INFO: Wallet found: 1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9; Received: 0.00002000; Address: 1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe; Private Key: 5JRSZfbr5BntG7btk2b8k1X2LgQ6N55LQVbTzfRyX4XDJWykU16; Balance: 0.00000000
INFO: Wallet found: 1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe; Received: 0.00001000; Address: 1qA59Na3WysruJbCPoomryDRCtJ4f4aLu; Private Key: 5KAmGhufm2PXy86UTGYdvDeThu1aDyFysTYGQmQ3BuoiuWAWkg3; Balance: 0.00000000
INFO: Wallet found: 1qA59Na3WysruJbCPoomryDRCtJ4f4aLu; Received: 0.00001000; Address: 18VZG5Dr8bYJWadHUgh7kC4RPS1VsvH4Ks; Private Key: 5JuXhZgfUQQKpBSVtcoXnU66fcvQL7oT4uGAf8nozqMmidSL1MH; Balance: 0.00000000
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet never had any coins. Moving along...
INFO: Wallet found: 1JZQmZdLVySibjxf3kFfBBa3RBExRonEiD; Received: 0.00001000; Address: 1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g; Private Key: 5KJqWAYiTwV9Uwg2RqrL8XRBaBxD1fPeXmTvbHHtZZFCryYSpfn; Balance: 0.00001000
INFO: Wallet found: 1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g; Received: 0.00001000; Address: 1Gwz14Cty45h3hZ4nCEno6jSdxtQn5bc7h; Private Key: 5J5JURHZJSG49sTmwiDRw6hEUb7NFb5BmnMyJeWtMaNESpv2fJo; Balance: 0.00000000
INFO: Wallet never had any coins. Moving along...
INFO: Wallet found: 1KgAg47rgkX78JtQq2tt52pSVSGnhuacGG; Received: 0.00013000; Address: 1JsHqZBZi7vU1ygsL4GwZh56nNRfBWVcQN; Private Key: 5JZytZfiZkNpofnBhwSkREvnn5GfiVZe6KbBzixo8yXCypFun3M; Balance: 0.00000000
Did you read the post right before yours?
No. Why should I? Tell me one reason why should I read anything before write anything? Unfortunately this isn't the first time that a wallet provider has failed to generate a truly random key.
There's a long thread on it somewhere on this form.
But here's their website: https://lbc.cryptoguru.org/trophies
It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.
Did you read the post right before yours? There's a long thread on it somewhere on this form.
But here's their website: https://lbc.cryptoguru.org/trophies
It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.
Unfortunately this isn't the first time that a wallet provider has failed to generate a truly random key.
There's a long thread on it somewhere on this form.
But here's their website: https://lbc.cryptoguru.org/trophies
It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.
There's a long thread on it somewhere on this form.
But here's their website: https://lbc.cryptoguru.org/trophies
It would be good to know who the bad actor is (blockchain.info?) so users can vote with their feet.
Blockchain.info replied sayings its not an issue with them
https://www.reddit.com/r/Bitcoin/comments/7gpami/blockchaininfo_responds_to_address_generation/
https://www.reddit.com/r/Bitcoin/comments/7gpami/blockchaininfo_responds_to_address_generation/
Quote
Recently we were contacted by a researcher regarding a potential address generation issue that resulted in private keys being discoverable as well as the funds associated with those addresses. Through his research he identified 128 addresses that were potentially vulnerable including one that he linked to a Blockchain wallet.
Security and the safety of user funds is a top priority at Blockchain. We have a variety of internal mechanisms in place to prevent against malicious attacks and work diligently to educate our users on security best practices. We also investigate all security reports that we receive. For this particular issue, here’s what we discovered:
After an extensive code review across all of our platforms by our lead engineers and security engineering staff, we did not find any patterns in the logic that would cause the same address generation issue this researcher discovered.
Our QA and security team also tried to reproduce the issue and were unable to generate any similar addresses or reproduce this issue.
We then analyzed the transactions characteristics of the 128 impacted addresses reported to us and were able to definitively rule out 94 addresses as not associated with a Blockchain Wallet.
Of the remaining 34 addresses, while we could not rule them out immediately because of our data and privacy constraints, we have strong data to believe they are not connected to a Blockchain Wallet. It is highly unlikely that they were generated by our software.
We scanned the entire block chain during the company’s duration (2011 to present) for similarly generated addresses and discovered six additional addresses, previously undiscovered by the researcher, that were generated in the same manner. We were also able to rule these addresses out as associated with a Blockchain Wallet.
There is only one address we have be able to definitively identify as associated with a Blockchain Wallet. However, this address was imported into the user’s Blockchain Wallet. We’re collaborating with this user to continue to investigate what happened in this specific instance. In other words, the one impacted address that is associated with a Blockchain wallet was imported into that wallet and was not generated by our software.
After extensive investigation and failure to reproduce in our wallet software the kinds of addresses observed by the researcher, we are confident that the address generation issue he discovered did not originate from our Blockchain Wallet software.
We welcome security inquiries and actively support our bug bounty program. If you would like to review our code it’s available on Github here.
Security and the safety of user funds is a top priority at Blockchain. We have a variety of internal mechanisms in place to prevent against malicious attacks and work diligently to educate our users on security best practices. We also investigate all security reports that we receive. For this particular issue, here’s what we discovered:
After an extensive code review across all of our platforms by our lead engineers and security engineering staff, we did not find any patterns in the logic that would cause the same address generation issue this researcher discovered.
Our QA and security team also tried to reproduce the issue and were unable to generate any similar addresses or reproduce this issue.
We then analyzed the transactions characteristics of the 128 impacted addresses reported to us and were able to definitively rule out 94 addresses as not associated with a Blockchain Wallet.
Of the remaining 34 addresses, while we could not rule them out immediately because of our data and privacy constraints, we have strong data to believe they are not connected to a Blockchain Wallet. It is highly unlikely that they were generated by our software.
We scanned the entire block chain during the company’s duration (2011 to present) for similarly generated addresses and discovered six additional addresses, previously undiscovered by the researcher, that were generated in the same manner. We were also able to rule these addresses out as associated with a Blockchain Wallet.
There is only one address we have be able to definitively identify as associated with a Blockchain Wallet. However, this address was imported into the user’s Blockchain Wallet. We’re collaborating with this user to continue to investigate what happened in this specific instance. In other words, the one impacted address that is associated with a Blockchain wallet was imported into that wallet and was not generated by our software.
After extensive investigation and failure to reproduce in our wallet software the kinds of addresses observed by the researcher, we are confident that the address generation issue he discovered did not originate from our Blockchain Wallet software.
We welcome security inquiries and actively support our bug bounty program. If you would like to review our code it’s available on Github here.
Fascinating read. I plan to look at it more when I have some time.
Some of the Bitcoin addresses that were used to generate the private keys are "well known" long standing vanity addresses, for example 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN
Some of the Bitcoin addresses that were used to generate the private keys are "well known" long standing vanity addresses, for example 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN
Someone pointed out that the issue may be linked to an old PHP library.
See https://github.com/coinables/Bitcoin-NoAPI-Shopping-Cart/issues/2
One of the addresses in the OP is mentioned in the above github issue.
See https://github.com/coinables/Bitcoin-NoAPI-Shopping-Cart/issues/2
One of the addresses in the OP is mentioned in the above github issue.
His original post is here
https://www.reddit.com/r/Bitcoin/comments/7cw2uw/how_blockchaininfo_stole_65000_from_me/
https://www.reddit.com/r/Bitcoin/comments/7cw2uw/how_blockchaininfo_stole_65000_from_me/
it also looks like u/fitwear made a post https://www.reddit.com/r/Bitcoin/comments/6u940t/bitcoin_paper_wallet_help/
Looks like he would have typed in his private key on bitaddress.org .. potential issues there?
Looks like he would have typed in his private key on bitaddress.org .. potential issues there?
Jump to: