Topic: Whoever just sent me 0.001 BTC out of the blue... (Read 4564 times)

feel honored to send me some random dough unanimously!

1JHAECJBamL5RcAhUGzce1b6X2ZaMyizg8

 

You are welcome. Pay it forward.

I did. It was a mistake. Please send it back.

I meant, if the original change-making transaction (and probably associated generation of that address) could be used as one half of the comparable transactions.

or

If the android client used the same 'rand', from say, 6 months ago?

If you mean exposed and vulnerable to the Android random-number sloppiness, then no. Quick explanation from my learnings:

There are three parts to a bitcoin address/keypair/etc.: the private key, the public key, and the address.

The private key is where it all starts. Elliptic-curve (ECDSA) encryption is used to get the public key from the private key. SHA-256 hashing and RIPEMD-160 hashing are used to get the address from the public key.

The address is what you give out to folks. It's protected by ECDSA encryption and three actual hashes from two different methods. We currently know it to be safe from even quantum computing. Receiving bitcoins at a truly random address is essentially riskless.

But to SPEND from that address, you need to reveal your public key. This is still considered safe (to non-quantum computers) since you can't (normally) get the private key from just the public key. The transaction is signed using ECDSA, and in theory should be solid.

But ECDSA signing requires fresh random numbers each time you use it. If your computer happens to spit out the same "random" number twice whenever you ask for one to sign more than one transaction with the same private key, then you're in trouble, because the signature on the transactions will be similar, and it won't take any real effort to figure out the private key from the two transactions.

IIRC, this sort of potential "loophole" was just one of several reasons why you really were never supposed to re-use bitcoin addresses. But, humans being what we are and all.... 

(Yes, I do it too, for the convenience of course....)

relax guys, i scraped the forum a while back for bitcoin addresses in threads tagged giveaway. i happened upon an ancient thread where 70+ users had signed up for a giveaway. i used the addresses, which were already prepared in rpc form  and did an anonymous "bit-penny" giveaway. a small way of giving back to the community. may or may not have been me but it was probably something similar

Isn't that address already 'exposed' from the original transaction?


At first I thought the 0.001's were going to Android-only tx, but I guess not.

Well fortunately I'm running a standard full bitcoin client so this won't affect me.  I guess it really is free money then (for me).

from topic:
 http://bitcointalk.org/index.php?topic=271831.100  
[ANNOUNCE] Android key rotation

The Android security flaw might be an alternative explanation for the "address seeding":

https://bitcointalksearch.org/topic/m.2911785

Spend 1 BTC on seeding, find expose an address private key with 5 BTC in it, profit!

This has happened many times before. Either for new parties testing the whole Bitcoin concept out or for other reasons which remain unknown. I believe there was a similar event which a fellow was learning to program and setup a script which sent to random address, if it matched a Blockchain address it would send a satoshi. Maybe, it was for a future website or project he was planning. Maybe it's something similar, maybe a little to much to be sending if it's that reason, also there are other means to go about that particular method.

Quite strange actually. Everything happens with a reason.

I don't think it's luck.  Whoever is doing this is paying these 0.001 BTC payments is also paying 0.0005 BTC in fees.

Clearly it's some party probing the BTC network, either for academic studies or nefarious espionage purposes.

lucky, I only got that one time

It was Satoshi making sure you didn't forget he's watching you 

The plot thickens.  I just received another 0.001 BTC this morning at the same address.

I just downloaded and familiarized myself with coin control.  It's a really powerful tool.  I can list all the inputs in my wallet and select exactly which ones I want to use to form an Xmit.  I can even form 0 fee Xmits.

If you have a wallet with coin control, yes. But the Qt client doesn't have that.

If I were that concerned about it (not sure if I would be or not,) and didn't have a coin-controlling wallet, here's what I would try:

 - Extract the private key for the address from the wallet
 - Import the private key into a new Blockchain.info browser wallet
 - Create a custom transaction spending 0.001 BTC from that address to the address of your choice (a charity, a friend who doesn't care, a wallet of yours marked "tainted funds," the bitcoin black hole, etc.)
 - Choose "show advanced" to make sure that the offending transaction is the one the 0.001 BTC is tied to
 - Send it

If necessary and I really wanted it done, I'd figure out how to craft the transaction by hand, quadruple-check it, and push it manually.

Anyone wanting privacy who received this "free money" should probably do this, or something similar. For most, it might not matter; after all, this could just be an experiment by some college student. Then again, it could be the NSA attempting to deanonymize bitcoin addresses to track people who donated to Wikileaks. Or anything inbetween. 

Also, I had an idea...

The person doing this can't really hide his intentions by sending out so many bitcents to so many addresses. But for the rest of us, we can borrow this person's tactic and use it against him. How? Every so often, pick a random transaction in the blockchain and trace some of the coins for a bit, until you hit an address that there's no public record of (other than in the blockchain.) Send a random, small amount of bitcoins to it. If only done infrequently, it shouldn't cause alarm. If even a small % of people do this, it could be enough to thwart the same tactic used against us. Sure, some will worry about the blockchain bloat (I kinda do,) but if it's your privacy at stake, and possibly that of all bitcoin users, it seems legit enough to me.

Just food for thought.

I just searched for "0.001 btc" and found one of the threads you mentioned.  So this has been going on for a month or two then.
Now I'm all paranoid about gubment conspiracies trying to de-anonymize BTC addresses.

Is there a way of "sequestering" this 0.001 BTC and never spending it?

This has been discussed in at least one other thread. The plurality opinion seems to be: someone's experimenting with ways of simplifying the tracking of coins. Even if you normally only use each address in your wallet once, if someone drops 0.001 BTC into a change address you've never given out (but which appeared in the blockchain in a spend) it lets them tie that address to future addresses once you spend it.

Lucky? Maybe. Maybe not....