> So it's probably already more effective to attack wallets than join a mining pool.
That's not how you make the calculations. The reason the idea was called stupid is because the math doesn't add up. My guess is that these 3 private keys had weaknesses in them. Even the probability that they were found by "luck" is way far off.
Given merge mining is possible, I'd assume with some tweaking side-colliding + mining is possible. So if it was profitable miners would already be doing it.
I'm sorry, I'm not sure I understand your point: are you saying my math is off, given the claims of the article (ie, hashes computed, time spent, and compromises), or that the article is wrong because it's not that easy to crack?
Google found a SHA-1 collision (160 bit hash, same size but different method) in 9 quintillion hashes (plus some crypto work). The article claims they found a collision against 3 of millions of targets in 3 quadrillion hashes (likely plus some crypto work). Given the birthday paradox, it's not a priori impossible.
Could you explain why you don't believe their attack is mere hash collisions?
They're running a brute force preimage attack against all bitcoin addresses which currently have a balance. The reason they say "collision" is that if they found a key that hadn't been made weak on purpose, it would probably be a different key from the original (bitcoin addresses do not map 1-to-1 with keys).
That's not how you make the calculations. The reason the idea was called stupid is because the math doesn't add up. My guess is that these 3 private keys had weaknesses in them. Even the probability that they were found by "luck" is way far off.
Given merge mining is possible, I'd assume with some tweaking side-colliding + mining is possible. So if it was profitable miners would already be doing it.