I have a script[1] that generates a pub+private key and checks against a massive file of addresses with BTC[2]. The list of addresses is loaded in memory as a python `set` so checking is O(1), but I feel like optimisations at increasing the rate are futile, since no matter what you're basically rolling the die and hoping RNG lands on your side in your lifetime and your universe of all possible universes.

1. https://github.com/theden/btc-heist

2. https://bitkeys.work/download.php has a weekly updated CSV of all known addresses with nonzero BTC balance

I’m fully aware behind the math of finding a wallet actually holding anything… but I was fairly weirded out to come across 10 wallets that quickly. Most had their last txn out roughly 2019.

I'd say odds are that the website is wrong, but you can always load those keys in a wallet and see if they give you control over the actual address.

If that works, I'd assume it's the case that some people have used weak keys (for example, a popular Ethereum wallet would actually generate 256 bits of entropy but accidentally truncate it to 32 bits in an operation), and any funds in those wallets will have been snagged long ago.

Point being: generate a private key properly, and no one will ever find it.

EDIT: I realize this is another page then the one I've seen previously, but I think the same idea applies. That one had support for Ethereum, too, and on the final page was an account with a balance.

EDIT: the aforementioned wallet can also be found as the 0x00 wallet on the very first page. Interesting collision?

EDIT2: it's hardcoded https://github.com/SjorsO/keys-generator/blob/master/ethereu...

That or someone is actually using the site to come up with wallet keys.

But one of them was 1337, another some variant of 420-420xxx +-2 pages, another some variant of 1000000-1000000,xxx,xxx,xxx +-2 pages on those.

I can tell you there was nothing on 8008135 though

There’s a singular emptied walled on 1337 and nothing else +-25 at a minimum from it, I didn’t look any further.

You’re telling me that other people had exactly the same idea, but out of everyone in crypto, ever, it was only a singular person?

That seems more outlandish than the fact there’s one there IMO.

If it were, we'd be finding keys left and right every second.

It is estimated there are 10^80 atoms in the observable universe.

Sooo... what's 4 astronomicals?

You don't need the f.close() here - the context manager does it for you.

Better avoid surprising things.

It's like being in the world's biggest ever lottery syndicate, except if you pick the winning numbers it gets sent to a specific other person who's website you're on. If someone, eventually, hits the jackpot then the owner of playxo.com is going to be very, very rich.

I mean, I'd assume, cynically.

The chances of anyone hitting a green wallet are still incredibly narrow, but you never know.

fgsfds

    >>> import pandas as pd
        df = pd.read_csv("btc_balance_sorted.csv")
        df['balance'].apply(lambda x: x * 36902.7 / 100e6).describe()

    count    3.359206e+07
    mean     1.838824e+04
    std      2.819739e+06
    min      3.690270e-04
    25%      2.871768e+00
    50%      2.943913e+01
    75%      2.652168e+02
    max      1.063263e+10

df["balance"].mul(36902.7).div(100e6)

See [0] for explanations

[0] https://stackoverflow.com/a/52674448

    %time df['balance'].apply(lambda x: x * 36902.7 / 100e6).describe()
    Wall time: 12.6 s

    %time df["balance"].mul(36902.7).div(100e6).describe()
    Wall time: 2.33 s

Top 100 Richest Bitcoin Addresses:

https://bitinfocharts.com/top-100-richest-bitcoin-addresses....

https://henvic.dev/posts/bitcoin/

What do you usually call someone who takes a thing from its owner without permission?

Yeah, someone was silly to pay hard earned money in exchange from useless tokens. It was a gamble. If the useless tokens get stolen, I'm sorry to say, but whoever paid for BTC already lost their wealth in the first place when they converted whatever they had before for it.

It's true that information is infinitely abundant. However, unlike copyrighted works, private keys are not supposed to be shared. There should never be more than one copy of that number in the entire universe. If people can brute force keys by guessing, we've probably got bigger problems.

Obtaining that number without authorization is already a crime. Accessing computers illegally to exfiltrate data is already a crime. Breaking into a physical safe in order to obtain a paper key is already a crime.

Sure thing. Hence, the importance of analyzing each case individually. If unauthorized computer access is used, sure thing a crime was committed. If someone created a wallet using a stupid wallet generator which used this website to "create" private keys, and someone else also had this silly idea, and someone deposited Bitcoin on a wallet created by this mean and and someone else took it, then no crime was committed.

You don't even need the website. Cryptographic keys are just numbers. All data is just numbers. You can write simple code to generate all numbers from zero to infinity and it will eventually generate all cryptograhpic keys, all computer files, all copyrighted works, all hate speech, all child abuse material, everything that can possibly be represented as data.

The thing is the search space is so unfathomably large that such a program will never produce useful results. This is central to cryptography. If a private key is copied, it must have been done so illegally or accidentally. Any other option means the cryptography is defective.

This is the complete opposite of copyrighted works whose entire purpose is copying. The data is already known and they're hopelessly trying to regulate access to it.

I agree if you're talking about an evidence such as a high-quality video or even photo with everything leading us to believe it's legit. However, we can not be as confident if we're talking about a BTC token. While extremely unlikely, there might be faulty algorithm implementations, problems with the algorithm, etc., that might lead to this situation.

Very unlikely? Sure, but we've to give the benefit of the doubt.

And these days, they way society is using traditional currency is become less tangible all the time. It’s is 100% possible to live life with never touching physical currency. Get paid via direct deposit, credit cards for your daily expenses, ACH your housing bill and credit card expenses. All just information flowing around.

Crypto is certainly overhyped and overvalued days, but it’s seems that at the core, crypto and modern banking are accomplishing the same thing: managing numbers(information) that people value.

It's unethical to steal something tangible. Bitcoin has no tangibility whatsoever. You can't steal it.

---

Property is legally defined as 'Not only money and other tangible things of value, but also includes any intangible right considered as a source or element of income or wealth.'

That includes protectable ideas, digital files, financial instruments (like stocks and bonds, loans and credits), computer graphics, certain arrangements of words and quite a bit more.

---

What does tangibility mean to you? That allows you steal the examples in the second paragraph without legal reprecussions nor ethical dilemmas?

You may get lucky with KYC, but who in their right mind would gen a collision only to get caught on the cash out?

You're not in control once someone has your pk unless you can mobilize a 51% attack to fix your problem.

I find it rather revealing that so many anti-crypto blog posts offer no novel solutions, they only ramble on about how they know crypto isn't the solution. Seems rather uninspired to say you understand a problem domain but have no suggestions on how to solve the problem other than literally a solution that has already been tried at large scale and failed.

Sure, the gold standard in an alternate reality seems like a great idea, but we live in this reality where central powers were able to quite easily strip society away from this contract with barely any resistance.

There are actual laws in the US that if you find money, you are supposed to report it to the authorities, and if no one reports losing the money in some fixed time (30 days?) then you keep it.

How lucky for everyone that the crypto folks have specifically attempted to evade all the laws that apply to real money

Bitcoin's supposedly scarcity is a joke that doesn't make any sense whatsoever.

Basically parroting the same thing other people have been saying for years, absolutely no unique insight. He is so angry he missed the train, he just had to let it all out.

Don't worry Henrique, Bitcoin will go to $0 any day now!

Tbh, I did get some early but I ordered sushi (thuisbezorgd.nl accepted btc) and raspberry pi stuff from Pi Hut for amounts that make me cry in retrospect. Still, I'm not that 10k BTC pizza guy so there's that.

If its scarcity isn't real, then why can't you conjure up an arbitrary number of bitcoins at will?

The whole point of cryptography is nobody could possibly guess these numbers within the lifetime of the universe. If this assumption is somehow proven wrong, we've probably got bigger problems than one person losing money.

Why wouldn't the same logic apply to any property?

You're reading the file in every process, this needs mem x N for N processes.

If you first read in the file, create the set, and then use multiprocessing, you will get forked processes sharing the parent's memory, i.e. only need 1 x N the memory.

Funny thing is even though it's throwaway code, ensuring everything worked as expected felt really high-stake since a bug would mean a found key would be lost!

Edit: Also not sure if shared memory would be slower in python3 (or if it was, whether it would matter in this use-case), but an interesting thing to profile.

multiprocessing also provides a way to access the OS' explicit shared memory usually used as an IPC mechanism.

multiprocessing's "shared memory" facility is for writable memory.

What I described is extremely handy as you simply move the parsing code up in the script, before your function definition, and "magically" gain memory efficiency.

Miners aren't brute forcing keys to existing wallets and stealing the bitcoin, as that's effectively impossible even for the biggest mining rig (like, a mining rig the size of the sun couldn't do it in a trillion years)

Technically miners could start mining by trying to guess private keys, but there's no reason to because the expected value is so so much worse.

Can quantum techniques allow one to more effectively search for a specific private key to a BTC account?

Best practice for secure bitcoin accounts is to always send the entire balance when making a transaction, and have the "change" go back to a new address

I haven't published the public key to my bitcoin wallet. If someone sends to my address how do they publish the public key?

There are new output formats with taproot but they aren't mandatory and you can still send to addresses with no published public key

BTC addresses that have never sent BTC are not vulnerable to quantum computers as the public key is only sent when a transaction is made. The address you send to is a hash of the public key and irreversible even with quantum computers

It's it the number of operations which is the square root? (Presumably the different types of computer don't take the same amount of time per operation)

Mining involves guessing a salt which, when added to data for a single block’s with of transactions, makes the hash have a certain sum of zeros.

They are only the same in that they are using randomness to search for some number satisfying a given criteria. But, for example, you couldn’t use mining hardware to search for wallets with open balances. The mining hardware is specially optimized for one thing only.

or more briefly: never

We've shown time and time again that our undefeatable algorithms aren't.

Would you be comfortable if the Blockchain was frozen in time for a hundred years, after which you could withdrawal your balance? Would it be impervious over that time frame?

If the sum of the block reward and the transaction fees decreases, then that would result in fewer groups willing to perform proof of work calculations, and would be followed by a decrease in the proof of work difficulty in order to maintain ~1 block every ten minutes. That lowered difficulty then results in a lower cost to attack Bitcoin.

So, there must always, always be profit in running proof of work calculations. Not only that, but to maintain the security of the ledger, any increase in Bitcoin valuation must result in a proportional increase in proof of work expenditure across the entire network. It's an absolute disaster of a system.

The opposite is true of finding private keys.

I check my $100 dollar wallet.

It's there, doesn't get emptied.

Cool, I think! Next day I check my $1000000 wallet.

It gets immediately emptied.

Alternatively:

I check my $100 dollar wallet. It gets emptied.

SCAMMER I scream on HN and Twitter.

Site gets shutdown. Silly person doesn't check their $1000000 wallet.

I have an unencrypted btc wallet with a few hundred usd worth of btc as a canary.

It's not perfect of course.

mydogisthebestboye44

Damn it!

Did you mean to type something? Or just all stars?

view(coins = coins_with_prefix(query.page_num))

so, the site operator doesn’t need to go buy 2^256 bytes of hard drive space to store all the pages.

Backstory is that ~15 years ago when upload ratio was important some person decided to generate a list and upload a torrent with such click bait name just to increase his/her ratio. It worked well.

I remember people used to share their C:/program Files/ directory

Good to know I have a 1/2^256 chance to find a bitcoin billionaire's wallet. This feels only slightly more ludicrous than the guy who lost his bitcoin in a hard drive and went looking for it in a dumpster.

Russ Hanneman did it better: https://www.youtube.com/watch?v=aKXqZh43OH8

https://www.cbsnews.com/news/hard-drive-lost-bitcoin-landfil...

You don't need to find a specific private key, anyone will do that yields a public key that hashes to the BTC address.

That means the actual probability would be about 1/(2^135).

At a million hashes per second, that means you would likely find one after about 10^27 years.

I would expect this website, in the rare event of discovering some positive balance, to try spending it right away...

Unless the author trusts in luck or has too much free time on their hands.

Edit: or waits for someone to check a page containing their own private key.

Hobbies of crypto millionaires?

Some people used those early addresses on purpose. Maybe for testing or something or I guess maybe due to a bug or something.

How is that possible. Same happened to me.

>> leads to the "end" page, it's not as I though a "big jump" from some random page... thus I suspect it's simply addresses that are low entropy, at the end of the range.

It's like saying "I'm gonna pick a random number between 1 and a trillion", and then picking 999,999,999,995. Probably not a smart idea given that you don't want anyone else to be able to guess your number.

2. the birthday problem basically halves the exponent security wise. The rule of thumb: If you have N possible outcomes, then after around sqrt(N) guesses the probability of a collision approaches 0.5. So, for birthdays, it's 365 outcomes, so with 19 or 20 people your risk of collision already approaches a half. For BTC private keys, there are 2^256 possible, so with 2^128 guesses you'd approach a likely collision. Fortunately, that's still 1e38, so if you check 1e10 per second, you'd still need 1e20 years to get there.

2^(256/2) is way, way bigger than the number of used bitcoin addresses, which is about 33 million according to this csv [1].

[0] https://en.wikipedia.org/wiki/Birthday_attack#Mathematics

[1] https://bitkeys.work/download.php

the first one having 7 BTC sent and received with the recent transaction in 2021-11-25 22:56. looks like its the wallet id 1.

also the 0 page haave some as well. looks like someone is monitoring those address.

https://playxo.com/bitcoin/1

https://www.blockchain.com/btc/address/1EHNa6Q4Jz2uvNExL497m...

https://playxo.com/bitcoin/0

Anybody can throw money and watch which robot will catch it.

Sometimes the addresses are reloaded (anybody can reload them by sending money to them). And usually when they are reloaded somebody grab the coins on the next block. The amount of money are not important ~1 USD.

Anybody that has guessed the private key can grab the money if he is aware that it has been reloaded, and then it has to pick the fees higher than the other so that his transaction get preferentially chosen by the miners.

The following address for example seems to be one of those bread crumbing bot : https://www.blockchain.com/btc/address/bc1q0ct0pus328qv2veln... (Note that the public address begins with (bc1q0ct0pus), (so presumably someone has searched for a private key whose public key has a fitting name for a bitcoin grabbing bot) that has managed to grab a few times recently from 1EHNa6... (the address whose private key is the first possible private key).

Presumably it has found other feeding spots as it has so far collected from different sources over the course of 1 year : 0.01274447BTC

* Tlon Uqbar Orbis Tertius describes an extreme Idealistic philosophy where things exist only as long as someone (something?) perceives them, which IMHO is an apt description of the digital world.

* Funes describes the life of a man with perfect recall: so perfect, in fact, that he is unable to classify things (e.g., stones, or dogs) due to the infinite amount of details that set every single object apart from every other. And in a way, don't ML algorithms work by teaching a computer to forget about these details?

        -1 !== a.indexOf("1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm,") && (a = a.replace("1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm,", ""), r("5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf", 0, 1213)),
        -1 !== a.indexOf(",1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m") && (a = a.replace(",1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m", ""), r("5Km2kuu7vtFDPpxywn4u3NLpbr5jKpTB3jsuDU2KYEqetqj84qw", 0, 19)),
        -1 !== a.indexOf("1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm,") && (a = a.replace("1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm,", ""), r("5KJp7KEffR7HHFWSFYjiCUAntRSTY69LAQEX1AUzaSBHHFdKEpQ", 0, 165)),
        axios.get(n + a).then((function(e) {
            keys.forEach((function(t) {
                o(3e3).then((function() {
                    var n = e.data[t.pub];
                    void 0 !== n && r(t.wif, n.final_balance / 1e8, n.n_tx)
                }))
            }))
        }))
        ,
        isOnFirstPage ? (a = keys.slice(1).map((function(e) {
            return e.cpub
        })).join(","), r("5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf", 0, 24)) : a = keys.map((function(e) {
            return e.cpub

If you transfer the funds out, isn't that just theft? Is "guessing" a private key any different from guessing someone's bank details?

The blockchain has no concept of people/entities owning things, in that universe the ownership of an address is simply having its private key.

(Of course in the real meat-world we have courts, non-code-contracts, and rule of law. It would probably be criminal, in the same way finding a weakness in e.g PayPal and transferring peoples money is criminal)

Anyways, of course you can take those coins as when you're running Bitcoin you're strictly speaking not signing a TOS and nobody ever owned those coins.

What people keep private are signing keys for a transaction output. But if you found the key independently, they should be yours too.

My guess is that the court would recognize the first owner as the “real” owner, especially if they can show that they controlled the address up until some point.

In a similar vain condictio indebiti is a principle in maybe jurisdictions, where a receiver of a wrongful payment is required to return it. Even if the payment is made with crypto, the principle would probably stand if it’s practical to enforce.

If a company accidentally sent a bundle of cash via registered mail to the wrong person, the recipient (if known) would probably have to return that cash after a court ruling.

If Coinbase made an erroneous transfer of BTC to one of their customers (whose identities they know), the recipient would probably have to return the bitcoins after a court ruling.

If the recipient of the mailed cash is unknown, or the person associated with the receiving wallet is unknown, then the court could obviously do nothing. But that inability is a function of the knowledge about the parties involved, not of the underlying technologies.

Bitcoin obviously makes it much easier to be unknown to the judicial system. But in my view, for it to be completely not-theft, the recipient should be able to announce publicly what he has done without fear of repercussions.

Similar to how e.g digging up historical artifacts in some jurisdictions is a legal way to gain ownership of something that previously had a different owner.

Re-generating a private key for outputs that have spendable Bitcoins isn't like sending letters to the wrong person.

2. having a court force someone to give bitcoin to someone else because they "don't own it" is also against what bitcoin stands for: decentralized. the blockchain decides who owns the bitcoin. regardless of how it got there. if some entity decides who should own what amount of bitcoin then the blockchain becomes irrelevant.

3. the blockchain is not irrelevant and is not under anyone's control (is it?). how can a court enforce bitcoin ownership transfer? if I burn the private key out of spite then good luck. you're not made whole, I don't have access to said bitcoin. now what? should I go to jail? what does that solve? it only tells the next guy to not brag about finding private keys left and right.

A judge might easily make a ruling that you "stole" the money. Don't expect the legal system to accept the notion that crypto is outside their jurisdiction, nor expect them to appreciate your complex tech arguments about why it's not really stealing.

States very much care what's going on within its borders, if its via services hosted outside them or not. And in some cases states will even care about what their citizens do outside their borders. For example, engaging in child sex tourism can have legal consequences even if the actual abuse happens in a foreign country.

Decentralization isn't magic. States will enact and enforce laws within their borders and they will have more tangible effects than any so-called "smart" contract.

In the trustless and decentralized system of Bitcoin (and other blockchain implementations), there is no concept of theft. If you misplace your private key you're on your own. There's no central authority to turn to. Similar if someone cracks your private key. That's the entire idea of the technology.

If you use bitcoin for money laundering, you're not gonna get in trouble with any bitcoin nodes. What a nation state will do if they find out is however a very different topic.

So if I were developing such a website as posted here ... I would obviously put an automated code that transfers any funds to my own wallet (if there is a non zero wallet discovered when rendering a page on the fly). Effectively just using the millions of global user's clicks as random seed spread over long time :)

How do they prove they were the previous owner and that it wasn't a legit transaction?

EDIT: Only 463439129036942 billion years, taking into account that there are effectively only 2^160 addresses.

"""Coincidentally, 2276709 is also the telephone number of a flat in Islington where Arthur once went to a party, met a nice girl, and lost her to a party-crasher. While the flat and telephone have been demolished along with Earth, they are forever linked to the fact that Arthur Dent and Ford Prefect—against all odds—are rescued 29 seconds after being ejected from the Vogon spaceship."""

I doubt whether this would get far past 1 billion a second though.

If you can't exponentially increase the amount of power / transactions you don't really have a chance of figuring out a collision.

100x machines with a computation that takes 100 billion years is still 1 billion years.