Get the top HN stories in your inbox every day.
theden
bspammer
This is a rare care where "astronomically low" is actually underselling how unlikely something is.
s5300
I mean, I found 10 used wallets not within 1000 pages of the first nor last page of his website in roughly 5 minutes.
I’m fully aware behind the math of finding a wallet actually holding anything… but I was fairly weirded out to come across 10 wallets that quickly. Most had their last txn out roughly 2019.
hjorthjort
I've noticed that there are a few hardcoded ones on the final page, where the account exists and the key is wrong.
I'd say odds are that the website is wrong, but you can always load those keys in a wallet and see if they give you control over the actual address.
If that works, I'd assume it's the case that some people have used weak keys (for example, a popular Ethereum wallet would actually generate 256 bits of entropy but accidentally truncate it to 32 bits in an operation), and any funds in those wallets will have been snagged long ago.
Point being: generate a private key properly, and no one will ever find it.
EDIT: I realize this is another page then the one I've seen previously, but I think the same idea applies. That one had support for Ethereum, too, and on the final page was an account with a balance.
teaearlgraycold
You didn’t come upon those wallets by chance. Whatever rules the site uses to order wallets isn’t unique and some other (insecure) wallet generator uses the same technique.
That or someone is actually using the site to come up with wallet keys.
stavros
Can you post the page?
cromulent
By many orders of magnitude, I think. There are only estimated to be 10^24 or so stars, which is a lot less than 2^256, right. Astronomical is not in the same league.
skeyo
...so you're saying there's a chance
andreareina
There are an estimated 10^80 fundamental particles (quarks, electrons, photons... mostly photons) in the observable universe, which is pretty close to 2^256 as these things go. "Cosmological" doesn't have quite the same ring to it though.
boringg
To be fair to stars, and for accuracies sake: we don't actually know how many stars are in the universe but we have some broad guesses.
kloch
This is a rare case where “many orders of magnitude” is underselling how unlikely something is.
It is estimated there are 10^80 atoms in the observable universe.
bspammer
Even if we measure the widest distance (width of the known universe) by the smallest unit (planck length), we only get to 10^61, which is still 16 orders of magnitude away.
noasaservice
I've already ran across 4 (albeit drained) BTC addresses in the last 4 hours.
Sooo... what's 4 astronomicals?
flatline
Effectively zero is the term in probability: it will not happen, but is technically not impossible.
ssl232
https://github.com/TheDen/btc-heist/blob/5cf0ef73857277f1321...
You don't need the f.close() here - the context manager does it for you.
theden
Thanks, fixed
dylan604
What's wrong with explicitly closing it though?
jraph
it's surprising, someone reading the code could wonder why the file was closed while a context manager was used. Maybe it is some workaround?
Better avoid surprising things.
undefined
headmelted
Sort of.
It's like being in the world's biggest ever lottery syndicate, except if you pick the winning numbers it gets sent to a specific other person who's website you're on. If someone, eventually, hits the jackpot then the owner of playxo.com is going to be very, very rich.
I mean, I'd assume, cynically.
The chances of anyone hitting a green wallet are still incredibly narrow, but you never know.
vmception
It get sent to your own private key which everyone else would also have trouble finding. Playxo.com wouldn't get anything out of it, anyone and everyone can have all the private keys of everyone else, playxo's operator or server wouldn't know which private key things are going to, and neither would any other human.
stavros
Playxo.com is showing you if a wallet has a balance. Before it ever shows you anything, it can clear that wallet, and that's that.
bspammer
That CSV is actually really interesting. The median wallet holds about $30, the largest holds $10b, and the standard deviation is over $2m.
>>> import pandas as pd
df = pd.read_csv("btc_balance_sorted.csv")
df['balance'].apply(lambda x: x * 36902.7 / 100e6).describe()
count 3.359206e+07
mean 1.838824e+04
std 2.819739e+06
min 3.690270e-04
25% 2.871768e+00
50% 2.943913e+01
75% 2.652168e+02
max 1.063263e+10rogue7
I agree with your comment, just FYI you could avoid apply on a pandas Series since it loops over every row in Python space. It's much faster to use vectorized operations directly e.g.:
df["balance"].mul(36902.7).div(100e6)
See [0] for explanations
bspammer
Thanks for the tip! You weren't kidding...
%time df['balance'].apply(lambda x: x * 36902.7 / 100e6).describe()
Wall time: 12.6 s
%time df["balance"].mul(36902.7).div(100e6).describe()
Wall time: 2.33 stomputer
> That CSV is actually really interesting. The median wallet holds about $30, the largest holds $10b, and the standard deviation is over $2m.
Top 100 Richest Bitcoin Addresses:
https://bitinfocharts.com/top-100-richest-bitcoin-addresses....
teekert
And then, when you "hit the jackpot", will you become a thief? Or will you just feel like you picked a lock, smile and pull the door back shut.
Yizahi
As they say "the unstoppable law of unbreakable code". You will become the "rightful" owner of those tokens, unless they happen to belong to one of the Not-The-Owners of that particular blockchain. If they are, they will just fork a blockchain removing your money from your wallet. Vitalik and Co already did this with Ethereum after TheDAO contract execution as designed, because their own funds were affected.
lupire
That only true if you remain anonymous or out of jurisdiction. Bitcoin has no EULA, local law applies to property.
tata71
See my earlier comment about this no longer being feasible.
alex77456
Average wallet won't have much in it. On the other hand writing an article with a semi proof of this would affect the bitcoin economy, whether deservedly or not.
henvic
Why a thief? Bitcoin is a silly idea based on scarcity that doesn't exist. If someone generated the right numbers by chance and had luck, I wouldn't say they'd be doing anything wrong getting whatever is there. It's not the same as stealing data, and is not the same as hacking into a banking system. It's decentralized, and there isn't the concept of real scarcity. It's not even hacking.
jmoreno94
Because whether or not Bitcoin is silly, someone else paid their hard earned money for the coins, usually we say that makes someone the owner.
What do you usually call someone who takes a thing from its owner without permission?
teekert
Printed money is also artificially scarce, so don't mind if I help myself to yours if do ever find your wallet.
toolz
Bitcoin has a hard cap on how many will ever be in existence. If that's not the definition of real scarcity, then what is? Your implication that bitcoin is easily divided somehows means it isn't finite is simply wrong. Firstly it's not infinitely divisible, secondly things that _are_ infinitely divisible do not just become inflated simply because this property exists.
I find it rather revealing that so many anti-crypto blog posts offer no novel solutions, they only ramble on about how they know crypto isn't the solution. Seems rather uninspired to say you understand a problem domain but have no suggestions on how to solve the problem other than literally a solution that has already been tried at large scale and failed.
Sure, the gold standard in an alternate reality seems like a great idea, but we live in this reality where central powers were able to quite easily strip society away from this contract with barely any resistance.
greyhair
My father always said, if you find something, and it isn't yours, it belongs to someone else.
There are actual laws in the US that if you find money, you are supposed to report it to the authorities, and if no one reports losing the money in some fixed time (30 days?) then you keep it.
rafale
Causing demonstrable harm or damage by taking something is sufficient to be considered a thief.
satronaut
it's only silly because you ignored it and now feel envy for everyone who did their research before you and got in early
ornxka
>Bitcoin is a silly idea based on scarcity that doesn't exist.
If its scarcity isn't real, then why can't you conjure up an arbitrary number of bitcoins at will?
matheusmoreira
> If someone generated the right numbers by chance and had luck
The whole point of cryptography is nobody could possibly guess these numbers within the lifetime of the universe. If this assumption is somehow proven wrong, we've probably got bigger problems than one person losing money.
TheFreim
While I don't agree with this like of reasoning I think a potential counter argument would be that in crypto currency ownership is determined by access to private keys and not other traditional means (essentially this argument says its not stealing because ownership is determined by access).
lupire
That only works if Bitcoin has a EULA or a law is passed.
Why wouldn't the same logic apply to any property?
uniqueuid
Ignoring the prospects, this is a neat case to explain sharing memory in multiprocessing.
You're reading the file in every process, this needs mem x N for N processes.
If you first read in the file, create the set, and then use multiprocessing, you will get forked processes sharing the parent's memory, i.e. only need 1 x N the memory.
theden
I haven't grokked shared memory in python yet to implement it (https://docs.python.org/3/library/multiprocessing.shared_mem...). Apparently there is also a known bug? (https://stackoverflow.com/questions/14124588/shared-memory-i...), but an improvement I'd like to learn and implement. Though the file I have is just over 1GB, so it's not prohibitive yet.
Funny thing is even though it's throwaway code, ensuring everything worked as expected felt really high-stake since a bug would mean a found key would be lost!
Edit: Also not sure if shared memory would be slower in python3 (or if it was, whether it would matter in this use-case), but an interesting thing to profile.
wyldfire
multiprocessing relies on the OS' fork() to share the memory transparently to the child(ren). The pages containing the memory will refer back to the same physical page until they're written to. This is what grandparent meant by "sharing memory".
multiprocessing also provides a way to access the OS' explicit shared memory usually used as an IPC mechanism.
HPsquared
That's what mining is too, basically. It's just that a mining rig can "buy a lot more tickets".
shawabawa3
It's not at all what mining is
Miners aren't brute forcing keys to existing wallets and stealing the bitcoin, as that's effectively impossible even for the biggest mining rig (like, a mining rig the size of the sun couldn't do it in a trillion years)
aqme28
Well that's a different lottery system with much better odds than this.
Technically miners could start mining by trying to guess private keys, but there's no reason to because the expected value is so so much worse.
satronaut
They really can't though. Asics are designed to do the SHA2(SHA2()) function over and over again. A private key is any number between 1 and 2^256 power. An ASIC arguably couldn't even perform the operations to query the Bitcoin blockchain and see how many unspent UTXO's the private key's corresponding public key controls.
bhouston
Has someone done the expected cost to find a usable BTC address as well as the expected value of a BTC address? What is the ratio?
MarkPNeyer
This isn’t true at all.
Mining involves guessing a salt which, when added to data for a single block’s with of transactions, makes the hash have a certain sum of zeros.
They are only the same in that they are using randomness to search for some number satisfying a given criteria. But, for example, you couldn’t use mining hardware to search for wallets with open balances. The mining hardware is specially optimized for one thing only.
kosinus
Make me wonder, at what point does brute forcing private keys become more lucrative than mining?
IronIvan
https://odysee.com/@3Blue1Brown:b/how-secure-is-256-bit-secu...
or more briefly: never
temp0826
I mean...btc will eventually hit the supply limit. Sort of hilarious if all mining hardware was repurposed at that point to work on brute forcing instead
patrickthebold
Yes but, mining is set up to be easier/winnable because adding blocks is necessary.
The opposite is true of finding private keys.
theden
Solo mining yeah definitely, but with pool mining one can at least generate some fraction of a BTC.
nyadesu
I would say "it can solve very big sudokus way too fast"
mritchie712
Luabase has SQL access to this type of data. It’s in beta but email mike@luabase.com if you’d like to check it out.
sirk390
Just don't lookup your private key in there. This would be like giving it to the website
Nextgrid
If I had some coins on my machine and the fees were low enough I'd be tempted to put a few bucks on a new key and test this theory.
lordnacho
How will you test the theory? It would be easy to just not sweep small amounts. Then when someone checks a wallet with a large amount, joink!
2-718-281-828
what would be the incentive for trying a second time with another wallet?
kobalsky
I do something similar but to test that my pc hasn't been compromised.
I have an unencrypted btc wallet with a few hundred usd worth of btc as a canary.
It's not perfect of course.
imdsm
A variant of type your password, <site> will replace it with asterisks
mydogisthebestboye44
Damn it!
thehappypm
Huh? Are you saying MY dog is NOT the best boye?
_nhynes
Perhaps not the best of the 44th boyes. I'm sure yours ranks highly elsewhere.
sovietmudkipz
As a youngling I fell for this a couple times in my video games. Then I caught on and played along, seeing it as an in joke. Later I realized doing this provides social proof for the scammer. I still play video games and I call it out when I see it.
undefined
Pawka
Reminds me pretty popular torrent from old times named something similar to "List of all IPv4 addresses - every hacker must have". Sadly I am not able to remember exact name and find it anymore.
Backstory is that ~15 years ago when upload ratio was important some person decided to generate a list and upload a torrent with such click bait name just to increase his/her ratio. It worked well.
400thecat
that is hilarious
I remember people used to share their C:/program Files/ directory
jkhdigital
The Internet was so cheeky and fun 20 years ago… now it’s just tears and fistfuls of cash
cblconfederate
i loved using kazaa or hotline because you could browse other peoples directories, sometimes with random odd or forgotten files . It was a unique kind of communication / learning from other people's file organization habits
baby
Cryptocurrencies are fun.
tablespoon
> The Internet was so cheeky and fun 20 years ago… now it’s just tears and fistfuls of cash
Too much capitalism can ruin anything.
anshumankmr
> Finding an active wallet is hard, but not impossible. Every time you open a random page, you have a chance of finding someone else's fortune.
Good to know I have a 1/2^256 chance to find a bitcoin billionaire's wallet. This feels only slightly more ludicrous than the guy who lost his bitcoin in a hard drive and went looking for it in a dumpster.
caaqil
This guy? https://www.cnbc.com/2021/01/15/uk-man-makes-last-ditch-effo...
Russ Hanneman did it better: https://www.youtube.com/watch?v=aKXqZh43OH8
kilroy123
Oh it's even crazier. He's trying to excavate the entire land fill now.
https://www.cbsnews.com/news/hard-drive-lost-bitcoin-landfil...
maxbond
I think he's in the same category as those startups that try to make a technology that has been repeatedly proven to be nonviable, like wireless power transmission or ducted windmills. His plans don't make sense. The government has made it clear that there will be no excavation. But that doesn't seem to matter, it's such an attractive story and there's such a mania for bitcoin that he can find backing anyway.
anshumankmr
At this point, I hope he finds it.
adontz
It is not 1/2^256. It is "number of wallets with balance"/2^256.
giomasce
Not that different...
john_alan
actually its "number of wallets with balance"/2^160.
You don't need to find a specific private key, anyone will do that yields a public key that hashes to the BTC address.
ldaw
A quick search shows there are a little over 30M addresses with a nonzero balance, which is just under 2^25.
That means the actual probability would be about 1/(2^135).
At a million hashes per second, that means you would likely find one after about 10^27 years.
amrx101
I have had a crappy life, abused sexually and physically when a child, but trust me whenever I re-hear about that guy losing his hard drive with BTC in it, I am like, yikes.
cmehdy
I've had both, and I'd promptly forget about the bitcoins for the ability to have lived an un-fucked life (which would pay for itself more readily too).
tromp
Curiously, after hitting a random page and >> twice, I came upon this page https://playxo.com/bitcoin/904625697166532776746648320380374... that had several keys in use in the past.
I would expect this website, in the rare event of discovering some positive balance, to try spending it right away...
wruza
The site doesn’t need people’s luck to find any active wallet, cause it could operate without them. The probability is so small that any reasonable time spent on including a spending routine would be pointless.
Unless the author trusts in luck or has too much free time on their hands.
Edit: or waits for someone to check a page containing their own private key.
Tuna-Fish
Someone sent 2.3BTC to the last possible address in 2017, worth ~$5k at the time. It was hoovered up to another address in a few hours.
Hobbies of crypto millionaires?
roenxi
The first page (<<) has similar patterns. Must be someone testing/debugging with hardcoded numbers.
Miner49er
Nah, it goes in an order. Base58check is used to convert byte arrays into the readable bitcoin addresses. So the the first address (5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf) has a byte array, in hex, of: 0000000000000000000000000000000000000000000000000000000000000001
Some people used those early addresses on purpose. Maybe for testing or something or I guess maybe due to a bug or something.
baby
Usually you use address 0 to burn your coins, sometimes this is used to interpret a layer2 command.
john_alan
Hey John - I came here to ask the same question.
How is that possible. Same happened to me.
>> leads to the "end" page, it's not as I though a "big jump" from some random page... thus I suspect it's simply addresses that are low entropy, at the end of the range.
ORioN63
They're the trivial wallet addresses (close to the beginning and end of the search space). I would expect them to be used for debugging and testing in the early days.
ricardobeat
What makes them trivial, how are they generated?
miyuru
the first page has almost all of them used.
the first one having 7 BTC sent and received with the recent transaction in 2021-11-25 22:56. looks like its the wallet id 1.
also the 0 page haave some as well. looks like someone is monitoring those address.
https://www.blockchain.com/btc/address/1EHNa6Q4Jz2uvNExL497m...
GistNoesis
It's a game like feeding the birds to see which bird will be able to grab the bread first.
Anybody can throw money and watch which robot will catch it.
Sometimes the addresses are reloaded (anybody can reload them by sending money to them). And usually when they are reloaded somebody grab the coins on the next block. The amount of money are not important ~1 USD.
Anybody that has guessed the private key can grab the money if he is aware that it has been reloaded, and then it has to pick the fees higher than the other so that his transaction get preferentially chosen by the miners.
The following address for example seems to be one of those bread crumbing bot : https://www.blockchain.com/btc/address/bc1q0ct0pus328qv2veln... (Note that the public address begins with (bc1q0ct0pus), (so presumably someone has searched for a private key whose public key has a fitting name for a bitcoin grabbing bot) that has managed to grab a few times recently from 1EHNa6... (the address whose private key is the first possible private key).
Presumably it has found other feeding spots as it has so far collected from different sources over the course of 1 year : 0.01274447BTC
bspammer
The first address that has never been used is 61. Would be fun to keep track of over time.
baby
>> goes to the last page
tkw01536
Reminds me of https://libraryofbabel.info/
lou1306
IMHO everyone interested in computer science should try some Borges, at least Ficciones. Many of his stories are so mind-boggingly close to many topics of interest in CS. Beside The Library of Babel, I can come up with at least two other examples:
* Tlon Uqbar Orbis Tertius describes an extreme Idealistic philosophy where things exist only as long as someone (something?) perceives them, which IMHO is an apt description of the digital world.
* Funes describes the life of a man with perfect recall: so perfect, in fact, that he is unable to classify things (e.g., stones, or dogs) due to the infinite amount of details that set every single object apart from every other. And in a way, don't ML algorithms work by teaching a computer to forget about these details?
lvncelot
Which would also contain your bitcoin private key, although I would recommend not searching for it.
authed
What's up with this in the javascript:
-1 !== a.indexOf("1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm,") && (a = a.replace("1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm,", ""), r("5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf", 0, 1213)),
-1 !== a.indexOf(",1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m") && (a = a.replace(",1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m", ""), r("5Km2kuu7vtFDPpxywn4u3NLpbr5jKpTB3jsuDU2KYEqetqj84qw", 0, 19)),
-1 !== a.indexOf("1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm,") && (a = a.replace("1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm,", ""), r("5KJp7KEffR7HHFWSFYjiCUAntRSTY69LAQEX1AUzaSBHHFdKEpQ", 0, 165)),
axios.get(n + a).then((function(e) {
keys.forEach((function(t) {
o(3e3).then((function() {
var n = e.data[t.pub];
void 0 !== n && r(t.wif, n.final_balance / 1e8, n.n_tx)
}))
}))
}))
,
isOnFirstPage ? (a = keys.slice(1).map((function(e) {
return e.cpub
})).join(","), r("5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf", 0, 24)) : a = keys.map((function(e) {
return e.cpubwirelesspotat
Soo what happens if you're incredibly lucky and stumble across the private key for an active wallet?
If you transfer the funds out, isn't that just theft? Is "guessing" a private key any different from guessing someone's bank details?
filleokus
If you go by the whole “code is law” approach talked about by some crypto people, then I guess it wouldn’t be theft?
The blockchain has no concept of people/entities owning things, in that universe the ownership of an address is simply having its private key.
(Of course in the real meat-world we have courts, non-code-contracts, and rule of law. It would probably be criminal, in the same way finding a weakness in e.g PayPal and transferring peoples money is criminal)
timdaub
I don't know if "code is law" has to be invoked here. Isn't that a HN-specific strawman argument?
Anyways, of course you can take those coins as when you're running Bitcoin you're strictly speaking not signing a TOS and nobody ever owned those coins.
What people keep private are signing keys for a transaction output. But if you found the key independently, they should be yours too.
filleokus
Of course it depends on jurisdiction, but it would be really interesting to see what would happen if someone got their hands on keys of some commercial organizations’ wallet and then publicly announced (according to the premise that they are the rightful owner). E.g by using a PRNG-weakness in some HSM or something, i.e no entry into their networks etc.
My guess is that the court would recognize the first owner as the “real” owner, especially if they can show that they controlled the address up until some point.
In a similar vain condictio indebiti is a principle in maybe jurisdictions, where a receiver of a wrongful payment is required to return it. Even if the payment is made with crypto, the principle would probably stand if it’s practical to enforce.
nkrisc
It’s theft, but I suppose you could claim it was really your private key the whole time. Would the other person be able to prove it was theirs?
amne
1. isn't bitcoin essentially worth $0 at that point? the technology is provably not safe and everyone will (should?) dump. getting it back is pointless. If I drag it out for a week or two it might not even make it to small claims.
2. having a court force someone to give bitcoin to someone else because they "don't own it" is also against what bitcoin stands for: decentralized. the blockchain decides who owns the bitcoin. regardless of how it got there. if some entity decides who should own what amount of bitcoin then the blockchain becomes irrelevant.
3. the blockchain is not irrelevant and is not under anyone's control (is it?). how can a court enforce bitcoin ownership transfer? if I burn the private key out of spite then good luck. you're not made whole, I don't have access to said bitcoin. now what? should I go to jail? what does that solve? it only tells the next guy to not brag about finding private keys left and right.
gabeio
They might depending on how they loaded the money into said wallet. Considering most $ to bitcoin exchanges seem to log everything they likely would be a good way to prove that it is [your] $. Of course that assumes [you] haven't put it through anything like a tumbler.
stjohnswarts
They probably could by transactions linked to the public key that matches the private key and can be verified by law enforcement and witnesses that know the actual owner.
alibarber
If you guess someone’s bank details and steal their money, in many jurisdictions the account owner would have some recourse against the bank and is likely to be made whole (not an easy or enjoyable process I’ll admit) - so I guess that’s one key difference.
q1w2
If you steal someone's BTC coins in this way - don't expect to be able to talk about it publicly.
A judge might easily make a ruling that you "stole" the money. Don't expect the legal system to accept the notion that crypto is outside their jurisdiction, nor expect them to appreciate your complex tech arguments about why it's not really stealing.
folli
In a decentralized system, 'theft' is only a moral construct, not a legal one. And who will enforce any repercussions?
hnbad
Wait, do you also think international companies are above the law?
States very much care what's going on within its borders, if its via services hosted outside them or not. And in some cases states will even care about what their citizens do outside their borders. For example, engaging in child sex tourism can have legal consequences even if the actual abuse happens in a foreign country.
Decentralization isn't magic. States will enact and enforce laws within their borders and they will have more tangible effects than any so-called "smart" contract.
folli
I don't see how that relates to my statement.
In the trustless and decentralized system of Bitcoin (and other blockchain implementations), there is no concept of theft. If you misplace your private key you're on your own. There's no central authority to turn to. Similar if someone cracks your private key. That's the entire idea of the technology.
If you use bitcoin for money laundering, you're not gonna get in trouble with any bitcoin nodes. What a nation state will do if they find out is however a very different topic.
albert_e
I am interested on the simple technical answer for this. Is it possible to simply take funds out if you stmble across or happen to randomly generate a valid private key?
So if I were developing such a website as posted here ... I would obviously put an automated code that transfers any funds to my own wallet (if there is a non zero wallet discovered when rendering a page on the fly). Effectively just using the millions of global user's clicks as random seed spread over long time :)
FabHK
you can do that now, and without a website, obviously. You probably need to do it more than trillions of years, but go ahead. You might be lucky (though it's more likely that you crash in a plane, or, for that matter, that a plane crashes on your house, in the meantime).
amne
but that's the point of this website. all the computation is done on the thousands of clients generating these keys. its only a matter of time (and some luck) until a green wallet is hit. if the site owner is malicious then it will actually empty the wallet in the background and show it red in the front.
alex_duf
The problem would be getting the money out without revealing your identity
danlugo92
OTC exchanger in Colombia, wear a custome in case there's cameras.
elp
If you end up stealing from the mob or well known exchanges it's a problem but for everyone else does it really make any difference?
How do they prove they were the previous owner and that it wasn't a legit transaction?
zeckalpha
Next we’ll see a “Every checking account” website or “Every Social Security Number”
stjohnswarts
I would 100% yes by traditional definitions of theft. Who knows by today's standards?
frisco
This raises a really interesting question. Though it’s essentially impossible to figure out the key for any given wallet… if you download the blockchain and generate private keys as fast as you can, how often do you find one that has a balance? Will there just be some ongoing very low but decidedly nonzero risk of all of your assets vanishing some day if you’re not using multisig?
lordnacho
One thing you can do that's quite lucrative for someone is to generate all the keys corresponding to common dictionary words like "dog" and "cat". The way I know someone is doing this is I was testing some transactions and somehow whatever I was sending was immediately vanishing. So someone out there has taken a dictionary and done this already.
Nextgrid
Introducing the Large Bitcoin Collider: https://lbc.cryptoguru.org/about
tromp
If you check 1 billion addresses a second, and there are 100 million addresses with a balance, then it would take on average roughly (2^256 / 10^8) * 10^-9 seconds, which is 36717430630808027468154168254911183362909051 billion years.
EDIT: Only 463439129036942 billion years, taking into account that there are effectively only 2^160 addresses.
wruza
Now that it looks like a phone number, one could unleash a horde of telemarketers at it.
ben_w
Feels like a Hitchhiker’s quote:
"""Coincidentally, 2276709 is also the telephone number of a flat in Islington where Arthur once went to a party, met a nice girl, and lost her to a party-crasher. While the flat and telephone have been demolished along with Earth, they are forever linked to the fact that Arthur Dent and Ford Prefect—against all odds—are rescued 29 seconds after being ejected from the Vogon spaceship."""
terrahashing
Hashing hardware capability is typically measured in trillions per second (TH/s) so the math might be better using trillion instead of billion. As I understand it, the rental cost of 1 PH/s (which I think is one-thousand-trillion?) is about $10/hour. From that I think you could work out an actual cost to generate a collision!
ben_w
Even taking the smaller value of 463439129036942 billion years at 1 billion/second (and therefore 463439129036942000 years at a quadrillion/second), at $10 / hour / PH/s, that’s $4.06e22, or ≈ 480 million years of Earth’s 2020 global nominal GDP.
undefined
zeckalpha
This assumes a uniform key space. If PRNGs used to generate keys are biased, then there may be a way to exploit that bias.
john_alan
You could shorten that by recognising the address space is more like 2^160 in BTC, due to the address generation process, more than one private key can spend from a given address, technically.
wruza
This reduces that number of years by 28 digits, afaiu, and that is still a pretty big number of billions of years.
danuker
Human-generated brainwallets are notoriously guessable: https://www.reddit.com/r/Bitcoin/comments/1zti1p/17956_hacke...
Ekaros
I wonder if you could cut this down by focusing on know implementations and their random number generation. That is trying to figure out if weaker random number generation at any point was prevalent...
spiorf
It did happen, and bitcoins were stolen. https://tradeblock.com/blog/javascript-random-number-flaw-le...
sdan
its like asking if you had a rocketship that traveled at the speed of light, how long until you find earth given you're on some random galaxy
andy_ppp
Not really because if you are travelling at the speed of light time isn't passing...
quickthrower2
It is for earth though, which might be swallowed up by the sun at the spacetime you arrive.
the_gastropod
Not a physicist, but I don’t imagine you can turn while going light speed
sdan
does that technical mistake hinder the point of my comment?
ithinkso
Miniscule, not zero of course but zero for any practical purpose. The search space is just that much bigger.
magma1983
With every supercomputer working for 100 years, you can have 0.01% of all accounts, maybe.
Tuna-Fish
... not even close.
2^256 is a very large number. If you could build a computer that required a single atom, and could test the balance of a single account in a single nanosecond, and then converted the entirety of the earth into such computers, it would take ~2.8 million years for you to check 0.01% of all accounts.
Brute-forcing modern cryptography isn't something that can happen. The magnitude of 2^256 is close to the count of atoms in the entire observable universe.
chokma
The best quote for this is from Bruce Schneier:
"... brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space."
5e92cb50239222b
> The magnitude of 2^256 is close to the count of atoms in the entire observable universe.
I've always heard that even 2¹²⁸ is significantly larger than that number (which is closer to 2⁸⁰). This page seems to support that:
https://en.wikipedia.org/wiki/Observable_universe#Matter_con...
edf13
It's a large number but not close to the count of atom:
https://www.wolframalpha.com/input/?i=2%5E256 > ≈ 0.0012 × the number of atoms in the visible universe (≈ 10^80)
formerly_proven
This reminds me of a discussion a few years ago where someone was extremely adamant that you'd have to handle the chance of a key collision in a random 256-bit key for the system to be secure :)
mnahkies
I was fascinated by a similar idea as a child, generating images of everything that has been, could be, or will be by exhaustively going through the possible combinations of pixels for some fixed size of image.
Later realized that the number of combinations were impossibly large, although in some ways the models that generate photos of people that aren't real, etc are searching the same space just with a lot of direction on what they are searching for (as opposed to my math.rand implementation in Adobe flash that produced noise...)
hbn
I remember being very young and theorizing that video games worked by having every possible frame that could exist for the game loaded onto them, and as you pressed buttons the game would show you the appropriate frames for your scenario. I guess because I had something of an understanding of how movies worked, I just assumed video games would be exactly the same.
Probably not the most efficient method of fitting a game onto a Gameboy cartridge!
CamelRocketFish
I theorised the exact same. For a basic Zork style game, I guess it kind of was? But once you get to 3D, wow, huge number of frames.
thegeomaster
Wow, I had this same idea as a kid too! I daydreamed about all the cool images you could generate. For example, you could create an image that describes the cure for cancer, because that's just another image, right?
BenjiWiebe
And think of how many more images you'd see that were almost the cure for cancer, with small parts obscured or just subtly wrong...
And think of how many different images could all show the cure for cancer. Surely someone's seen it already!
globular-toast
This actually caused me some grief as I began to learn more about computers. As soon as I realised everything was finite, I began to think about exhausting that space. Still today I don't like to think of all the computers everywhere generating billions of sha1 hashes every second. It makes me uneasy. I believe this comes from a natural tendency to seek sustainability which, sadly, most people don't seem to have.
hjorthjort
Word of advice: don't go looking for your private keys. If someone was malicious they could log all fetched pages and scan those for keys with funds attached. The act of looking up a specific key is revealing information.
mrorbitman
I get that it's statistically impossible to actually rob bitcoin using this site (by finding a "green" private key).
But can anyone explain why I am able to find so many "yellow" ones (empty wallets that have previously made transactions)?
I expected going in to _only_ find "red" (never used) wallets and was surprised to find that was very much not the case.
jerry1979
As far as I have found, the yellow ones appear on the first pages and last pages. The first key listed is this: 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf
That key might look large, but I believe it is actually the number 1 in WIF format. See here: https://learnmeabitcoin.com/technical/wif
Get the top HN stories in your inbox every day.
It's like passively playing the world's worst lottery in terms of odds, but hundreds of thousands of times every second. It's fun but the odds are astronomically low.
I have a script[1] that generates a pub+private key and checks against a massive file of addresses with BTC[2]. The list of addresses is loaded in memory as a python `set` so checking is O(1), but I feel like optimisations at increasing the rate are futile, since no matter what you're basically rolling the die and hoping RNG lands on your side in your lifetime and your universe of all possible universes.
1. https://github.com/theden/btc-heist
2. https://bitkeys.work/download.php has a weekly updated CSV of all known addresses with nonzero BTC balance