It's like passively playing the world's worst lottery in terms of odds, but hundreds of thousands of times every second. It's fun but the odds are astronomically low.
I have a script[1] that generates a pub+private key and checks against a massive file of addresses with BTC[2]. The list of addresses is loaded in memory as a python `set` so checking is O(1), but I feel like optimisations at increasing the rate are futile, since no matter what you're basically rolling the die and hoping RNG lands on your side in your lifetime and your universe of all possible universes.
I mean, I found 10 used wallets not within 1000 pages of the first nor last page of his website in roughly 5 minutes.
I’m fully aware behind the math of finding a wallet actually holding anything… but I was fairly weirded out to come across 10 wallets that quickly. Most had their last txn out roughly 2019.
I've noticed that there are a few hardcoded ones on the final page, where the account exists and the key is wrong.
I'd say odds are that the website is wrong, but you can always load those keys in a wallet and see if they give you control over the actual address.
If that works, I'd assume it's the case that some people have used weak keys (for example, a popular Ethereum wallet would actually generate 256 bits of entropy but accidentally truncate it to 32 bits in an operation), and any funds in those wallets will have been snagged long ago.
Point being: generate a private key properly, and no one will ever find it.
EDIT: I realize this is another page then the one I've seen previously, but I think the same idea applies. That one had support for Ethereum, too, and on the final page was an account with a balance.
You didn’t come upon those wallets by chance. Whatever rules the site uses to order wallets isn’t unique and some other (insecure) wallet generator uses the same technique.
That or someone is actually using the site to come up with wallet keys.
So not random at all, other people had exactly the same idea as you and picked the same numbers. I would have been more surprised to see zero traffic at those addresses to be honest.
By many orders of magnitude, I think. There are only estimated to be 10^24 or so stars, which is a lot less than 2^256, right. Astronomical is not in the same league.
There are an estimated 10^80 fundamental particles (quarks, electrons, photons... mostly photons) in the observable universe, which is pretty close to 2^256 as these things go. "Cosmological" doesn't have quite the same ring to it though.
Even if we measure the widest distance (width of the known universe) by the smallest unit (planck length), we only get to 10^61, which is still 16 orders of magnitude away.
Find the key in no time, but how much time for the information to reach us? If it's a cube close by, then great, but most of them would still be millions of light years away.
It's like being in the world's biggest ever lottery syndicate, except if you pick the winning numbers it gets sent to a specific other person who's website you're on. If someone, eventually, hits the jackpot then the owner of playxo.com is going to be very, very rich.
I mean, I'd assume, cynically.
The chances of anyone hitting a green wallet are still incredibly narrow, but you never know.
It get sent to your own private key which everyone else would also have trouble finding. Playxo.com wouldn't get anything out of it, anyone and everyone can have all the private keys of everyone else, playxo's operator or server wouldn't know which private key things are going to, and neither would any other human.
but anyone can do that. you don't need an API to tell you if the address has a balance if you have the private key, you just check your own copy of the blockchain.... just like they are doing...
When you visit a page, they generate all the private keys on the page and check for balances. If you happen upon a key that actually has a balance, they will clean it out before you can.
I kind of doubt it, the browser makes a request to blockchain.info to check the balances. If they wanted to do what you are saying they'd make that request somewhere one the backend.
I agree with your comment, just FYI you could avoid apply on a pandas Series since it loops over every row in Python space. It's much faster to use vectorized operations directly e.g.:
As they say "the unstoppable law of unbreakable code". You will become the "rightful" owner of those tokens, unless they happen to belong to one of the Not-The-Owners of that particular blockchain. If they are, they will just fork a blockchain removing your money from your wallet. Vitalik and Co already did this with Ethereum after TheDAO contract execution as designed, because their own funds were affected.
Average wallet won't have much in it. On the other hand writing an article with a semi proof of this would affect the bitcoin economy, whether deservedly or not.
Why a thief? Bitcoin is a silly idea based on scarcity that doesn't exist.
If someone generated the right numbers by chance and had luck, I wouldn't say they'd be doing anything wrong getting whatever is there.
It's not the same as stealing data, and is not the same as hacking into a banking system. It's decentralized, and there isn't the concept of real scarcity. It's not even hacking.
Except that they aren't taking anything from anyone. It's information. They might be copying it. And you might argue things like privacy count, and I'd be willing to hear your reasoning, but this shouldn't be like magic.
Yeah, someone was silly to pay hard earned money in exchange from useless tokens. It was a gamble. If the useless tokens get stolen, I'm sorry to say, but whoever paid for BTC already lost their wealth in the first place when they converted whatever they had before for it.
> Except that they aren't taking anything from anyone. It's information. They might be copying it.
It's true that information is infinitely abundant. However, unlike copyrighted works, private keys are not supposed to be shared. There should never be more than one copy of that number in the entire universe. If people can brute force keys by guessing, we've probably got bigger problems.
Obtaining that number without authorization is already a crime. Accessing computers illegally to exfiltrate data is already a crime. Breaking into a physical safe in order to obtain a paper key is already a crime.
> Obtaining that number without authorization is already a crime. Accessing computers illegally to exfiltrate data is already a crime. Breaking into a physical safe in order to obtain a paper key is already a crime.
Sure thing. Hence, the importance of analyzing each case individually.
If unauthorized computer access is used, sure thing a crime was committed.
If someone created a wallet using a stupid wallet generator which used this website to "create" private keys, and someone else also had this silly idea, and someone deposited Bitcoin on a wallet created by this mean and and someone else took it, then no crime was committed.
You don't even need the website. Cryptographic keys are just numbers. All data is just numbers. You can write simple code to generate all numbers from zero to infinity and it will eventually generate all cryptograhpic keys, all computer files, all copyrighted works, all hate speech, all child abuse material, everything that can possibly be represented as data.
The thing is the search space is so unfathomably large that such a program will never produce useful results. This is central to cryptography. If a private key is copied, it must have been done so illegally or accidentally. Any other option means the cryptography is defective.
This is the complete opposite of copyrighted works whose entire purpose is copying. The data is already known and they're hopelessly trying to regulate access to it.
> If a private key is copied, it must have been done so illegally or accidentally. Any other option means the cryptography is defective.
I agree if you're talking about an evidence such as a high-quality video or even photo with everything leading us to believe it's legit. However, we can not be as confident if we're talking about a BTC token. While extremely unlikely, there might be faulty algorithm implementations, problems with the algorithm, etc., that might lead to this situation.
Very unlikely? Sure, but we've to give the benefit of the doubt.
The balance of your bank account is similarly “information”. But since everyone places value on that information, it’s valuable.
And these days, they way society is using traditional currency is become less tangible all the time. It’s is 100% possible to live life with never touching physical currency. Get paid via direct deposit, credit cards for your daily expenses, ACH your housing bill and credit card expenses. All just information flowing around.
Crypto is certainly overhyped and overvalued days, but it’s seems that at the core, crypto and modern banking are accomplishing the same thing: managing numbers(information) that people value.
The key difference is that one of these things has the backing and approval of recognized governments who also control law enforcement, while the other is just some guys on the internet. I'm not so sure "finding a pre-existing bitcoin wallet I can claim, and doing so" is really any different than "generating hashes until the blockchain hands me a prize".
That's not an argument. In any case, more and more governments are now recognizing crypto as something real, and are coming onboard. E.g. most recently Dubai.
No. Invalid comparison. If you legitimately discover a cryptocurrency wallet private key by sheet lucky, and such cryptocurrency has no backing = is based in pure thin air, such as the case of Bitcoin, and there are public nodes which doesn't require you to abide by contracts that would forbid you to do so (which is supposedly all nodes), you're good to use that as you wish and it won't be a crime.
It's unethical to steal something tangible. Bitcoin has no tangibility whatsoever. You can't steal it.
Property is legally defined as 'Not only money and other tangible things of value, but also includes any intangible right considered as a source or element of income or wealth.'
That includes protectable ideas, digital files, financial instruments (like stocks and bonds, loans and credits), computer graphics, certain arrangements of words and quite a bit more.
---
What does tangibility mean to you? That allows you steal the examples in the second paragraph without legal reprecussions nor ethical dilemmas?
Bitcoin has a hard cap on how many will ever be in existence. If that's not the definition of real scarcity, then what is? Your implication that bitcoin is easily divided somehows means it isn't finite is simply wrong. Firstly it's not infinitely divisible, secondly things that _are_ infinitely divisible do not just become inflated simply because this property exists.
I find it rather revealing that so many anti-crypto blog posts offer no novel solutions, they only ramble on about how they know crypto isn't the solution. Seems rather uninspired to say you understand a problem domain but have no suggestions on how to solve the problem other than literally a solution that has already been tried at large scale and failed.
Sure, the gold standard in an alternate reality seems like a great idea, but we live in this reality where central powers were able to quite easily strip society away from this contract with barely any resistance.
Show me a single node operator or developer that has stated they would consider ever raising the hard cap on bitcoin. Until then you're just making up FUD for the sake of being argumentative.
My father always said, if you find something, and it isn't yours, it belongs to someone else.
There are actual laws in the US that if you find money, you are supposed to report it to the authorities, and if no one reports losing the money in some fixed time (30 days?) then you keep it.
Get real. You're not getting anyone's property if you discover a private key by accident that that a distributed blockchain with no owner accepts to transfer a token in a virtual wallet like that. We're talking about something non-fungible and not scarce.
Bitcoin's supposedly scarcity is a joke that doesn't make any sense whatsoever.
Henrique Vicente (henvic, the person you are replying to) wrote what is basically a 5 page essay on how much he dislikes Bitcoin in 2021: https://henvic.dev/posts/bitcoin/
Basically parroting the same thing other people have been saying for years, absolutely no unique insight. He is so angry he missed the train, he just had to let it all out.
Don't worry Henrique, Bitcoin will go to $0 any day now!
I think this is an underrated assessment, which I also always feel. The technological genie is out of the bottle, we all wish it was more energy efficient and hope it soon will be. But I think everybody deep down feels like they should have gotten some BTC in 2012 ;)
Tbh, I did get some early but I ordered sushi (thuisbezorgd.nl accepted btc) and raspberry pi stuff from Pi Hut for amounts that make me cry in retrospect. Still, I'm not that 10k BTC pizza guy so there's that.
exactly. Honestly, Bitcoin is very efficient with its energy usage. The economics encourage miners to find untapped energy sources, such as;
methane gas that would otherwise be flared, excess hydro power when flood water demands a dam be open beyond capacity, solar farms during the peak of the day when they generate too much electricity. Hardly anybody plugs into the wall and buys electricity at market rate; it's too expensive
> If someone generated the right numbers by chance and had luck
The whole point of cryptography is nobody could possibly guess these numbers within the lifetime of the universe. If this assumption is somehow proven wrong, we've probably got bigger problems than one person losing money.
While I don't agree with this like of reasoning I think a potential counter argument would be that in crypto currency ownership is determined by access to private keys and not other traditional means (essentially this argument says its not stealing because ownership is determined by access).
Ignoring the prospects, this is a neat case to explain sharing memory in multiprocessing.
You're reading the file in every process, this needs mem x N for N processes.
If you first read in the file, create the set, and then use multiprocessing, you will get forked processes sharing the parent's memory, i.e. only need 1 x N the memory.
Funny thing is even though it's throwaway code, ensuring everything worked as expected felt really high-stake since a bug would mean a found key would be lost!
Edit: Also not sure if shared memory would be slower in python3 (or if it was, whether it would matter in this use-case), but an interesting thing to profile.
multiprocessing relies on the OS' fork() to share the memory transparently to the child(ren). The pages containing the memory will refer back to the same physical page until they're written to. This is what grandparent meant by "sharing memory".
multiprocessing also provides a way to access the OS' explicit shared memory usually used as an IPC mechanism.
multiprocessing's "shared memory" facility is for writable memory.
What I described is extremely handy as you simply move the parsing code up in the script, before your function definition, and "magically" gain memory efficiency.
Miners aren't brute forcing keys to existing wallets and stealing the bitcoin, as that's effectively impossible even for the biggest mining rig (like, a mining rig the size of the sun couldn't do it in a trillion years)
They really can't though. Asics are designed to do the SHA2(SHA2()) function over and over again. A private key is any number between 1 and 2^256 power. An ASIC arguably couldn't even perform the operations to query the Bitcoin blockchain and see how many unspent UTXO's the private key's corresponding public key controls.
Astronomical. You could convert every computer into existence into hunting for used private keys, and run them for the lifetime of the universe, and you’d be unlikely to find even one used key.
Quantum computers can be used to crack public keys for a bitcoin account yes, but an addresses public keys are only published when a transaction is made
Best practice for secure bitcoin accounts is to always send the entire balance when making a transaction, and have the "change" go back to a new address
Well, theoretically, instantly. But that’s kind of like asking what if I had this potion that instantly cured every disease known to man and then some, what would happen. What sort of quantum computer are you talking about? How many qubits?
BTC addresses that have never sent BTC are not vulnerable to quantum computers as the public key is only sent when a transaction is made. The address you send to is a hash of the public key and irreversible even with quantum computers
How do the units work there? The dimensions would be time^(1/2)... That isn't a physical time.
It's it the number of operations which is the square root? (Presumably the different types of computer don't take the same amount of time per operation)
Mining involves guessing a salt which, when added to data for a single block’s with of transactions, makes the hash have a certain sum of zeros.
They are only the same in that they are using randomness to search for some number satisfying a given criteria. But, for example, you couldn’t use mining hardware to search for wallets with open balances. The mining hardware is specially optimized for one thing only.
You're assuming the crypto is flawless and forever hard, even with new computational paradigms.
We've shown time and time again that our undefeatable algorithms aren't.
Would you be comfortable if the Blockchain was frozen in time for a hundred years, after which you could withdrawal your balance? Would it be impervious over that time frame?
I mean...btc will eventually hit the supply limit. Sort of hilarious if all mining hardware was repurposed at that point to work on brute forcing instead
The supply limit is irrelevant in this case. In order to remain secure, the cost to attack Bitcoin must be proportional to the value represented by Bitcoin. Currently, when proof of work is performed, it is funded in large part by increasing a ledger value without a corresponding decrease elsewhere (aka "minting"). In the future, when proof of work is performed, transaction fees will need to increase in order to provide a similar incentive.
If the sum of the block reward and the transaction fees decreases, then that would result in fewer groups willing to perform proof of work calculations, and would be followed by a decrease in the proof of work difficulty in order to maintain ~1 block every ten minutes. That lowered difficulty then results in a lower cost to attack Bitcoin.
So, there must always, always be profit in running proof of work calculations. Not only that, but to maintain the security of the ledger, any increase in Bitcoin valuation must result in a proportional increase in proof of work expenditure across the entire network. It's an absolute disaster of a system.
Have you explored the space of "poorly generated keys"? I assume someone has screwed up their key generation at some point in a predictable way, and that's a much smaller space than every possible way.
I always wanted to make a lottery which randomly bruteforces against Satoshis initially mined coins. Therefore you won't harm a financial institution on the way to win.
I have a script[1] that generates a pub+private key and checks against a massive file of addresses with BTC[2]. The list of addresses is loaded in memory as a python `set` so checking is O(1), but I feel like optimisations at increasing the rate are futile, since no matter what you're basically rolling the die and hoping RNG lands on your side in your lifetime and your universe of all possible universes.
1. https://github.com/theden/btc-heist
2. https://bitkeys.work/download.php has a weekly updated CSV of all known addresses with nonzero BTC balance