
Large Bitcoin Collider Is Generating Trillions of Keys and Breaking into Wallets - jonbaer
https://motherboard.vice.com/en_us/article/the-large-bitcoin-collider-is-generating-trillions-of-keys-and-breaking-into-wallets
======
Animats
About 10% of Bitcoins were created early, before 2012, and have never been
traded. If somebody ever finds the key of the early lost Bitcoins, they'll
have a huge payoff, over a billion dollars. Speculation is that either
"Satoshi Nakamoto", whoever he is, is holding onto them for a big payoff, or
somebody lost the private key for all those early Bitcoins. As the years go
on, the second explanation seems more likely.

~~~
lern_too_spel
Gaining access to the early wallets and bringing those Bitcoins into
circulation will lead to a crash in Bitcoin value due to both increasing the
supply (as in
[https://en.m.wikipedia.org/wiki/Spanish_Price_Revolution?wpr...](https://en.m.wikipedia.org/wiki/Spanish_Price_Revolution?wprov=sfla1))
and decreasing confidence of other Bitcoin holders in the security of their
wallets. You could extract some portion of the value if you do it slowly and
pretend that Nakamoto is using his wallets, but you will not be able to
extract their current market value.

~~~
Kinnard
While agree the increase in supply would drop the price I don't think the
Spanish Price Revolution is analogous . . I think that's more analogous to
what cryptocurrencies are doing to the Dollar.

~~~
lern_too_spel
In what way? Cryptocurrencies can be treated as just another asset.

~~~
Kinnard
Assets than can be created ex nihilo which will drive inflation.

------
chejazi
Not sure their what their heuristics are for narrowing the search space, but
there certainly are some good ones. For instance, early versions of
blockchain.info's wallet generated private keys by reading an ARC4 stream that
had been seeded with Math.random() calls xor'd with timestamps. Quite the
circus!

~~~
mankash666
If collisions exist in the hashing algorithm, how you derive the seed for a
random number generator is pointless

~~~
Ded7xSEoPKYNsDd
Every hashing algorithm has collisions, for good cryptographic ones there's
just no practical way of finding them.

~~~
estro
There is no practical way of finding a collision for a specific key. Finding
collisions to one of the created keys non-specifically is a much smaller
search space.

------
notamy
[http://directory.io/](http://directory.io/) seems relevant here.

~~~
dzhiurgis
You could utilise google's cache with this one.

------
vbezhenar
It seems suspicious. Bitcoin cryptography isn't broken, AFAIK, so chance to
randomly break into any real wallet should be almost non-existent. I think,
they either lying or exploit something different, like RNG weakness.

~~~
alphydan
This explains the approach in more detail:
[https://lbc.cryptoguru.org/man/theory](https://lbc.cryptoguru.org/man/theory)

~~~
awirth
This is confusing to me. The link describes narrowing the search space to
~136.17bit, but that is still far too large to be tractable. Do they get an
additional birthday bound on that somehow? 68 bits would not be insane, but I
don't really understand what's going on here.

I highly doubt they found a collision with a probability of 2^-136, unless
they exploited some kind of bad RNG bug (in which case the probability is much
higher, of course).

~~~
ryan-c
No birthday bound. The keyspace reduction is based on the number of addresses
with a balance.

------
domador
If this kind of attack is feasible, then maybe one should have several wallets
and spread one's Bitcoin funds among these wallets, to dilute the risk. Maybe
one wallet could be used just for receiving external transactions, but its
funds could be immediately transferred to other wallets. Or maybe there are
also weaknesses to this approach...

I'm not currently a Bitcoin user, and ambivalent about Bitcoin's virtue, but
still hope that this kind of attack turns out to be fruitless and impractical.

~~~
bigtimeidiot
> _then maybe one should have several wallets and spread one 's Bitcoin funds
> among these wallets, to dilute the risk_

Sounds like Bitcoin is ready for the mainstream!

~~~
pavel_lishin
To be fair, aren't bank accounts only insured by the government for up to
$250,000 per account?

~~~
salesguy222
To make matters worse, they're only insured to 250k in the event of a bank
failure (running out of money)

having your account or identity hacked, on the other hand, you are on your own
to make sure the bank replenishes your account ^.^

~~~
obstinate
That is not true. The law obligates the bank to make you whole (subject to
certain limits if you delay reporting until well after you knew of the theft).

~~~
salesguy222
The first tier is 3 days. Additionally, you need to spend money to be made
whole, which you can of course sue for legal costs afterwards.

These are non-trivial steps and there are not many banks waiting out there to
just give you your money back without some prodding

~~~
obstinate
Three days from when you become aware does not seem unreasonable to me.
Further losses are preventable and if you choose not to prevent them, it makes
sense to me that you should bear some responsibility.

I'm not sure what you mean when you say you have to spend money to be made
whole. I'm not aware of the banks having any right to charge you in order to
get them to comply with the law. Would you please explain?

~~~
salesguy222
You would need to sue them in a court of law if they don't comply, which
involves hiring a lawyer, which of course is needlessly expensive.

A bank that follows the law after your money has gone poof is the /best/
situation you can hope for, and probably isn't the /average/ or /median/
situation.

I don't check my many bank accounts every day and I prefer to spend days out
in the wild with little internet. I will not be a happy camper on the day I'm
hacked and my bank tries to explain why it's my fault that they can't pay me
:)

~~~
obstinate
I know several people who have had their bank accounts stolen at one point or
another, and it's never required a lawsuit to be made whole. This is because
almost all the transactions by which you can lose money through your bank are
reversible, except for cash withdrawals.

------
hrehhf
It appears that they are finding the private keys for transactions that
already occurred. Reusing an address is not part of Bitcoin's design and it
was never intended for people to do that. By not reusing addresses (not
reusing private keys) I think one would be immune to this attack. The article
doesn't seem to have much detail; anyone have more detail on this?

Edit: The details are in the URL posted by alphydan; it looks like address
reuse does not matter with their method.

~~~
csomar
Even more important, by reusing addresses you are making more signatures using
the same private key. This has proven to be a vulnerability where one can
deduce the private key from these signatures (though limited to a bad
implementation) but it's worth considering.

------
Bedon292
Very interesting work. 3 Quintillion keys generated, 3 private keys with coin
in them. I have to wonder what processing power is being put into it, and if
that power would be more effective at just mining coin, if someone were just
after the money. At least in the short term. I think in the long term attacks
like this might become more and more prevalent. Because at some point it may
be easier to do this than mine new bitcoin.

~~~
josst
Bitcoin is finite and one would expect the supply to become smaller over time
thanks to keys being lost or owners dying and their accounts being
inaccessible. In the long term guessing keys may be the only way to obtain new
coins.

~~~
api
The new mining...

This would basically make Bitcoin Keynesian, since coin stored in wallets
would now decay with a given probability. So you would have to invest it at
least a little to beat the decay (shrinkage) rate.

~~~
panarky
Bitcoin becomes unspendable and worthless when the private keys are lost.

But when you have the private keys, your Bitcoin doesn't "decay". On the
contrary, it becomes more scarce, and therefore more valuable.

~~~
TheDong
You missed the point.

Once the primary way of gaining bitcoins is hacking wallets, the longer a
bitcoin is behind the same private key, the longer that given wallet is a
target.

~~~
billions
IMO, the most vulnerable wallets are going to be the ones actively in use and
stored insecurely, for example, on Windows machines subject to the recent NSA
bug.

------
arcaster
Maybe this is what the future of "treasure hunting" looks like?

Myself and a friend ran a wallet recovery service a while back, brings back
memories haha. Very cool work, even as someone who works in the blockchain
space.

------
ge96
Collide her? I just met her haha

