{"id":18567146,"url":"https://github.com/cuda8/bitcoin_hack","last_synced_at":"2025-04-10T05:32:41.870Z","repository":{"id":258593556,"uuid":"874224935","full_name":"cuda8/Bitcoin_Hack","owner":"cuda8","description":null,"archived":false,"fork":false,"pushed_at":"2024-10-17T13:21:55.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-20T20:31:41.929Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cuda8.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-17T13:10:34.000Z","updated_at":"2024-10-19T15:22:45.000Z","dependencies_parsed_at":"2024-10-20T21:45:39.401Z","dependency_job_id":null,"html_url":"https://github.com/cuda8/Bitcoin_Hack","commit_stats":null,"previous_names":["private-soft/bitcoin_hack","cuda8/bitcoin_hack"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuda8%2FBitcoin_Hack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuda8%2FBitcoin_Hack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuda8%2FBitcoin_Hack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cuda8%2FBitcoin_Hack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cuda8","download_url":"https://codeload.github.com/cuda8/Bitcoin_Hack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223426060,"owners_count":17143050,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T22:25:35.093Z","updated_at":"2024-11-06T22:25:35.541Z","avatar_url":"https://github.com/cuda8.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"Hi. Thanks for passing this along so it gets some attention.\u003cbr\u003e I was worried if I posted this somewhere it would mostly go unnoticed.\u003cbr\u003e Also, I'm trying to stay anonymous because I don't want to be accused of being the person who came up with this exploit or be blamed by any company for any damages.\u003cbr\u003e It's an interesting technical story so I thought I would share it.\n \n \n-------- story begins here ----------------\n \n \nI returned 9 BTC to reddit user fitwear who recently claimed were stolen from their blockchain.info wallet.\n \nI have evidence that some bitcoin address generation code in the wild is using private keys that can easily be discovered on a regular basis.\u003cbr\u003eThis is either intentional or by mistake.\u003cbr\u003eSome wallets have been compromised by what is probably an innocent looking piece of code.\u003cbr\u003e Furthermore, someone has been siphoning bitcoin on a regular basis since 2014 from them.\u003cbr\u003eWhether they discovered this by accident (like I did) or are the ones who installed the code themselves, I don't know.\u003cbr\u003e It looks like either a clever exploit or a coding error.\u003cbr\u003eIt could also be yet another piece of malware, however as I explain below, I feel this is less likely the case.\u003cbr\u003eIn order to fully understand how this works and how I discovered it, please read on.\n \nSome Background\n---------------\n \nI've been following bitcoin since I first heard of it in 2011.\u003cbr\u003eOne of the things that fascinated me was the ability for someone to create private keys from just about anything using Sha256 (i.e.\u003cbr\u003eSha256(password/phrase)).\u003cbr\u003e This, of course, is NOT a recommended way of obtaining a private key since if YOU can think of the word/phrase, someone else can too and the likelihood of your bitcoins being stolen is quite high.\u003cbr\u003eThe most secure private keys are generated randomly.\u003cbr\u003eThe probability of someone else being able to generate the same sequence of 32 random bytes is so close to 0, it is highly improbable anyone ever will (given the expected lifespan of the universe).\n \nIf you peer into the blockchain, you will find that people have 'played' with the chain by sending small amounts of bitcoins to addresses corresponding to private keys generated using Sha256.\u003cbr\u003e For example, Sha256 of each word in the entire /usr/dict/words file found on most UNIX systems has had a small amount sent to it.\u003cbr\u003e There was a site called brainwallet.org that made it easy for you to convert a phrase into a private key + public address.\u003cbr\u003e (The code is still available on GitHub but has since been removed from the Internet).\u003cbr\u003e Try using phrases like \"i find your lack of faith disturbing\", \"these aren't the droids you're looking for\" or \"satoshi nakamoto\" as inputs to Sha256.\u003cbr\u003e You'll find the addresses corresponding to those private keys have had small amounts sent to them (and transferred out).\u003cbr\u003e It's quite obvious these were _meant_ to be found.\u003cbr\u003eIt turns out there are a lot of these addresses.\u003cbr\u003e(Keep looking and you will easily find some.)\u003cbr\u003eThis is nothing new and has been known to the bitcoin community for a while.\n \nI always had the idea in the back of my mind to try and find other non-trivial examples of 'discoverable' private keys.\u003cbr\u003e That is, something beyond Sha256(word/phrase).\u003cbr\u003eSo I decided to try and hunt for buried bitcoin treasure.\u003cbr\u003e Perhaps I could find some bitcoin intentionally hidden by someone that hadn't yet been discovered?\u003cbr\u003eIn the first couple weeks of June 2017, I finally devoted some time to the task.\u003cbr\u003eI honestly didn't expect to find much but I was amazed at what I ended up discovering.\u003cbr\u003e I began by writing a program to scan every block in the blockchain and record every public address that had ever been used.\u003cbr\u003e (Note: I didn't only store addresses for which the balance was greather than zero, I stored ALL of them which is why I believe I ended up accidentally discovering what I did.)\u003cbr\u003eThere were only about 290 million at the time so this wasn't a big deal.\n \nThe Experiments\n---------------\n \nWhat follows is a description of my experiments and what led me to discover what I believe is either a scam or really bad coding error.\n \nExperiment 1\n------------\n \nMy first experiment was to see if anyone used a block hash as a private key.\u003cbr\u003eThat would actually be a nifty way to 'compress' 32 bytes in your head.\u003cbr\u003e You would only have to remember the block height (which is only maybe 6 digits) and the corresponding larger 32 byte number would be saved for all time in the chain itself!\n \nResults: Success! I found 46 addresses that had some amount of bitcoin sent to them between 2009 and 2016.\u003cbr\u003e As expected, these all had 0 balances either because the owner had taken them back or they were discovered by someone else.\n \nHere are two examples.\u003cbr\u003eYou can use blockchain.info to see these hex values are actually block hashes from early in the chain.\u003cbr\u003e This happened on/off up until mid-2016.\n \n1Buc1aRXCqdh6r7PRYWPAy3EtVFw5Ue5dk 000000006a625f06636b8bb6ac7b960a8d03705d1ace08b1a19da3fdcc99ddbd\n1KLZnkqU94ZKpgtcWCRs1mhqtF23jTLMgr 000000004ebadb55ee9096c9a2f8880e09da59c0d68b1c228da88e48844a1485\n \nNothing really alarming so far.\n \nExperiment 2\n------------\n \nSimilar to my first experiment, I then searched for addresses that were generated from the merkle root used as a private key.\u003cbr\u003e (BTW, I searched for both compressed/uncompressed keys, so each 32 bytes resulted in two address look-ups from my database).\n \nResults: Yes! I found 6 addresses again up until mid-2016.\u003cbr\u003e Even though every address I found had a 0 balance (again expected), I was having fun with my success!\n \nExample:\n \n13bkBdHRovsBkjM4BUsbcDNr9DCTDcpy9W 6c951c460a4cfe5483863adacafad59e5de7e55876a21857733ca94049d7d10c\n \nSimilar to merkle root and block hashes, transaction ids (hashes) also seem to have been used as private keys.\u003cbr\u003eStill nothing alarming to me thus far.\n \nExperiment 3\n------------\nI wondered at this point if anyone might have used repeated Sha256 on words.\u003cbr\u003e Why stop at just one iteration when you can easily do one million?\u003cbr\u003eAlso, it becomes less likely to be discovered the more iterations you do.\u003cbr\u003e I found a bunch.\u003cbr\u003e Here are a few:\n \nSha256('sender') x 2\n \n18aMGf2AxQ3YXyNv9sKxiHYCXcBJeJv9d1 098f6d68ce86adb2d8ba672a06227f7d177baca3568092e4cda159acca5eb0c7\n \nSha256('receiver') x 2\n1C3m5mFx6SjBCpw6qLqzM8izZArVYQ9B5u 6681b4b6aa44318e55a724d7135ff23d76eb75847802cd7d220ecaa8427b91d4\n \nSha256('hello') x 4\n \n17UZ4iVkmNvKF9K2GWrGyMykX2iuAYbe1X 28b47e9b141279ea00333890e3e3f20652bbd7abc2b66c62c5824d4d6fe50ac9\n \nSha256('hello') x 65536\n \n1Mi5mVANRNAetbJ21u2hzs28qCJC19VcXY 52fa8b1d9fbb264d53e966809ce550c3ab033248498da5ac0c5ab314ab45198e\n \nSha256('password') x 1975 (This one's my favorite, someone's birth year?)\n \n13mcYPDDktHdjdq9LwchhU5AqkRB1FD6JE 6e8cdae20bef63d33cb6d5f1c6c9c954f3148bfc88ef0aa1b51fd8b12fa9b41c\n \nPeople were obviously burying bitcoin in the chain.\u003cbr\u003eWhether they expected the coins to be taken or not, we'll never know.\u003cbr\u003e But these methods were still highly 'discoverable' in my opinion.\n \nExperiment 4\n------------\n \nMy last experiment is the one that led me to believe someone was siphoning bitcoin from some service on a regular basis and has been since 2014.\n \nTake a look at this private key:\n \n\u003cbr\u003e\u003cbr\u003eKyTxSACvHPPDWnuE9cVi86kDgs59UFyVwx2Y3LPpAs88TqEdCKvb\n \nThe public address is:\n \n\u003cbr\u003e\u003cbr\u003e13JNB8GtymAPaqAoxRZrN2EgmzZLCkbPsh\n \nThe raw bytes for the private key look like this:\n \n\u003cbr\u003e\u003cbr\u003e4300d94bef2ee84bd9d0781398fd96daf98e419e403adc41957fb679dfa1facd\n \nLooks random enough.\u003cbr\u003eHowever, these bytes are actually sha256 of this public address!\n \n\u003cbr\u003e\u003cbr\u003e1LGUyTbp7nbqp8NQy2tkc3QEjy7CWwdAJj\n \nI discovered this by performing Sha256 on all the public addresses I had collected from the setup of my experiments and then seeing if those addresses (from the generated private keys) were ever used.\u003cbr\u003e Bingo!\u003cbr\u003eLots were coming up.\u003cbr\u003e I searched a fraction of the chain and found dozens.\u003cbr\u003e I also found these addresses had bitcoin sent to them very recently (within weeks/days of when I discovered them.)\n \nI asked myself, \"Why would someone do this?\"\n \nAt first, I thought this was someone who thought they could get away with having to remember only one piece of information rather than two.\u003cbr\u003e Maybe they have one favorite address/private key combo and derived another from that one?\u003cbr\u003eI thought it was possible.\u003cbr\u003e You could keep doing this in a chain and derive as many as you wanted and only ever have to remember the first one.\u003cbr\u003e But I ruled this out for one simple reason; bitcoins transferred into those addresses were being transferred out within minutes or SECONDS.\u003cbr\u003eIf someone generated these private keys for themselves, then why would the coins be almost immediately transferred out in every case I looked at?\n \nHere are some more (complete list at end of this doc):\n \n16FKGvEtu5KPMZqiTK4yjmsSZsJLyxz9fr from Sha256(1CRWfJdgVrfKLRS4G3vTMRhEQrCZZyHNMo)\n1HwxL1vutUc42ikh3RBnM4v2dVRHPTrTve from Sha256(1FfmbHfnpaZjKFvyi1okTjJJusN455paPH)\n1FNF3xfTE53LVLQMvH6qteVqrNzwn2g2H8 from Sha256(1H21ndKEuMqZbeMMCqrYArCdV8WeicGehB)\n \nIn every case I looked at, the coins were moved away within minutes or seconds.\n \nIt was much more likely that a bot was waiting for those coins to show up.\u003cbr\u003eAlso, transactions are STILL happening to this day on those addresses!\u003cbr\u003eBut how can that bot know in advance that address was about to receive bitcoins?\n \nA Scam or a mistake?\n--------------------\n \nIt is at this point I formed a theory on what was really happening.\u003cbr\u003eIt is likely that someone installed malicious code into the backend system of a mining pool, an exchange, or possibly wallet generation code.\u003cbr\u003eThey are using public information so that they can discover the private keys easily and steal the coins on the side.\n \nBut why would they use Sha256(public_address)?\u003cbr\u003eWhy not do Sha256(public_address + some super hard to guess random sequence) or just use a hard-coded address?\n \nWell, I have a theory on that too.\u003cbr\u003e It can't be hard-coded or it would look suspicious in a source code repository.\u003cbr\u003e It's likely the code was introduced by someone who works (or worked) for some company connected to bitcoin (exchange/mining pool/gambling site/wallet).\u003cbr\u003e Code submitted by developers into source control systems usually goes through a code review process.\u003cbr\u003eIt would be much easier to hide an innocent looking Sha256 operation inside the millions of lines of code that make up the backend.\u003cbr\u003e Sha256 is used all over the place in bitcoin and it wouldn't look suspicious.\u003cbr\u003e The function would be readily available.\u003cbr\u003e However, if code were to be submitted that performed Sha256(address + \"secret_password1234xyz\"), that would look VERY suspicious.\u003cbr\u003e My guess is someone has slipped in a routine that LOOKS harmless but is actually diverting bitcoin to their awaiting bot ready to gobble them up.\n \nIt's actually quite clever.\u003cbr\u003e No one can know the destination address in advance.\u003cbr\u003e You would have to keep performing Sha256 on all public addresses ever used to catch that one in a million transaction.\u003cbr\u003e Someone would be able to capture those coins by simply watching for a transaction into an address that corresponds to a private key generated from Sha256 of one of the existing public addresses.\u003cbr\u003e Keeping such a database is trivial and lookups are quick.\n \nTo be fair, I suppose this could be a coding error.\u003cbr\u003e Anything is possible with a buffer overflow.\u003cbr\u003eI would love to see the code if this is ever found.\n \nTransactions were STILL happening right up until a couple weeks before I made this discovery!\u003cbr\u003eSo I wrote a bot to try and 'catch' a transaction.\n \nMind Blown\n----------\n \nWithin the FIRST 48 HOURS of my bot going live, on Jun 19, a whopping 9.5 BTC was transferred into an address for which I had the private key.\u003cbr\u003e This was approximately worth $23,000 USD at the time.\u003cbr\u003e I was shocked.\n \nThis is the address: 12fcWddtXyxrnxUn6UdmqCbSaVsaYKvHQp\n \nThe private key is: KzfWTS3FvYWnSnWhncr6CwwfPmuHr1UFqgq6sFkGHf1zc49NirkC\n \nwhose raw bytes are derived from Sha256 of:\n \n16SH69WgJCXYXWV58sxjTxonhgBh5HCZTt (which appears to be some random address previously used in the chain)\n \nBUT...\u003cbr\u003eI had failed to test my program sufficiently and it failed to submit the transaction!\u003cbr\u003eThe 9.5 BTC was sitting there for almost 15 minutes before being swept away by someone else.\u003cbr\u003e I honestly didn't think the first amount to cross my radar would be so high.\u003cbr\u003e The other samples I found from past transactions were for tiny amounts.\u003cbr\u003e It is quite possible that whoever moved them later out of the poisoned address actually owned them.\u003cbr\u003e Maybe someone else's sweeper bot only takes small amounts most of the time to avoid attention?\n \nAt this point, I was pretty confident I was on to something not yet discovered by anyone else.\u003cbr\u003e I _could_ have taken those 9.5 BTC and if this was known to others.\u003cbr\u003eAlso, if you look into the history of that account, 12 BTC was transferred into it (and out right away) only one month earlier.\u003cbr\u003e No one has claimed any theft (to my knowledge) involving that address.\n \nI fixed my program (actually tested it properly this time) and let it run again.\u003cbr\u003e My program detected more transactions (2 within the next 48 hours).\u003cbr\u003eI coded my bot to ignore anything less than .1 BTC so I didn't move them.\u003cbr\u003e I didn't want to tip off the anyone that I knew what they were doing (if that was indeed the case).\n \nAnother 3-4 days passed and the next hit my bot detected was for roughly .03 BTC (~$95USD).\u003cbr\u003e For some reason, this was not transferred out immediately like the rest.\u003cbr\u003e By this time it was July 4th weekend.\u003cbr\u003e I let this one sit too and it took a full 7 days before it was moved (not by me).\u003cbr\u003e It may have been the legitimate owner or a bot.\u003cbr\u003e We'll never know.\n \nThe destination address was: 1LUqqMzaigWJTzaP79oxsD6zKGifokrh7p\u003cbr\u003e\nThe private key raw bytes were: c193edeeb4e7fb5c3e01c3aebd2ec5ac13f349a5a78ca4112ab6a4cbf8e35404\n \nThe plot thickens...\n--------------------\n \nI didn't realize it at the time but that last transfer was into an address for a private key not generated from another public address like the first one.\u003cbr\u003e Instead, this address was generated from a transaction id!\u003cbr\u003eI had forgotten that I seeded my database with private keys generated with transaction ids as part of one of my earlier experiments.\u003cbr\u003e I didn't label them so I didn't know which were from Sha256(pub address) and which were from transaction ids.\u003cbr\u003e I found some hits at the time but when I checked the balances for those accounts, they were all zero and I didn't think anything of it.\u003cbr\u003e But now my database was detecting ongoing transfers into THOSE addresses (transacton id based) too!\n \nOkay, someone was possibly using information from the blockchain itself to ensure private keys were discoverable for the addresses they were funelling bitcoin into.\u003cbr\u003e The interesting thing is I found a link between the 12fcWddtXyxrnxUn6UdmqCbSaVsaYKvHQp address (via sha of a public address) AND the 1LUqqMzaigWJTzaP79oxsD6zKGifokrh7p transfer (via the tx id as a key).\u003cbr\u003e In the history of both of these addresses, you can see the BTC eventually ended up into this address: 1JCuJXsP6PaVrGBk3uv7DecRC27GGkwFwE\n \nAlso, the transaction id was for the previous transaction to the one that put the BTC in the toxic (discoverable) address in the first place.\u003cbr\u003e Now it became even more clear.\u003cbr\u003e The malicious code sometimes used a recent transaction id as the private key for the doomed destination address.\u003cbr\u003eFollow the .03 BTC back and you will see what I mean, you eventually get to the txid = private key for that discoverable address.\n \nThe 1JCuJXsP6PaVrGBk3uv7DecRC27GGkwFwE address is ONE of the collection addresses.\u003cbr\u003e I have reason to believe there have been many over the years.\u003cbr\u003e This one only goes back to approximately March 2017.\u003cbr\u003e You can see in the history of this one address when they consolidated their ill-gotten gains into one transaction back to themselves.\n \nI let my bot run longer.\u003cbr\u003eThe next hit I got was for block hashes that were used as private keys (see Experiment #1).\u003cbr\u003e Sure enough, this address also had links to the 1JCuJXsP6PaVrGBk3uv7DecRC27GGkwFwE collection address!\n \nAnd remember my merkle root experiment? I believe those were also part of this.\u003cbr\u003e However, I have not linked those to this one particular collection address yet.\u003cbr\u003e In the end, I found a total of four different 'discoverable' private key methods being used.\n \nI made sure my database was filled with every block hash, merkle root, transaction id and Sha256(public address) for private keys and let my bot run.\u003cbr\u003e Transactions for all four types were showing up, again for tiny amounts which I ignored.\u003cbr\u003eBy this time, I was watching BTC getting taken in small amounts regularly.\u003cbr\u003eSometimes, I saw as many as 6 transactions fly by in one day.\n \nHow fitwear lost (and got back) 9 BTC\n-------------------------------------\n \nOn Nov 12, my program saw 9 BTC transferred into an address that my database had the private key for.\u003cbr\u003eI had searched for that address too to see if anyone was claiming ownership but I didn't see anything.\u003cbr\u003e I decided to send a small amount to a well known puzzle address to give the transaction some public scrutiny in an anonymous way (1FLAMEN6, I'm still trying to solve this BTW).\u003cbr\u003e Shortly after, I became aware of fitwear's reddit post claiming theft after someone noticed the prize amount had been topped off and linked the two events together.\n \nI contacted fitwear privately and returned their coins minus the small amount I sent to the puzzle address.\u003cbr\u003e Blockchain.info's original response to his support ticket, was that his system must have been compromised.\u003cbr\u003e However, if you read his post, he took every precaution including typing in the key for his paper wallet instead of copy/paste and using 2FA.\u003cbr\u003e \n \nIn his case, in Aug 2017, he imported the private key for his 1Ca15MELG5DzYpUgeXkkJ2Lt7iMa17SwAo paper wallet address into blockchain.info and submitted a test transaction.\u003cbr\u003e At some point between then and Nov 12, the compromised 15ZwrzrRj9x4XpnocEGbLuPakzsY2S4Mit got into his online wallet as an 'imported' address.\n \nTogether, we contacted blockchain.info and I relayed the information I just outlined above to them.\u003cbr\u003e Their security team investigated but found no evidence it was their system that was at fault.\u003cbr\u003eI suppose it's possible his system was somehow compromised back in August and managed to import a key into blockchain.info without him knowing it.\u003cbr\u003e Or someone else logged into his account, imported the key, then waited.\u003cbr\u003e I feel the malware/login explanations are much less likely because it looks like code attempting to 'hide in plain sight' to me.\u003cbr\u003e You wouldn't need to use Sha256(address) or block hash or txid or merkleroot if you were malware or an unauthorized login.\u003cbr\u003e You would at least salt or obscure the key with some bit of knowledge only you know so that only you could derive the private key (as mentioned earlier).\u003cbr\u003e The fact that information from the blockchain itself is being used indicates it may be some transaction processing logic.\u003cbr\u003e Also, fitwear took extreme precautions (you can read his reddit post for details).\u003cbr\u003e The origin of these poison destination addresses remains a mystery.\n \nIf it's the case that some wallet generation code is doing this, then it may be the case that we're seeing 'change' transactions.\u003cbr\u003e When you create a wallet, there maybe 20 addresses generated.\u003cbr\u003e They are all supposed to be random keys.\u003cbr\u003e If this rogue code creates one of them in this manner (based on the public address string of an earlier one), then at some point, your 'change' will get put back into it as the wallet 'round-robins' through the list.\n \nfitwear's 15Z address sat unused until Nov 12 when fitwear transferred his 9 BTC into it using blockchain.info.\n \nTo see the connection, take a look at this:\n \necho -n \"1Ca15MELG5DzYpUgeXkkJ2Lt7iMa17SwAo\" | sha256sum\u003cbr\u003e\n9e027d0086bdb83372f6040765442bbedd35b96e1c861acce5e22e1c4987cd60\n \nThat hex number is the private key for 15ZwrzrRj9x4XpnocEGbLuPakzsY2S4Mit !!!\n \nfitwear insists he did not import the key for that address.\u003cbr\u003e Did Blockchain.info generate it or was it added by mallicious browser code? We may never know.\n \nSee below for the complete list of other Sha256 based addresses that suffer from the same issue.\u003cbr\u003eI believe this is happening for others.\u003cbr\u003e It's likely, that the small amounts usually taken are going unnoticed by the owners.\n \nWhat does this mean for bitcoin?\u003cbr\u003eNothing probably.\u003cbr\u003eI believe the bitcoin network itself to be secure.\u003cbr\u003e However, as long as humans are involved in the services that surround it (mining pools, exchanges, online/mobile wallets) there is always a chance for fraud or error.\u003cbr\u003e The bitcoin network itself may be 'trustless', but anything humans touch around its peripheries is certainly not.\u003cbr\u003e And you need to use those services to get in/out of the network.\u003cbr\u003e So even with bitcoin, it still boils down to trust.\n \nTo be fair to blockchain.info, only Sha256(public address) (one in particular) was found to be present in one of their wallets.\u003cbr\u003eThe other 3 methods I described above could be completely unrelated.\u003cbr\u003e And they could all possibly be a (really weird) software bug.\n \nHere are 100+ addresses that received bitcoins whose private keys are the bytes resulting from Sha256 of another public address.\u003cbr\u003e Most of these came from a scan I did of old transactions, not while my bot was running.\u003cbr\u003e Blockchain.info told me they do not appear to have been generated by their system.\n \nAlso, the list of addresses I\"m providing are only the subset that have already had some BTC transacted through them.\u003cbr\u003e There are likely hundreds more lying dormant inside people's wallets that have not been used yet.\n \nHere is the list:\n \n1G2rM4DVncEPJZwz1ubkX6hMzg5dQYxw7b Sha256(1PoHkMExsXDDBxpAwWhzkrM8fabmcPt6f4)\u003cbr\u003e\n1Kap8hRf8G71kmnE9WKSBp5cJehvTEMVvD Sha256(1LdgEzW8WhkvBxDBQHdvNtbbvdVYbBB2F1)\u003cbr\u003e\n1LsFFH9yPMgzSzar23Z1XM2ETHyVDGoqd5 Sha256(1FDWY63R3M87KkW2CBWrdDa4h8cZCiov9p)\u003cbr\u003e\n13eYNM5EpdJS7EeuDefQZmqaokw21re4Ci Sha256(1E7kRki9kJUMYGaNjpvP7FvCmTcQSih7ii)\u003cbr\u003e\n1CcSiLzGxXopBeXpoNSchagheK9XR61Daz Sha256(191XapdsjZJjReJUbQiWAH3ZVyLcxtcc1Y)\u003cbr\u003e\n1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD Sha256(16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG)\u003cbr\u003e\n1A17F9NjArUGhkkiATyq4p8hVVEh2GrVah Sha256(1Je3tz5caVsqyjmGgGQV1D59qsCcQYFxAW)\u003cbr\u003e\n1GGFXUL1GoHcEfVmmQ97getLvnv6eF98Uu Sha256(1DCfq8siEF698EngecE69GxaCqDmQ2dqvq)\u003cbr\u003e\n14XxBoGgaJd1RcV3TP8M4qeKKFL9yUcef1 Sha256(1Frj1ADstynCYGethjKhDpgjFoKGFsm5w5)\u003cbr\u003e\n18VZKyyjNR8pZCsdshgto2F1XWCznxs86P Sha256(1FEwM9bq3BnmPLWw5vn162aBKjoYYBfyyi)\u003cbr\u003e\n12fcWddtXyxrnxUn6UdmqCbSaVsaYKvHQp Sha256(16SH69WgJCXYXWV58sxjTxonhgBh5HCZTt)\u003cbr\u003e\n19T6HNnmMqEcnSZBVb1BNA6PrAKd5P2qZg Sha256(1Frj1ADstynCYGethjKhDpgjFoKGFsm5w5)\u003cbr\u003e\n1MWBsFxWJrNtK2cN2Vt7j3a9r5ubfn41nx Sha256(16era4SgYEcbZD1pu6oCBXGXjK2wSrePe8)\u003cbr\u003e\n1Ns55SngRhshA8kEnyuQ9ELZZPN7ubYfQJ Sha256(1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN)\u003cbr\u003e\n13CnacdjvuuTJkCWrZf33yMrQh5aVX5B14 Sha256(1KPDwnrzJAfD2V4oiPf55WBTAi6UJDvMjN)\u003cbr\u003e\n1MG1dTqtWVNqq3Qht88Jrie7SXp2ZVkQit Sha256(1UvM3rBJ8Sa1anQ8Du1mj5QZapFmWF7vH)\u003cbr\u003e\n1DBXjdbMWXmgt81E1W7AYRANVPiq12LsGd Sha256(1Poi5SE42WVR2GKPrwp9U3wYqEBLN6ZV1c)\u003cbr\u003e\n1GUgTVeSFd2L5zQvpYdQNhPBJPi8cN3i4u Sha256(1EjWVhiTyCdpTa29JJxAVLq27wP4qbtTVY)\u003cbr\u003e\n1JQ2shEPzkd3ZL3ZQx7gmmxFLvyhSg14cb Sha256(1KEkEmadjTYHCiqhSfourDXavUxaiwoX7f)\u003cbr\u003e\n125PcPD4QXzgDwNPForSFji8PPZVDr2xkp Sha256(1GRdTKgSq5sY3B4PiALPjKTXSXPXs6Ak7X)\u003cbr\u003e\n1kN83e7WRtsXD7nHn51fwdEAi51qk5dEe Sha256(1JcsBzKio1curbu9AtxTySxddvT4MKT3Da)\u003cbr\u003e\n1L5pzdXL4hhtMHNxFXHjjdhhSidY9kJVRk Sha256(1V8tWZw4J3G5kBgafGsfoVSNQEgkxDmeA)\u003cbr\u003e\n1cQH5XCsezkKt9zpwjHizz8YJZudDSwri Sha256(1AYKSUqCtDX1E34q4YoFnjwWSj41huWgGG)\u003cbr\u003e\n1DHWP6UjSKBBUR8WzTviWAGNgLfDc6V6iL Sha256(1MbzspFCdXjtqAUx3t6A11vzrk5c847mvE)\u003cbr\u003e\n1EqSvLnMhbRoqZkYBPapYmUjMS9954wZNR Sha256(1XAeTJCaYJgoBDwqC1rhPhu3oXiKuMs9C)\u003cbr\u003e\n1MJKz1M7dEQCHPdV5zrLSQPa4BGFAuNJyP Sha256(1BxzenHnSuKwqANALE5THeTCSRZkv3ReRP)\u003cbr\u003e\n18VZG5Dr8bYJWadHUgh7kC4RPS1VsvH4Ks Sha256(1qA59Na3WysruJbCPoomryDRCtJ4f4aLu)\u003cbr\u003e\n1CoyRECWJ4LHNiZAgAz9719chFkrDJuNMC Sha256(19o4Yjrd74qnZ3z87C67BShbbF4fSNHy8W)\u003cbr\u003e\n1ERKXYeaCy97KPdJTRbWjJDVzMbStJYqCm Sha256(1DMwZeQJXfWToRRHr5uRiKeucwDWkWLvkm)\u003cbr\u003e\n1mbcQaPzsaBoaYP4V6uwCA74BRPhroK3r Sha256(1KzSULbG3fRVjWrpVNLpoB6J62xYL42AdN)\u003cbr\u003e\n1gHad7cKWDcVKFeKcLRW4FhFAyw2R7FQZ Sha256(1LFCEek8FobJRXb5YrzWJ6M2y8Tx2Xg3NB)\u003cbr\u003e\n1DvtF6X5b9cBrMZa4Yff9tARCLqP5ZyB47 Sha256(14nuZCWe76kWigUKAjFxyJLFHQyLTsKXYk)\u003cbr\u003e\n1LzGrd5QX1rG5fk7143ps9isUTEwGyzRJE Sha256(19cMyj9KqVq78yZe32CNhgpyuGLMwM9X8S)\u003cbr\u003e\n153jMRXn251WyxT9nmJW2XDsFUJ648jyY5 Sha256(1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu)\u003cbr\u003e\n1EFBsAdysTf81k72v9Zqsj3NMuo6KoWD2r Sha256(1BBBvd9G5YThYVVMSGSxJzQvQiQm3WxJC2)\u003cbr\u003e\n14mRxKmeEw9DCBbpR596FYmfZVdBD8MJxh Sha256(1PLpQDyqDUcpK6fWpRhkkFVBw4tSK4sHkS)\u003cbr\u003e\n1Hg9pi75XWAT9pB3faXQFKKZbh98cbM5m Sha256(1JoshVWQDa7DzXqN3wQ9dbig5WEfaAzHcM)\u003cbr\u003e\n1PcExYX3mUJ1rwa4aTLNJUpxqRLU8MxPXm Sha256(1LTZ9kaxRHBZH43eSmZ2KoGLHHUBV3P2S5)\u003cbr\u003e\n1J9SzdYMZFsLqunQfPAswzogLNBitbREMD Sha256(1A7grBEjor6Sapj8KRbEGj2UrbnNt1Usxo)\u003cbr\u003e\n1FNF3xfTE53LVLQMvH6qteVqrNzwn2g2H8 Sha256(1H21ndKEuMqZbeMMCqrYArCdV8WeicGehB)\u003cbr\u003e\n1Q2a1ytfujskCEoXBsjVi1FqKWHegfFKwD Sha256(1LzGrd5QX1rG5fk7143ps9isUTEwGyzRJE)\u003cbr\u003e\n1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV Sha256(153jMRXn251WyxT9nmJW2XDsFUJ648jyY5)\u003cbr\u003e\n1M2uEGihcwUPiRGETE7vF8kUiS2Z4rtV2Q Sha256(1HqQBiqgFK6ChJ2Vq7kbWRCbc73cjyNXv5)\u003cbr\u003e\n1Kka5bgXvpHTNDsPmhLPHae2qcK9mLS2qS Sha256(1E3D7NabEX971uV2gXT47rWQwPm3zbmvd8)\u003cbr\u003e\n17hMEK4i8Nsi56huBU4i9N4Gjiw5G6X5iG Sha256(1Nk6a8ZfN86gaHJifcF8iGahx4scCKkwF5)\u003cbr\u003e\n1DT4Q4ocUFgekXvBqBM6kFmvQYB6Y4PnHo Sha256(19aNbfFfZEWwstuy97C1GsHHELNCxZSEYV)\u003cbr\u003e\n1CSMVivJfFynvbZRrLFHVGnehpXLUjdGRc Sha256(1p4gsrzTc3mFAgJKYqMzhm6UsJzhgy1KX)\u003cbr\u003e\n17SaWquajZZBRF5qz6HuXMRt6gvnrDyoqE Sha256(1C1KjGATUXP6L6nnGTAh4LQcnSyLt13XyB)\u003cbr\u003e\n16eePivj1nTVvLpBGkmFoeGxNyMU7NLbtW Sha256(1K79KaFs4D6wqz1wjP1QoYiY18fw8N3bZo)\u003cbr\u003e\n1PF2gQPPAwQDfTrSuNX6t8J381D7s3bGFu Sha256(1J9Gtk5i6xHM5XZxQsBn9qdpogznNDhqQD)\u003cbr\u003e\n1GSkK6KBVSycEU57iK6fRvSXYJ4dgkkuNt Sha256(1JZwnSQz64N3F9D3E24oS4oGhSxMWDsXYM)\u003cbr\u003e\n12eGusvkCcJb2GWqFvvE1BLDJ8pVX49fQv Sha256(197HxXUSehthdqXM6aEnA1ScDSCR7tQmP3)\u003cbr\u003e\n134Kia3XhZV6oXE4EUvjc1ES8S8CY7NioU Sha256(1PVn2gxgYB8EcjkpJshJHfDoBoG8BntZWM)\u003cbr\u003e\n1HMGSkDB9ZhRoUbSEEG6xR7rs9iPT2Ns5B Sha256(1E4yLggKcgHcpSKX336stXWgheNU2serVz)\u003cbr\u003e\n13qsbkaJM7TkA5F2dsvHeGVQ7kCo74eGxh Sha256(1FAv42GaDuQixSzEzSbx6aP1Kf4WVWpQUY)\u003cbr\u003e\n1Jsz6mahqVMJn2ayWzN6TfeWTti9tqfbSM Sha256(18AsiEQoLLKaF4Co1z4rxHyzJu9oqTVbFE)\u003cbr\u003e\n1BwjscJC3P47uW5GXR7tjeHkdXQk6CuAFb Sha256(1JuP7JXhHabGLVAqp9TJj5N171qLVHrcVq)\u003cbr\u003e\n17kYPYbELyVfMSYihD4YETJSZq5yCs3diM Sha256(1HzJPqLEpbeXiYhyoA8M8cuuds3FEAnw3B)\u003cbr\u003e\n1C9HtVz7H8NArfV613wQNHs4PrK2oLZEYh Sha256(1EGeEk4YUrXyDL4zNXpWdqJopoVxs2vExJ)\u003cbr\u003e\n16bEBNuc7JQ4QzyoFAkmxdVvW4wJqicjVN Sha256(12GvGqEQuQTW4Rr8dZ1o397KAYCMGWPYkq)\u003cbr\u003e\n141V8fK9Kuofit8AXh9SLV9N9bLTfftETA Sha256(15nXjzf8EXy8Lji3czM1HAVw14mEKoEiTw)\u003cbr\u003e\n19cMyj9KqVq78yZe32CNhgpyuGLMwM9X8S Sha256(17FaMY613bKfwhrdTv5PHnucSGTJBcw3k5)\u003cbr\u003e\n1CRq6nj3a7vXdJJN2YSWdW6fVwydr6kqWs Sha256(1J1ZPHbbEwgcwniH3F7AgBeFZxQXJoKCGf)\u003cbr\u003e\n1BVNt39u32LLkxMvBeBHXXNaTJqWe1Xcu5 Sha256(17iLALAyra1W5KSUjjkGN5LeUsWdeoQQx3)\u003cbr\u003e\n1Mpw88XWQzLTZnq1eNs5SegZYGJu5Epky8 Sha256(1LeuaozTUT5UJX6DD4Q1VJsHh6aHpZ3YRU)\u003cbr\u003e\n1LkwU9xbVroLkH9EvxDfmMnsCikQzaUv9S Sha256(16bEpxSc1FDyQDXR7ZYKbyyDDxzyaaCnNS)\u003cbr\u003e\n1D97u8Pet8YmNwKaCPUXLyi4zk1HnLF5RQ Sha256(137XrofaWZhaZW2uB7eDsPjcwCNMTXVLot)\u003cbr\u003e\n1KyUNmmJu3JjauVEZQUYLUEBg48GXXS1ii Sha256(17S3XjtEFXQoGdXnUjJJtGB1D7PTa9SsLZ)\u003cbr\u003e\n1HwxL1vutUc42ikh3RBnM4v2dVRHPTrTve Sha256(1FfmbHfnpaZjKFvyi1okTjJJusN455paPH)\u003cbr\u003e\n137XrofaWZhaZW2uB7eDsPjcwCNMTXVLot Sha256(1JvaK7jYWFNbDsJZLarXnq1iVicFW4UBv5)\u003cbr\u003e\n1FXi6kEJjnZUBqpwjVJKPsgVHKag86k6qq Sha256(1FEYXtchFFJft6myWc6PyxLCzgdd8EHVUK)\u003cbr\u003e\n1Gj2uRnxDztM7dTDQEUQGfJg4z5RtAhECh Sha256(1ESkNMa9Z37of4QdJmncvibrXxZ7suPjYm)\u003cbr\u003e\n1JhWnRjRm7AhbvSBtEifcFL8DkEKQiWRZw Sha256(13Q8rTtdGUUt8Q8ywcEffj4oiNrY6ui3cu)\u003cbr\u003e\n131XQfvE7E1NzdRQnE8XFmtkxWVRXTsb9q Sha256(1FLeb3zCVG63NYAMBiUoqKYgW1tUwgMMfF)\u003cbr\u003e\n167dyxowdWwBdofck3WuAwvUpVfn2ewx8Q Sha256(1FFAdm2BWoCfTkTwFLJ4o3b5xG7cuRxbWb)\u003cbr\u003e\n1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9 Sha256(1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1)\u003cbr\u003e\n14XAGCAeUxieSzvGK3TX915PJLvX54n2Pd Sha256(17XQfW1R66aRBNYyJMwzn7zLf3D6sZgda3)\u003cbr\u003e\n1M5jhEDKQCYbMCXHgcRUmaxwqYmcbrEfGD Sha256(1AixDffKCd1cV1tz1sp8fwJQDEAYCWzQcR)\u003cbr\u003e\n1HPnYqbMvV4bGRcpSP28mMyekhjKiudcFY Sha256(1C91NNyzXE1dBC4dDKjx6y5VnhihifrpCY)\u003cbr\u003e\n15XWgB1biKGd1JyuYecobfFtfBcVt6Jnok Sha256(1268xJ8iYUdRxK2vArkyoa5es6bR99hjhR)\u003cbr\u003e\n1NHvPBaxKFuDec27mWcyCf7szUUvNnfimK Sha256(1LdgEzW8WhkvBxDBQHdvNtbbvdVYbBB2F1)\u003cbr\u003e\n1AoocdeZC64PaQ15Gbv1kXyYYnN8FWXAST Sha256(1Et9zapAxsBLJ3bvY7LDTuHif5cH7mZiBE)\u003cbr\u003e\n1NWCqz8nr8ZRZt1zEKidyWcZDyNtK3THps Sha256(17Xok12pBFkXxNcE8J4gTSm3YKkatyX4ad)\u003cbr\u003e\n1Lv6T9RegiNHpES1DHu6AasDcUqp2SeqLb Sha256(1LDqitspsYaiLH6AMW5EzJYuZG5vTGzRNg)\u003cbr\u003e\n16FKGvEtu5KPMZqiTK4yjmsSZsJLyxz9fr Sha256(1CRWfJdgVrfKLRS4G3vTMRhEQrCZZyHNMo)\u003cbr\u003e\n14JpZ9Bogo4p83xt6cKS1Fh1rLSFRat8PN Sha256(1FBxoyGYaC9GEKLokfyrHUbZyoZmmm1ptJ)\u003cbr\u003e\n1BEYFim8uoJ7FAZG6m1E1hqLwKjfVwnWU1 Sha256(1PfcpvjYUGu4yvpkEHmAKgDXtsLfSNyzvV)\u003cbr\u003e\n1P9ZZGDG1npYd4d7jiCfPya6LQGkF5sFm7 Sha256(1LFGKkDZ21FZVsBh1A1S5Xr6aXuV3x9N4k)\u003cbr\u003e\n1JvaK7jYWFNbDsJZLarXnq1iVicFW4UBv5 Sha256(1LdkWzq9DxopPkY1hCmQ3DezenP5PQLNC3)\u003cbr\u003e\n15RjQKt6D4HBn87QqgbyvhKFNDDjXncp8Y Sha256(1PhmMsdwamJA6soKw5mNMXxzGomHEHWY5P)\u003cbr\u003e\n1G7B5eVnAQgeuGrKxcRnrmEqPLsjRkgnVF Sha256(1D97u8Pet8YmNwKaCPUXLyi4zk1HnLF5RQ)\u003cbr\u003e\n192qwAD31JB9jHiAwaTDkd6teb2hLAkY3b Sha256(1PhqA75qNM23aH9zV3uWvUhDbdwcab6q5L)\u003cbr\u003e\n13mbvCyxCYvATNzranCkQdpCT19VGpMFZa Sha256(1F3sAm6ZtwLAUnj7d38pGFxtP3RVEvtsbV)\u003cbr\u003e\n1HJx3CqdaHAX6ZYRBHDvM5skg2Vh7GeZBD Sha256(1KrutzZZ7rth6D9wasfGz2oy9R6k1RCL9n)\u003cbr\u003e\n1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe Sha256(1CVunYyUpeCFcGAYdHrDNrXcQFBVU8gyo9)\u003cbr\u003e\n1KiGdZ9TUeWyJ3DyHj7LQLZgjvMHd6j2DZ Sha256(18SV4DVmytRDYB5JBAFkewUbVAp6FRpi5c)\u003cbr\u003e\n13FzEhD3WpX682G7b446NFZV6TXHH7BaQv Sha256(1E1rSGgugyNYF3TTr12pedv4UHoWxv5CeD)\u003cbr\u003e\n1LVRWmpfKKcRZcKvi5ZGWGx5wU1HCNEdZZ Sha256(1CVPe9A5xFoQBEYhFP46nRrzf9wCS4KLFm)\u003cbr\u003e\n1HhNZhMm4YFPSFvUXE6wLYPx63BF7MRJCJ Sha256(145Sph2eiNGp5WVAkdJKg9Z2PMhTGSS9iT)\u003cbr\u003e\n1G6qfGz7eVDBGDJEy6Jw6Gkg8zaoWku8W5 Sha256(18EF7uwoJnKx7YAg72DUv4Xqbyd4a32P9f)\u003cbr\u003e\n1MNhKuKbpPjELGJA5BRrJ4qw8RajGESLz6 Sha256(15WLziyvhPu1qVKkQ62ooEnCEu8vpyuTR5)\u003cbr\u003e\n18XAotZvJNoaDKY7dkfNHuTrAzguazetHE Sha256(15SP99eiBZ43SMuzzCc9AaccuTxF5AQaat)\u003cbr\u003e\n1HamTvNJfggDioTbPgnC2ujQpCj4BEJqu Sha256(14nuZCWe76kWigUKAjFxyJLFHQyLTsKXYk)\u003cbr\u003e\n17iqGkzW5Y7miJjd5B2gP5Eztx8kcCDwRM Sha256(1MB3L1eTnHo1nQSN7Lmgepb7iipWqFjhYX)\u003cbr\u003e\n15M7QfReFDY2SZssyBALDQTFVV1VDdVBLA Sha256(16bjY7SynPYKrTQULjHy8on3WENxCmK4ix)\u003cbr\u003e\n1LgwKwv9kt8BwVvn6bVWj8KcqpP9JSP1Mh Sha256(1Q81rAHbNebKiNH7HD9Mh2xtH6jgzbAxoF)\u003cbr\u003e\n1pmZwNDZjpuAqW3LjYYQCEjbQYBtSxzWc Sha256(13PctMqzyBKi5CpZnbastHQURrSRrow4yj)\u003cbr\u003e\n1qA59Na3WysruJbCPoomryDRCtJ4f4aLu Sha256(1HBsFJ9VngvMjaKZjbFhNRaegkjF9NBEe)\u003cbr\u003e\n19QBydCuMiY7aRTbkP2tb3KQJUWkTrr5Xi Sha256(1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T)\u003cbr\u003e\n11EuerTwe9rxtT3T56ykX5K7J3AksPzU3 Sha256(14PnZgX8ZDABJZ8RnatkK7DQzdpkwRRPX2)\u003cbr\u003e\n13JNB8GtymAPaqAoxRZrN2EgmzZLCkbPsh Sha256(1LGUyTbp7nbqp8NQy2tkc3QEjy7CWwdAJj)\u003cbr\u003e\n1Ads6ZWgRbjSCZ37FUqcmk82gvup1gQurB Sha256(1NbBTJQ5azGEA1yhGnLh39fE8YoEbePpCm)\u003cbr\u003e\n1LWU4SbnqnfctAMbtivp2L98i8hSSCm7u7 Sha256(1MVqDAJo8kbqKfTJWnbuzvfmiUXXBAmX3y)\u003cbr\u003e\n12B1bUocw8rQefDcYNdckfSLJ6BsUwhRjT Sha256(1Pjg628vjMLBvADrPHsthtzKiryM2y46DG)\u003cbr\u003e\n12GZz1D1kdX3Fj7M87RFvqubam8iGrK77R Sha256(1Lu49ZKmGoYmW1ji3SEqCGVyYfEw7occ86)\u003cbr\u003e\n13wY5CtwQhd7LYprEpFpkt1g9R7ErMkAwT Sha256(1NPSWKXdnHa17NWTU3J6nVkyogZjmAh7N6)\u003cbr\u003e\n1Kc324Y6UUMffeYdtuXgzVC28Kx3U8cqQk Sha256(1HAQB99WfrV2ttRjttUPMzRi4R1uC2ftMy)\u003cbr\u003e\n1Gwz14Cty45h3hZ4nCEno6jSdxtQn5bc7h Sha256(1PDgY5PkpBNCZVWKKAq3cbGyqvwwN91z4g)\u003cbr\u003e\n1L2a5n9ar7e2v3Wz6NDFnxisigvR6urGaY Sha256(1KxUVU9DKfdaTLMnXBLS5BZRf56cFnRosk)\u003cbr\u003e\n1KwUfu3gGk7n8Wz969tAztvvM4Mp4ZY57s Sha256(12XuaKzEheWbFJBno9QiV6kPCWrnWpUYTK)\u003cbr\u003e\n13JNB8GtymAPaqAoxRZrN2EgmzZLCkbPsh Sha256(1LGUyTbp7nbqp8NQy2tkc3QEjy7CWwdAJj)\u003cbr\u003e\n12fcWddtXyxrnxUn6UdmqCbSaVsaYKvHQp Sha256(16SH69WgJCXYXWV58sxjTxonhgBh5HCZTt)\u003cbr\u003e\n1MkaTR3642ofrstePom5bbwGHbuQJmrnGD Sha256(1BynBc2YUAoNcvZLWi24URzMvsk7CUe2rc)\u003cbr\u003e\n114LdauSAu2FTaR2ChPsPTRRhjYD9PZzn2 Sha256(144BV4Y7tgnetk5tDKAYTGS4mjprA75zJz)\u003cbr\u003e\n1NzWscae8v3sKmTVJYwq8yhkizK8hUS5qP Sha256(1ENCBKFsqxJVCqR2TS1WfDV3rDi6zA8J6Y)\u003cbr\u003e\n1FjEL7TBazaJN7WyND4uwq9wiaWDzfizkP Sha256(1PeCGFsJgqz8CcjGugGq5bPBiRDXUZHLUH)\u003cbr\u003e\n1FP8j4zUPoJkpKwYpd8zYGHVaKygRHzx3d Sha256(1ERdvKTCxP1gZvdNndLKtYotW7qpR3xhuQ)\u003cbr\u003e\n16nXouTPm5gVedr4Betb8KRWLSBtmXGUbD Sha256(16oTV1jZPJ5wm3QLhN96xVF7DchihmpL1k)\u003cbr\u003e\n15ZwrzrRj9x4XpnocEGbLuPakzsY2S4Mit Sha256(1Ca15MELG5DzYpUgeXkkJ2Lt7iMa17SwAo)\u003cbr\u003e\n \nMy bot moved coins from the last two addresses only.\u003cbr\u003e (No one has claimed ownership from 16nX).\u003cbr\u003e All other transfers were the result of other people who either figured this out or are the ones who planted the bad addresses themselves (since 2014).\n \nAnd these are some recent examples of private keys that are based on other information from the blockchain itself (as stated, may be completely unrelated but still happening on a regular basis).\n \n1LUqqMzaigWJTzaP79oxsD6zKGifokrh7p c193edeeb4e7fb5c3e01c3aebd2ec5ac13f349a5a78ca4112ab6a4cbf8e35404 txid\u003cbr\u003e\n1FQ9AneLGfhFf9JT5m5sg5FaYFeJrGmJhS 00000000000000000045fa3492aee311171af6da7d05a76c6eaadab572dc1db9 Block Hash\u003cbr\u003e\n1DhcPvYWBGwPFEsAJhXgdKtXX7FFGGeFVS 00000000839a8e6886ab5951d76f411475428afc90947ee320161bbf18eb6048 Block Hash\u003cbr\u003e\n198MRUHD2cvgUTBKcnroqmoTSs4b8xyLH9 7dac2c5666815c17a3b36427de37bb9d2e2c5ccec3f8633eb91a4205cb4c10ff Markel Root\u003cbr\u003e\n19FHVnoNYTmFAdC2VC7Az8TbCgrSWSP1ip 000000000000000000db717b4c076da2d1b9ff8ddbc94132e3a8d008a0fb62b9 Block Hash\u003cbr\u003e\n1Lr2yEny7HYJkXdFgJ2D8zHyNH1uHMi4w4 2bedfd92a6136566bb858b2f0d223744a41a987c468356d069acc86f45bf68ac txid\u003cbr\u003e\n1QBbjKxRk1jP36WYpFkJjgzhvVSDBMWjy2 f1599a1ced833d95a54aa38a1a64113d5f0a4db3cb613ef761180cab57155699 txid\u003cbr\u003e\n1BFYNokepXjbb9Han2AGfSTNKNNU9vgAAn 533da7e41bd99550f63f152ef1e613f1a78e3bed12788664d536c6ec42b5e0aa txid\u003cbr\u003e\n1MJtsgDNrrFWS3qxtrPr6BnQUdp1qPjyEm 216fb568589629b115b0ed8fc41fdf3219d9ab804c6ce5e53fbc581a88427c3f txid\u003cbr\u003e\n14syDBvpGXS6PtWytkDJF2QACvSggEZ277 a7f4def1c7ff07d17b5dd58fc92f18ee2dbee6dc7654fd30a8653bd9d848f0a0 txid\u003cbr\u003e\n1QBbjKxRk1jP36WYpFkJjgzhvVSDBMWjy2 f1599a1ced833d95a54aa38a1a64113d5f0a4db3cb613ef761180cab57155699 txid\u003cbr\u003e\n1BkHAUcfrZLRLyXHiBn6XRoppPqSzuf8hE 805cd74ca322633372b9bfb857f3be41db0b8de43a3c44353b238c0acff9d523 txid\u003cbr\u003e\n1CNgVFjAwHT7kc6uw7DGk42CXf1WbX4JQm 53d348ca871dc1205e778f4d8e66cfdadbd105782dba6688e9a0b4bdee4763e4 txid\u003cbr\u003e\n1HjDAJiuJ8dda919xwKBqphhEwBVGfzMGt 0aad1b00a5227d9b03d33329a5a11af75c75c878a064c69b276063cbea677514 txid\u003cbr\u003e\n1PDnrPSCw9eWTtJss4DhYoLTk4WUmZQdBi f87b08218888f97388218d3e2489962403f7eece98dd8b4733671edeb9ad1a7c txid\u003cbr\u003e\n1MJp4z3ig498hNATfgHBAnLFhwoZpvw118 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f Block Hash\n \nI think this information should be made public so that other backend systems plugged into crypto networks can guard against this sort of 'hide in plain sight' attack.\u003cbr\u003e As stated earlier,\u003cbr\u003eI honestly set out to look for buried treasure and stumbled upon someone else's exploit.\u003cbr\u003e Thanks to yt_coinartist's assistance in making this public.\n \ne8d064874c37ce44f13a880b93b548b83342c99e1530dd746322777f88397ed8\n \nGoing dark now....bye.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcuda8%2Fbitcoin_hack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcuda8%2Fbitcoin_hack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcuda8%2Fbitcoin_hack/lists"}