Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Collection of 18.509 found and used Brainwallets
by
HeRetiK
on 26/09/2018, 13:45:47 UTC
Quote from: almightyruler on September 26, 2018, 04:33:25 AM
[...]

This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR

The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling.

It not only suggests bots, it also suggests that these bots iterate through rather impressive lookup tables.

Have you checked whether this particular passphrase has been part of a prior leak? You can check here: https://haveibeenpwned.com/Passwords

It would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own.


Quote from: Thirdspace on September 26, 2018, 01:15:30 PM
there were 4 transactions competing to sweep balance from 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR  [...]

There seem to be quite a handful of bots competing for the most common passphrases. This talk from 2015 estimates them at half a dozen [1], I wouldn't be surprised if matters have gone worse since then.

[1] https://www.youtube.com/watch?v=foil0hzl4Pg (around the 31:30 mark)