The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling.
receiver address 17WRjamo... and
1LdUHTEV... competing on utxo of 1GkGD48u... and 152DXcBq...
I think there is more to it than just some bots sweeping some addresses
did you also find private key for
152DXcBqGShpC7mBj4XZHQG9uGY9mUtZ8d ?
Not yet.
It not only suggests bots, it also suggests that these bots iterate through rather impressive lookup tables.
There would be some challenges with maintaining a database that has several billions (maybe even trillions) of records, but it wouldn't be impossible. You would need a BIG bloom filter (to minimise false positives), and a clean and fast key->value database with lots of storage.
Have you checked whether this particular passphrase has been part of a prior leak? You can check here:
https://haveibeenpwned.com/PasswordsIt would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own.
This password has been seen 1,164 times beforeTurns out it's not such a mysterious password after all; checking further, it appears in the password lists I downloaded. I thought my system had found it through mangling of lyrics (which it may have still done, independently). The password for 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR is "loveisallyouneed"