It is impossible to add to the algorithm a kangaroo so that it does not search by public key, but by address? Suppose this takes longer, but you can search for keys for addresses without an outgoing transaction. Or is the kangaroo algorithm not suitable for this?
For this case you have a VanitySearch.
To add further detail...
When the pubkey is known, all you have to do is find an efficient way (more efficient than brute force) to "reverse" secp256k1 and obtain the private key.
When the pubkey is unknown, you must also find a way to reverse two cryptographic hash functions (RIPEMD160 and SHA256). This is going to be near impossible, since when you feed data to a cryptographic hash function, the output does not resemble the input in any way. It's deliberately modified, mixed, and mashed together into a sea of random looking bits.
You would need to:
1. Break (ie discover and exploit an inherent weakness in the algorithm itself) RIPEMD160 to find an input of precisely 256 bits that matches the address you're trying to crack.
2. Break SHA256 to find an input of precisely 264 bits (for a compressed public key) or 520 bits (uncompressed) that results in the 256 bit value which was created from step #1.
3. That input value from step #2 is the public key. (It probably won't be the same public key used by the rightful owner, however, I think a collision at this point would be sufficient to claim funds?). But then you still have to crack the pubkey to find the 256 bit private key...
Step #3 is already computationally impossible.