All standard wallets generate 256 bit private keys. With algorithms like kangaroo, it takes only 2**128 operations to crack one of the 256 bit keys out there.
I have no idea how many hashes all the miners generate to this date but certainly it's less than 2**85. And mining is a global effort worth billions, can you find such a group of people to come together just to crack a single private key?
I wasn't clear on if some wallets used 128bit private keys or not but if wallets were actually using 128bit private keys and the public key was exposed it would take 2**64 operations to crack it. Which is doable based on puzzle #64. Initially This was a shock to me because i know some people use wallets with master private keys that are 128bit entropy but if the private keys derived from that seed are 256 bits then its no problem right? In this example the 256bit private key is derived from a 128bit seed so the 256bit private key is effectively 128bits of entropy. but I'm assuming the kangaroo method wouldn't be able to extend past the public and private key and take advantage of the 128bit seed.