oh that's it indeed! Thanks.

So I understand now we take the inverse of S1 in this case, but is there a general rule as to when this happens? Is this when S goes beyond some boundary?

Thanks for pointing this out, I left it out here but it was present.

For the calculated key, these leading zeroes don't not seem to matter though. So it must be something else.

Hi,

I was studying the old vulnerability that was introduced by reusing a same R when signing with the same key. I am able to proof this works for a large set of examples.

However, I have these 2 example transactions:
fae3e414425f008196f9127a01dcea59e22ab66768ce5bcb4aba260993494de1
ab1deb8544de4bb1d3319e67b1bfc354601406d4a00ecbe8cbdd7674f96e9699

that both have spent from 14tVK2JhEPsZEL7yYzMNXDYQ6dG3FnzzEY with exactly the same R value.

I get z1 and z2 in the same way (using the unlock script instead of signature and putting scripts of irrelevant inputs to 0 length). the resulting values I get are:

r    :9ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d91758895b
s1 : 2da94e7cb83e17d307d46c80df4f3315b17af13c4a04ef352495f1442562a290
s2 : 43273c2390b15bbe7e4d38559b1d4e6c0d63aad2c586652ec423d851df065271
z1 : 068fbde1dd7e06f4e88ae63a50f8ee07eff41c4b9586cbef1235b83281ab145d
z2 : 015b14bdc6f69058bfa8dcdc0e8bcd1fc87f4303804f200bfa6aadf627a8d5f6

This however does not result (doing inverse((r*(s2-s1)),p)) in the private key linked to 14tVK2JhEPsZEL7yYzMNXDYQ6dG3FnzzEY. I'm curious as to why this example deviates from the rest and does not work as expected. I assume my math is wrong somewhere, but since it works for many other cases I'm a bit confused and especially curious if someone knows if my values are correct here or what obvious things I could be missing.

I agree that is a potential risk and I tried to tackle it by having a warning text above the forms button and making the site visually unappealing to normies, but I'm open for feedback if you see improvements.

I want to say thanks for the elaborations on my question, I think it's very valuable that this forum takes these meta questions serious and they are debated.

Thanks for being openminded. I can understand this tool can be controversial. However, there are different views on ownership of bitcoin.

One could argue that if you use this tool you already have access to the bitcoin linked to it, this just facilitates some automation.

Also there have already been discussions where some consider just having the keys equals legitimate ownership (your keys, your bitcoin) versus others who have a different view on this. I leave this viewpoint open for the user. The disclaimer is to point out I am not responsible for the interpretation of the user.

Regarding your question, indeed it is first-come-first-serve. I should probably add that info on the website!

I'm sharing a tool that will monitor bitcoin addresses and forward any funds coming in. (I once built it because my keys for which funds were still coming in were exposed). It could also be used for hunting brainwallets and alike.
Bitdrain will forward any current and future funds to your address of choice, minus the service fee.

http://drain2pjumug63psi2bwtix3ecrgjnbeuzq2mj3ewtm3derbip5sy5ad.onion/

To avoid being spammed with a massive amount of keys, the fee is significant and I also don't accept addresses that were never used.
As always, use this for your legitimate benefit or according to you moral compass.

Obligatory noob warning: don't enter your active non-exposed private keys here (or anywhere else online)

That's the post indeed. I posted it under project development, where I found most related content on private key hunting and alike. But maybe I should post it under service announcements. Thanks.

Still, wouldn't the post normally be moved instead of deleted?

Thanks for confirming this. I don't have any PM indeed.

I found the link back in my browser history: https://bitcointalk.org/index.php?topic=5374573.new#new
As you can see there is no post there.

I will try reposting it.

Yesterday I created a post about a service to forward bitcoin from exposed keys (called bitdrain).

Today I see my post is completely gone, but I also did not receive any kind of message. Was this post removed by the mods?

-> Why? It does not seem to be breaking any forum rule. One could argue about the potential to be abused but the same goes for any brainwallet hunting tools or bitcoin mixers which are discussed plenty..
It could be a scam and has no reputation? The nature of the tool makes it hard to prove not, but you can't build a reputation without starting from 0. Again, bitcoin mixers, trading and other tools discussed here have similar potential problems.

-> How? If mods want to censor a post, is it not normal practice to just remove the link, or at least give a notice to the op? I find it really odd there is no trace of the post or its removal.

If it was not moderated, is there a bug that caused my post to be lost?

I'm sharing a tool that will monitor bitcoin addresses and forward any funds coming in. (I once built it because my keys for which funds were still coming in were exposed). It could also be used for hunting brainwallets and alike.
Bitdrain will forward any current and future funds to your address of choice, minus the service fee.

http://drain2pjumug63psi2bwtix3ecrgjnbeuzq2mj3ewtm3derbip5sy5ad.onion/

To avoid being spammed with a massive amount of keys, the fee is significant and I also don't accept addresses that were never used.
As always, use this for your legitimate benefit or according to you moral compass.

Obligatory noob warning: don't enter your active non-exposed private keys here or anywhere else online