Bitcoin Private Key Sweeper. Contribute to Rui-Santos/btc-sweep development by creating an account on GitHub.
Table of contents
If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again. Currently there are no rspec specific tests, they are coming.
Skip to content. Branches Tags. Nothing to show. Go back. Nothing to show. Go back. Launching Xcode If nothing happens, download Xcode and try again. Latest commit. Git stats 8 commits. Failed to load latest commit information. View code. Project on pause Currently no time to work on this repo, sorry : Installation Requires python-binance and simple-crypt installed: pip3 install --user python-binance simple-crypt. About Sweep your dusty coins on binance Resources Readme. MIT License. Releases No releases published. Packages 0 No packages published. I fixed my program actually tested it properly this time and let it run again.
My program detected more transactions 2 within the next 48 hours.
- auto btc spinner script.
- buy sell bitcoin in japan.
- bitcoin symbol on cme.
- gpu bitcoin cpu.
- btc legend scooter.
- btc convert to zar.
- Documentation Structure.
I coded my bot to ignore anything less than. I didn't want to tip off the anyone that I knew what they were doing if that was indeed the case. Another days passed and the next hit my bot detected was for roughly. For some reason, this was not transferred out immediately like the rest. By this time it was July 4th weekend. I let this one sit too and it took a full 7 days before it was moved not by me. It may have been the legitimate owner or a bot. We'll never know. I didn't realize it at the time but that last transfer was into an address for a private key not generated from another public address like the first one.
Instead, this address was generated from a transaction id! I had forgotten that I seeded my database with private keys generated with transaction ids as part of one of my earlier experiments. I didn't label them so I didn't know which were from Sha pub address and which were from transaction ids. I found some hits at the time but when I checked the balances for those accounts, they were all zero and I didn't think anything of it. Okay, someone was possibly using information from the blockchain itself to ensure private keys were discoverable for the addresses they were funelling bitcoin into.
Now it became even more clear. The malicious code sometimes used a recent transaction id as the private key for the doomed destination address. Follow the.
Crown Platform · GitHub
I have reason to believe there have been many over the years. This one only goes back to approximately March You can see in the history of this one address when they consolidated their ill-gotten gains into one transaction back to themselves. I let my bot run longer. The next hit I got was for block hashes that were used as private keys see Experiment 1. And remember my merkle root experiment? I believe those were also part of this. However, I have not linked those to this one particular collection address yet. In the end, I found a total of four different 'discoverable' private key methods being used.
I made sure my database was filled with every block hash, merkle root, transaction id and Sha public address for private keys and let my bot run. Transactions for all four types were showing up, again for tiny amounts which I ignored. By this time, I was watching BTC getting taken in small amounts regularly. Sometimes, I saw as many as 6 transactions fly by in one day.
On Nov 12, my program saw 9 BTC transferred into an address that my database had the private key for. I had searched for that address too to see if anyone was claiming ownership but I didn't see anything. Shortly after, I became aware of fitwear's reddit post claiming theft after someone noticed the prize amount had been topped off and linked the two events together. I contacted fitwear privately and returned their coins minus the small amount I sent to the puzzle address.
Together, we contacted blockchain. Their security team investigated but found no evidence it was their system that was at fault. I suppose it's possible his system was somehow compromised back in August and managed to import a key into blockchain.
Introduction
Or someone else logged into his account, imported the key, then waited. You wouldn't need to use Sha address or block hash or txid or merkleroot if you were malware or an unauthorized login. You would at least salt or obscure the key with some bit of knowledge only you know so that only you could derive the private key as mentioned earlier.
The fact that information from the blockchain itself is being used indicates it may be some transaction processing logic. Also, fitwear took extreme precautions you can read his reddit post for details. The origin of these poison destination addresses remains a mystery.
User account menu
If it's the case that some wallet generation code is doing this, then it may be the case that we're seeing 'change' transactions. When you create a wallet, there maybe 20 addresses generated. They are all supposed to be random keys. If this rogue code creates one of them in this manner based on the public address string of an earlier one , then at some point, your 'change' will get put back into it as the wallet 'round-robins' through the list. Did Blockchain. We may never know. See below for the complete list of other Sha based addresses that suffer from the same issue.
I believe this is happening for others. It's likely, that the small amounts usually taken are going unnoticed by the owners. What does this mean for bitcoin? Nothing probably. I believe the bitcoin network itself to be secure. The bitcoin network itself may be 'trustless', but anything humans touch around its peripheries is certainly not. So even with bitcoin, it still boils down to trust. To be fair to blockchain. The other 3 methods I described above could be completely unrelated.