from Hacker News

All Bitcoin private keys are on this website

by bashy on 12/21/21, 10:24 AM with 363 comments

  • by theden on 12/21/21, 10:59 AM

    It's like passively playing the world's worst lottery in terms of odds, but hundreds of thousands of times every second. It's fun but the odds are astronomically low.

    I have a script[1] that generates a pub+private key and checks against a massive file of addresses with BTC[2]. The list of addresses is loaded in memory as a python `set` so checking is O(1), but I feel like optimisations at increasing the rate are futile, since no matter what you're basically rolling the die and hoping RNG lands on your side in your lifetime and your universe of all possible universes.

    1. https://github.com/theden/btc-heist

    2. https://bitkeys.work/download.php has a weekly updated CSV of all known addresses with nonzero BTC balance

  • by sirk390 on 12/21/21, 10:52 AM

    Just don't lookup your private key in there. This would be like giving it to the website

  • by Pawka on 12/21/21, 11:21 AM

    Reminds me pretty popular torrent from old times named something similar to "List of all IPv4 addresses - every hacker must have". Sadly I am not able to remember exact name and find it anymore.

    Backstory is that ~15 years ago when upload ratio was important some person decided to generate a list and upload a torrent with such click bait name just to increase his/her ratio. It worked well.

  • by anshumankmr on 12/21/21, 11:30 AM

    > Finding an active wallet is hard, but not impossible. Every time you open a random page, you have a chance of finding someone else's fortune.

    Good to know I have a 1/2^256 chance to find a bitcoin billionaire's wallet. This feels only slightly more ludicrous than the guy who lost his bitcoin in a hard drive and went looking for it in a dumpster.

  • by tromp on 12/21/21, 10:50 AM

    Curiously, after hitting a random page and >> twice, I came upon this page https://playxo.com/bitcoin/904625697166532776746648320380374... that had several keys in use in the past.

    I would expect this website, in the rare event of discovering some positive balance, to try spending it right away...

  • by tkw01536 on 12/21/21, 10:52 AM

  • by authed on 12/21/21, 2:08 PM

    What's up with this in the javascript:

            -1 !== a.indexOf("1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm,") && (a = a.replace("1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm,", ""), r("5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf", 0, 1213)),
        -1 !== a.indexOf(",1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m") && (a = a.replace(",1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m", ""), r("5Km2kuu7vtFDPpxywn4u3NLpbr5jKpTB3jsuDU2KYEqetqj84qw", 0, 19)),
        -1 !== a.indexOf("1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm,") && (a = a.replace("1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm,", ""), r("5KJp7KEffR7HHFWSFYjiCUAntRSTY69LAQEX1AUzaSBHHFdKEpQ", 0, 165)),
        axios.get(n + a).then((function(e) {
            keys.forEach((function(t) {
                o(3e3).then((function() {
                    var n = e.data[t.pub];
                    void 0 !== n && r(t.wif, n.final_balance / 1e8, n.n_tx)
                }))
            }))
        }))
        ,
        isOnFirstPage ? (a = keys.slice(1).map((function(e) {
            return e.cpub
        })).join(","), r("5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf", 0, 24)) : a = keys.map((function(e) {
            return e.cpub

  • by wirelesspotat on 12/21/21, 11:30 AM

    Soo what happens if you're incredibly lucky and stumble across the private key for an active wallet?

    If you transfer the funds out, isn't that just theft? Is "guessing" a private key any different from guessing someone's bank details?

  • by frisco on 12/21/21, 10:49 AM

    This raises a really interesting question. Though it’s essentially impossible to figure out the key for any given wallet… if you download the blockchain and generate private keys as fast as you can, how often do you find one that has a balance? Will there just be some ongoing very low but decidedly nonzero risk of all of your assets vanishing some day if you’re not using multisig?

  • by mnahkies on 12/21/21, 1:23 PM

    I was fascinated by a similar idea as a child, generating images of everything that has been, could be, or will be by exhaustively going through the possible combinations of pixels for some fixed size of image.

    Later realized that the number of combinations were impossibly large, although in some ways the models that generate photos of people that aren't real, etc are searching the same space just with a lot of direction on what they are searching for (as opposed to my math.rand implementation in Adobe flash that produced noise...)

  • by hjorthjort on 12/21/21, 12:07 PM

    Word of advice: don't go looking for your private keys. If someone was malicious they could log all fetched pages and scan those for keys with funds attached. The act of looking up a specific key is revealing information.

  • by mrorbitman on 12/21/21, 4:20 PM

    I get that it's statistically impossible to actually rob bitcoin using this site (by finding a "green" private key).

    But can anyone explain why I am able to find so many "yellow" ones (empty wallets that have previously made transactions)?

    I expected going in to _only_ find "red" (never used) wallets and was surprised to find that was very much not the case.

  • by yholio on 12/21/21, 11:30 AM

    This website contains all Bitcoin private keys in the same sense that a Turing complete computer can solve any programming problem, or the way that a suficient quantity of certain chemicals in the right environment will eventually evolve into all possible life-forms that will ever exist in the universe.

  • by jozo2 on 12/21/21, 12:57 PM

    This is like when you learned programming 20 years ago and realized that if you randomly generated a 300x300 pixel image you could get a nude picture. Exciting until you learned how to calculate the odds…

  • by ivanche on 12/21/21, 12:43 PM

    It reminds me of "All credit card PINs in the world leaked out! Here they are: 0000, 0001, ..., 9999".

  • by joshxyz on 12/21/21, 11:41 AM

    Is this the modern "i am feeling lucky" button? Hahaha

  • by sergioisidoro on 12/21/21, 11:38 AM

    Who made the website probably should have made an interception script. Or probably did...

    If any of the website users ever finds a viable wallet, just import the wallet right away server side and move all the funds :)

  • by james_a_craig on 12/21/21, 11:10 AM

    So, after a few minutes on the site, I found a half-dozen private keys with several transactions, but zero balance. Is the key-space so densely populated that this is expected? Edit: Never mind, I'd misclicked on the "last page" button, which has a page with a fair few transactions showing.

  • by hn_throwaway_69 on 12/21/21, 10:50 AM

    >Finding an active wallet is hard, but not impossible.

    Hard may be an understatement...

  • by rwoerz on 12/21/21, 11:08 AM

    An all private keys are in π... somewhere.

  • by bartkappenburg on 12/21/21, 11:04 AM

    For all dutch people in this thread: "the guy who knows all PIN-codes" [0]

    [0] https://www.youtube.com/watch?v=p54CXA2eilk

  • by globular-toast on 12/21/21, 11:26 AM

    If you actually did stumble upon a key with a balance, would you steal it? I think I would and I wouldn't even feel bad about it even though logically I know it's a horrible thing to do.

  • by avaika on 12/21/21, 12:22 PM

    So this is basically πfs of the crypto world, right?

    [0]: https://github.com/philipl/pifs

  • by hubadu on 12/21/21, 11:09 AM

    This one has a more condensed ui:

    https://keys.lol/bitcoin/random

  • by Lucasoato on 12/21/21, 12:08 PM

    Let's play a game just to visualize how unlikely this is.

    Do you know our universe?

    Nice, now choose a random atom. Yup, one single atom.

    Randomly guessing your exact single atom is just a bit harder than guessing someone's private key in that way... considering that the number of atom in the observable universe is between 10^78 and 10^82 and not considering that there are a lot of wallets around.

  • by iso8859-1 on 12/21/21, 1:40 PM

    What if my utxo is a taproot output? The page only shows base52 addresses. What if they are additionally locked with hash like Lightning channels are?

    The checker is bound to be unexhaustive because even with Bitcoins limited scripting, there are too many scripts to check. And with taproot it has gotten even cheaper to use complicated locking schemes.

  • by mogoh on 12/21/21, 1:12 PM

    All human knowledge is in /dev/urandom

  • by notreallyserio on 12/21/21, 6:23 PM

    Somewhat related: Every once in a while someone sends BTC to the wallet you get when you generate a private key based on hashes of the word "bitcoin"[0] and the empty string[1].

    0: https://www.blockchain.com/btc/address/1E984zyYbNmeuumzEdqT8...

    1: https://www.blockchain.com/btc/address/1HZwkjkeaoZfTSaJxDw6a...

  • by paradite on 12/21/21, 11:49 AM

    I had a similar idea a while back, albeit less profitable. It is to find all integers inside pi:

    https://pi.paradite.com/

  • by tompccs on 12/21/21, 1:12 PM

    At what point does brute forcing wallet private keys become more lucrative for miners than mining? Presumably you can use almost identical hardware too.

  • by divbzero on 12/22/21, 8:08 AM

    When it was proclaimed that the Library contained all books, the first impression was one of extravagant happiness. All men felt themselves to be the masters of an intact and secret treasure. There was no personal or world problem whose eloquent solution did not exist in some hexagon. The universe was justified, the universe suddenly usurped the unlimited dimensions of hope.” — Jorge Luis Borges

  • by metanomicon on 12/21/21, 12:21 PM

    Just curious. Legally speaking. If someone was to "guess" the private key to an account with hundreds or thousands of bitcoin, could they legally move the bitcoin and take control of it? Or is it just as much an act of theft as guessing someone's car door code and driving off with the car? I can't imagine there is any legal precedent for such a thing.

  • by brador on 12/21/21, 12:37 PM

    “This website doesn't actually have a database of all private keys, that would take an impossible amount of disk space.”

    Exactly how much space?

  • by bhouston on 12/21/21, 12:43 PM

    I completely expect in the next 10 years someone will steal Satoshi's private key for their huge horde of bitcoin.

    The incentives are huge.

  • by herve76 on 12/21/21, 4:16 PM

    I guess I got lucky with this one: https://playxo.com/bitcoin/904625697166532776746648320380374...

    How is it possible?

  • by singularity2001 on 12/22/21, 1:07 PM

    some even have transactions:

    https://playxo.com/bitcoin/1

    https://www.blockchain.com/btc/address/1PDSZN2qgFcuay1vVRxYo...

    is/was there a way to get vanity keys from the 'first page'?

    also last one:

    https://playxo.com/bitcoin/904625697166532776746648320380374...

    if a visitor to this site stumbles upon a jackpot, will the server be informed?

  • by zikduruqe on 12/21/21, 12:54 PM

    Here also. https://keys.lol

    Good luck.

  • by bjano on 12/21/21, 11:09 AM

    Couple years ago there was a similar site with the same idea about listing all private keys. If you "found" an active address it was immediately emptied. (I am not sure if it had a search bar or you had to edit the URL)

  • by swiftcoder on 12/21/21, 10:53 AM

    I'm curious whether anyone has ever actually stumbled on a wallet containing coins via this method of randomly walking all private keys. The odds are... not in one's favour

  • by syngrog66 on 12/21/21, 6:51 PM

    I predicted/realized something like this was possible, years ago, back when I first read the Bitcoin paper. The trick is that its a gigantically gigantic range of numbers

  • by jtbayly on 12/21/21, 4:01 PM

    Am I right in understanding that this is somehow checking every private key on the page against every single wallet with money?

    How can it do that so fast?

  • by Navarr on 12/21/21, 4:10 PM

    I suppose if you took Nakamoto's coins, you'd either get away with it or learn who Nakamoto is REAL quick

  • by rhn_mk1 on 12/21/21, 10:55 AM

    Are they though? What kind of a random number generator is being used? Does it have 256 bits of entropy?

  • by iamricks on 12/21/21, 1:59 PM

    If someone guessed your private key, mathematically, would you be the unluckiest person in the world?

  • by sudhirj on 12/21/21, 10:55 AM

    Obligatory reminder about the birthday problem - the probability that someone birthday is a particular day is 1/365, but the chances of two people in a group of 30 having the same birthday is very high - because the universe has so many combinations of people to work with.

    The chances of hitting a particular wallet you want to hack are 1/2^256 or some absurdly minuscule number, but the chances of hitting some wallet are higher because there are so many opportunities to get lucky.

  • by zild3d on 12/21/21, 4:35 PM

    Probably a dumb question but why are there links to 2 btc addresses for each key, not just 1?

  • by unnouinceput on 12/21/21, 3:30 PM

    Quote: "A private key is basically just a number between 1 and 2^256"

    Anyone who still uses 2^256 as key length deserves to have their bitcoins stolen. Form what I know modern wallets have their keys more like 2^4096, at least. Heck, even Satoshi did that with its wallet, you know the famous >1M bitcoins he mined at beginning.

  • by hankchinaski on 12/21/21, 1:15 PM

    relevant video that this reminded me of "Stealing Bitcoin with Math" https://www.youtube.com/watch?v=f2s3_UG9IPU

  • by jtbayly on 12/21/21, 12:52 PM

    Drat. I didn’t find any money.

  • by jhoelzel on 12/21/21, 11:08 AM

    the odds increase a lot though if you have millions of people all over the world using the site to generate pairs right? ;)

    yes yes i know its still a shot in the dark but a man can dream.

  • by Havoc on 12/21/21, 11:11 AM

    I'm surprised by the amount of wallets its hitting that have had transactions. Like ~5% perhaps.

    Would have guess a far lower number. Almost suggests bots would have perhaps luck at hitting a live one. Which seems somewhat counterintuitive.

  • by bellajbadr on 12/21/21, 11:37 AM

    It would be interesting if the code is open sourced

  • by Blackstone4 on 12/21/21, 12:49 PM

    What would quantum comouting mean for Bitcoin?

  • by Holamrjuan on 12/23/21, 5:20 AM

    If by any chance I come up with a wallet that has BTC in it, who do I transfer those BTC to my wallet ?

  • by albybisy on 12/21/21, 1:39 PM

    i want to find the private key of Satoshi Nakamoto wallet! Wish me luck :)

  • by discordance on 12/21/21, 10:51 AM

    Silliness. Yes… All private keys ∈ R

  • by s5300 on 12/21/21, 11:33 AM

    I found a used wallet on 1337, and also a few other funny number strings that quickly came to mind.

    Does this mean I’ve won the game?

  • by magma1983 on 12/21/21, 10:50 AM

    no, they aren't.