You can not hack the bitcoin, but you can steal it

Can Bitcoin Be Hacked?

Cryptocurrency—Bitcoin in particular—has seen a huge surge in popularity recently. This is partly due to a dramatic increase in the value of Bitcoin, which is currently trading at its highest ever rate of $8099.99 per coin. However, with all this fuss surrounding the digital payment system, people are starting to wonder, “Is my money really safe? Can Bitcoin be hacked?” The answer is not as easy as you would think. Before we look into the potential for Bitcoin to be hacked, though, let’s first break down what Bitcoin is and how it works as a global currency.

Investors all over the world are swarming to buy Bitcoin, prompting some governments to step in with severe regulations. The success of bitcoin fueled the rise of legions of followers, including hundreds of new cryptocurrency launches and a wave of startups predicated on blockchain technology. Nonetheless, with all the fuss and hubbub surrounding bitcoin, many investors are still unsure about the security of the currency itself. Can bitcoin be hacked? And, if so, how can investors work to protect their investments?

History of Bitcoin

Bitcoin was first introduced to the world in 2009 with the goal being to provide the world with a decentralized digital currency, not controlled by any one administrator (ie. government or bank). The system uses peer-to-peer transactions—between individual users rather than through a third-party—which are verified by network nodes and recorded on a public ledger, called a blockchain. The blockchain is constantly being revised by users as new transactions are being made.

Bitcoin and Security

Bitcoin was launched in 2009 as a decentralized digital currency, meaning that it would not be overseen or regulated by any one administrator, like a government or bank. Peer-to-peer transactions have fueled the rise of the digital currency world, and bitcoin has been at the forefront throughout. The blockchain is a public ledger used to verify and record these transactions.

The issue of security has been a fundamental one for bitcoin since its development. On one hand, bitcoin itself is very difficult to hack, and that is largely due to the blockchain technology which supports it. As blockchain is constantly being reviewed by bitcoin users, hacks are unlikely. On the other hand, though, the fact that bitcoin itself is difficult to hack does not mean that it's necessarily a safe investment. There does exist potential for security risks at various stages of the trading process.

Bitcoin itself is almost impossible to hack as the blockchain technology that forms the basis of the currency is constantly under review by other Bitcoin users. This means that it is no more at risk than other payment methods such as PayPal or traditional credit cards.

However, just because Bitcoin itself isn’t hackable does not mean it is completely safe to use. You have to look at the actual process of trading Bitcoin to find the vulnerabilities. Let’s take a look at some Bitcoin processes.

First, Bitcoins don’t just appear in your account as they are. Users are required to keep their Bitcoins in a Bitcoin wallet. In order to acquire Bitcoins, or exchange them for other assets, users must trade through a digital currency exchange. Popular exchanges such as Coinbase and Blockchain.com connect millions of users and cryptocurrency investors and this is where the true potential for hacking lies.

Bitcoin transactions at currency exchanges rely on two-factor identification in order to be processed. This means that, when processing a transaction, a notification is sent through to a linked cell phone number in order to validate that it is you that is requesting the payment.

Having your transaction linked to both an email and a cell phone number sounds great right? Well, that’s where the issue lies. Hackers understand that the human element is the most vulnerable, so they use snooping tactics to find out the cell phone number that is associated with a Bitcoin exchange account. Once an attacker has your cell phone number, they can pose as you to the cell service provider to get your number ported over to a device they control. They are now free to login to your Bitcoin account and change the password, denying you access to your account and giving them the chance to transfer your funds into their own wallet.

Unfortunately for users, it’s not only cell phone numbers that are easy to hack, home PCs are also targeted by hackers looking to make some easy money. According to Jonathan Levin, the co-founder of intelligence software firm Chainalysis, which specializes in tracking and solving cryptocurrency crimes, “Computer hacks, phishing attacks and cryptocurrency Ponzi schemes are all common types of cryptocurrency theft”.

This type of hacking is most often seen among users who use cryptocurrency as their preferred method of payment for online gaming, especially online casino gaming, as these types of websites often have insecure security methods and are thus at higher risk of being hacked.

Wallets and the Transaction Process

Bitcoins are held in wallets and traded through digital currency exchanges like Coinbase. There are various security risks inherent in each of these two components. Developers are always improving wallet security, but there are also those looking to access other peoples' wallets illegally to swipe their tokens and coins. In the transaction process. two-factor identification is commonly used as a security measure. Of course, having the security of a transaction linked to an email address or a cell phone number means that anyone with access to those components can authenticate transactions. If a hacker is able to determine some of your non-cryptocurrency-related personal information, he or she may be able to infiltrate your transactions in that space regardless.

There have been widely publicized frauds, scams, and hacks which have plagued individual investors and even major cryptocurrency exchanges in their short history. Part of the issue is simply that the technology and the space itself are new. While this makes cryptocurrencies like bitcoin incredibly exciting--and potentially very profitable--investments, it also means that there are those looking to capitalize on security holes before they are corrected. All bitcoin investors are advised to take proper precautions in order to best protect their holdings.

Protecting Bitcoin

So, how do you keep yourself safe if you still wish to use cryptocurrency as your preferred online banking method? Levin provides some basic pointers for users:

  1. Before you open up an account on Coinbase [or other exchanges], set up a unique email that you are going to use for that account.
  2. Make sure to set a really hard and long password, and you are the only one to access it from a piece of paper that you control.

Other tips from leading experts include:

  • Don’t talk publicly about cryptocurrency, especially on platforms such as Facebook which use your email to identify you.
  • Be on the lookout for suspicious activity on your cell phone and especially notifications of a SIM swap or port.
  • Don’t keep all your Bitcoin in one place – diversify your investments.
  • Keep the bulk of your Bitcoin in a “cold wallet” ie. an offline wallet not connected to the internet.
  • Try to avoid centralized Bitcoin exchanges, such as Coinbase, and use decentralized exchanges that do not hold users’ funds.


Remember, no banking method is every completely safe. By following these guidelines, though, you can minimize your risk of being targeted by a cryptocurrency thief.

Hacking bitcoin and blockchain

Both bitcoin and blockchain are vulnerable to attack. Here's what you need to know to protect yourself and why blockchain is becoming a foundational technology.

It is hard to turn on the television or read a tech blog without getting inundated with stories about bitcoin or blockchain. The biggest reason bitcoin is so popular is its nearly 2,000 percent increase in price over the last year, which made its underlying blockchain technology popular as well, even though blockchain is probably the better long-term bet.

Blockchain technology is poised to significantly impact our world. In early 2017, the Harvard Business Review suggested that blockchain "has the potential to create new foundations for our economic and social systems" [emphasis mine]. A January 2017 World Economic Forum report predicted that by 2025 10 percent of global GDP will be stored on blockchains or blockchain-related technology. If you don’t know about a technology that's predicted to be 10 percent of GDP in under a decade, you probably should start to learn about it.

What is blockchain?

Blockchain is a digital log file, cryptographically protected, that secures online transactions. First conceptualized in 1991, bitcoin was the first application to put a distributed, public blockchain into practice. A block is a digital recording of a transaction record, and whatever the blockchain participants agree is needed to validate the transaction. Usually it contains transaction data such as price, action (buy, sell, transfer, etc.), and a timestamp. Every transaction (or series of transactions) creates a block. Each future block contains a cryptographic hash of the previous block (these days the hash is usually SHA-256). In this way, each transaction block is cryptographically locked to the previous block.

If that blockchain is publicly distributed, like bitcoin is, then each participant can verify any transaction in the blockchain. You may not know how much money or wealth a participant has, unless that is included in the transaction record, but you can see the value exchanged between two participants and be able to verify its validity. Any participant can prove the ownership of a particular blockchain account by presenting cryptographic proof that would be very hard to fake (i.e., non-trivial in crypto-speak), but is easy to verify by all participants. The way blockchaining works can be likened to public/private key cryptography, where each participant has a private key that can create signed content that can be easily verified by all the other participants using a related public key.

You can have public, private, and hybrid blockchains, just like in cloud computing. You can create your own, use other blockchains from larger groups with shared interests, or even participate in a public global blockchain, like bitcoin. Although this is a relatively newer functionality, private blockchains can participate with public blockchains, and vice-versa.

Bitcoin to blockchain

Most people’s first introduction to blockchain was bitcoin, the popular cryptocurrency created by a person or group with the nom de plume “Satoshi Nakamoto” in 2008 (I’ll use the pronoun of “he” when referring to Nakamoto even though I believe it was probably a group and not an individual). Nakamoto didn’t invent the concept of blockchain, but he did introduce the concept of distributed blockchaining for decentralized ledgering and verification of transactions around digital currencies. This solved the inherent “double spending” problem of decentralized digital currencies without trusted third parties.

Nakamoto published a paper on metzdowd.com’s The Cryptography Mailing list in October 2008 called Bitcoin: A Peer-to-Peer Electronic Cash System. In 2009, he generated the first block of blockchain and software that anyone could download and cryptographically generate (i.e., mine) a bitcoin. The author of this article downloaded the software during the first few days and quickly generated three bitcoins.

Although the hype and promise of the eventual value of bitcoin was present from the beginning, the first “official” transaction valued 10,000 bitcoins for about $20 in pizza. Today, bitcoins are worth substantially more, over $16,000 at this writing, with regular, huge volatility swings. The substantial, rapid price increase has gotten the attention of investors and financial sector corporate CEOs, although not usually with affirmation. Many investors are likening bitcoin’s price increases to the famous Dutch tulip bubble in the 1600s, with some investors getting very rich while naysayers stay on the sidelines watching their friends get rich.

The way bitcoin, the software, and the distributed network is created, each slew of newly generated bitcoins makes it incrementally harder to generate the next bitcoin. So, what used to take part of day with one computer now takes thousands of specialized, hardware-specific “miner” computers combined into aggregated networks weeks to months to generate. Today, it takes so much electrical energy to generate bitcoins that the measures are compared to total global electricity use on a regular basis.

By design, it takes not only a huge amount of computing power to create a bitcoin, but also, even though not in the same realm of effort, a lot of computational effort to create and validate a bitcoin transaction. Further, each transaction adds to the size of the blockchain, which continuously grows over time (bitcoin’s blockchain is well over 100 GB), which must be generated and distributed to all participating parties to remain valid. Eventually, a maximum of 21 million bitcoins will be mined by 2140. This self-induced crypto-scarcity is part of what is fueling bitcoin's stratospheric price rise.

Bitcoin may be a bubble, but blockchain isn’t

While investors and financial experts fight over the value of bitcoins, no one is arguing over the value and legitimacy of blockchain. The world’s biggest firms have created teams and sometimes entire new divisions dedicated to blockchain. You can create and use blockchains in the cloud or within your own private business.

Companies promoting blockchain see a day when nearly every financial transaction is backed by a blockchain. Blockchaining can make very complex financial transactions solvable in seconds. One multi-national bank blockchain leader (Credit Suisse on CNBC television) said that the average leveraged buyout deal takes a month to finish financially. Using blockchains, he estimated the closing would take a few seconds. He told viewers to imagine how much more efficient blockchaining could make every complex transaction, freeing up workers and capital to be more productive.

Nearly every industry heavy with financial transactions, is rushing to find out how to implement blockchain within their businesses and industries. You name the sector, and blockchain is the hot topic. Computer industry cloud giants, like Microsoft and Amazon now offer myriad blockchain services.

Do a simple internet search on blockchain and you’ll be amazed at the millions of information links and services popping up since 2016. Bitcoin may be in a bubble, but blockchain is on its nascent rise and here to stay.

Hacking bitcoin and blockchains

Early on, many bitcoin and blockchain enthusiasts wondered if the inherent crypto nature of both was sound enough to withstand constant hacking. It didn’t take long to get an answer. Like everything else of value running on computers, bitcoin, other cryptocurrencies, and blockchains have come under frequent successful attacks. Hundreds of millions of dollars have been stolen, people have been cheated, and blockchains ripped off. Here are some of the hacks:

Bitcoin miner malware

Each mined bitcoin makes future bitcoins harder to create. It takes lots of electricity to run and cool the specialized “miner” computers. Electricity is the number one operational cost to a bitcoin miner. For that reason, many bitcoin miners “borrow” resources to mine bitcoins, either at their employer’s locations, or by spreading bitcoin-mining malware. Today, many of the biggest malware botnets are simply to mine bitcoin. Although their intent isn’t the worst, it’s still unauthorized use of a computer or device (they often hijack online video camera equipment and routers), and it costs the victim money. It also slows down the hijacked computers. You stop bitcoin miners like you do any other malware program.

Stolen value stores

Crypto-currencies often store their value in file stores known as wallets. Wallets can be compromised, manipulated, stolen and transferred, just like any other store of value on a computer. Worse yet, people often forget their protective PIN/passwords, or lose the hard drive where the store is located, and often that means the value store is forever inaccessible. Ransomware can cause the same issue. With a regular bank account, you can just use another computer to access your online account where your value sits untouched. Not so with wallets.

Most experts recommend keeping your value in an offline wallet that can’t be accessed by malware or hackers. This can also make it harder to use that value. The offline nature can add days of waiting to use or update the value store. If you use an online wallet, protect it with multi-factor authentication if possible.

Transfer trojans

There are crypto-currency trojans that sit monitoring your computer waiting for what looks like the format of a crypto-currency account number. When it spots one, it comes awake and replaces the intended account you are transferring value to with their account number. Unless you are very aware of the switch, it will be game over if you hit the Send button.

Implementation weaknesses

“In theory, there is no difference between theory and practice. In practice, there is." No one knows who first said this, but it first appeared in print in the 1986 book, Pascal: An Introduction to the Art and Science of Programming by Walter J. Savitch.

Like any crypto implementation, the cryptologic algorithm is almost always far more sound than the program that implements it. In general, blockchaining suffers from any vulnerability or weakness that you might subscribe to any cryptographic solution. A programming bug or lack of good private key security (or bitcoin wallets) can bring the whole thing down. Although this isn’t readily apparent, before you use a crypto-currency or get involved in a blockchain project, make sure the software programmers are applying secure development lifecycle (SDL) processes to minimize bugs.

There have been instances where hackers manipulated the crypto-currency software to steal value. In at least one recent case, the hackers made a coding mistake that not only didn’t allow them to steal any value, but sadly, corrupted everyone’s wallet beyond recovery. The thief didn’t get any money, but everyone was robbed nevertheless.

Known plaintext crib attacks

Good crypto makes the resulting cryptotext look like random gibberish. Theoretically, a crypto-attacker should not be able to figure out what the original plaintext looked like. With any blockchain technology, however, the format of the blocks is fairly well known or easy to figure out. Certain letters, characters, or numbers are always in the same places in every block. This allows crypto-attackers to “crib” a partial representation of the plaintext in every crypto protected block. Plus, every block is a function of the previous block. This weakens the overall protection of the underlying encryption cipher. If the cipher isn’t weak, it isn’t a huge problem, but it does give attackers a starting edge.

Weak SHA-256?

Many security experts wonder if SHA-256, which contains the same mathematical weaknesses as its shorter, very much related SHA-1 precedent, is a concern for bitcoin and blockchain (both usually use SHA-256). The answer is not right now. SHA-256 is strong enough for the foreseeable future. More importantly, since most of the world’s financial transactions and HTTPS transactions are protected by SHA-256, when someone breaks it, we’ll have far bigger things to worry about than just bitcoin and blockchains. Although if you’re planning to make a crypto-currency or blockchain, start planning for “crypto-agility,” which is the ability to replace ciphers and keep the underlying program.

Sites get hacked

One of the most common hacking threads surrounding bitcoin, but can be applied to any blockchain project, is how often the centralized website controlling it gets hacked. It’s very common, including one that last week that netted hackers $70 million in bitcoin. Far too many crypto-currency sites managing tens to hundreds of millions of dollars have been successfully hacked. When that happens, the bitcoin value people have built often disappears into the ether. Make sure to back up your value into an offline location.

Some of the biggest hacks have been ascribed to unscrupulous operators who run away with millions in ill-gotten gains. Make sure if you do business with a crypto-currency web site that the site is well secured and trustworthy. The FDIC is not going to bail you out if you lose your deposits, at least not yet.

Large, public blockchains are inherently more secure

One key concept to understand regarding blockchain security is that public, distributed blockchains are inherently more secure than private blockchains. To compromise a blockchain, an attacker must compromise over 50 percent of the participants or blocks, and do so faster than new blocks are created.

Because of that, large, public blockchains are inherently more secure than smaller, private blockchains. Small blockchains can be faster and easier to compromise, especially if all the related “secrets” are stored in one place or company. In fact, many security experts question if single-company blockchains are even needed. They say that blockchain's advantages only occur when they are distributed past a single security boundary. Still, you’re likely to see many private, small blockchains, simply because blockchains have the potential so solve complex financial transactions in seconds, and because smaller blockchains are likely to become components of far larger hybrid and public blockchains.

Every security professional should understand blockchaining and what it means to their current and future career. Even though they are based on very secure crypto, they are going to be hacked just like everything else.

Bitcoin Private Keys: Everything You Need To Know


What if you lost all of your bitcoins tomorrow? What would you do?

Let me stress this point:
“If you don’t own your private key, you don’t own your bitcoins.”
Yes, you read that right.

Even the most knowledgeable man on Bitcoin says:
“The private key must remain secret at all times because revealing it to third parties is equivalent to giving them control over the bitcoins secured by that key. The private key must also be backed up and protected from accidental loss, because if it’s lost it cannot be recovered and the funds secured by it are forever lost, too.”
― Andreas M. Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies
In my earlier guide on Bitcoin wallets, I have used two terms extensively- Private Address (or key) and Public Address (or key). These keys are what make Bitcoin the safest and most widely used cryptocurrency.

To understand private keys and public keys, let us look at an example.

Consider a mailbox where you receive your physical mail.

It has a unique and specific number (an address). If someone has to deliver you a letter, he/she must know your house/flat number to deliver it.

And as the receiver, you have a private address (or key) to unlock the mailbox and collect your belongings.

In real life, do you give your keys to someone unknown? No. Of course not.

You always keep track of your key and don’t jeopardize the contents inside of your mailbox.

Similarly, just like your house/flat number, anyone in the Bitcoin world can know your public address (Bitcoin address) to send you bitcoins. And to unlock (spend/send) those bitcoins, you would require your private address (or key) for which you need to take full responsibility, just like the keys of the mailbox.

I feel that understanding the underlying technical aspect of keys is important so that your remain better informed and educated enough to take care of them.

In the next section, I will tell some basic technical aspects of these keys.

What is a Private Address (or key)?

A private key is a secret, alphanumeric password/number used to spend/send your bitcoins to another Bitcoin address. It is a 256-bit long number which is picked randomly as soon as you make a wallet.

The degree of randomness and uniqueness is well defined by cryptographic functions for security purposes.

This is how the Bitcoin private key looks (it always starts with 5):

5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

What is a Public Address (or key)?

This is another alphanumeric address/number which is derived from private keys only by using cryptographic math functions.

It is impossible to reverse engineer and reach the private key from which it was generated.

This is the address used to publicly receive bitcoins.

This how the Bitcoin public address looks (it always starts with 1):

1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm

This address is always seen and broadcasted for receiving bitcoins. Users can make as many public addresses as they want to receive bitcoins.

What are Bitcoin private keys used for?

Private keys are used for making irreversible transactions. Yes, irreversible!

They are the key to spending and sending your bitcoins to anyone and anywhere. This irreversibility is guaranteed by mathematical signatures which are linked to each transaction whenever we use the private keys to send bitcoins.

And for each transaction, these signatures are unique, even though they are generated from the same private keys. This feature makes them impossible to copy. The user can confidently use the same private key again and again.



Moreover, the signatures are mathematically related to Bitcoin addresses. This math relation helps in confirming that the signatures are only of that particular account holder who wants to transfer bitcoins.

How do we keep private keys safe?

It is OK if you didn’t understand the above technical stuff.

You can still use Bitcoin as long as you keep your private keys safe.

These digital keys are crucial in the ownership of bitcoins. These keys are not stored on the Bitcoin network but are created and stored by the file/software (a.k.a. wallet).

A wallet stores these keys. There are a lot of types of wallets out there and some allow the private keys to be stored and guarded by the user.

Some keep the key safe on behalf of the user.

In a Bitcoin wallet, the most important thing is your private key because it will prove that the bitcoins you claim as your own are actually yours.

A Private Key is Just a Number

A Bitcoin private key is simply an integer between one and about 1077. This may not seem like much of a selection, but for practical purposes it’s essentially infinite.

If you could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all. Even worse, just enumerating these keys would consume more than the total energy output of the sun for 32 years. This vast keyspace plays a fundamental role in securing the Bitcoin network.

Because private keys contain many digits when expressed as decimal numbers, an alternative called Wallet Import Format (WIF) has been devised. This format begins with the number “5” and contains a sequence of letters and numbers. For example, here’s a private key represented in WIF format:

5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS

Given the importance of keeping private keys secret, they are sometimes encrypted. A popular method produces strings of text that look like WIF encoding, but starting with the number “6.” Decrypting a private key encoded in this way requires the password that was set when the private key was encrypted.

Transactions are Messages Signed with a Private Key

To prevent forgery, Bitcoin requires that each transaction bear a digital signature. This signature, like a private key, is just a number selected from a very large range. Wallet software generates a signature by mathematically processing a transaction together with the correct private key.

This system works because anyone with a transaction and its signature can verify the authenticity of a message. However, a transaction signature is practically impossible to fake. The only way to produce a valid signature for a particular transaction is to use the correct private key.

Unlike a physical signature you might write on a check, a transaction signature changes if the transaction changes even slightly. The way the signature will change is unpredictable, ensuring that only a person in possession of a private key can provide the correct signature.

Notice that the internal format of a transaction is less important than the idea that transactions are digitally signed messages whose authenticity can be quickly and cheaply checked.

Anyone Who Knows Your Private Key Can Steal Your Funds

Any valid transaction bearing a valid signature will be accepted by the Bitcoin network. At the same time, any person in possession of a private key can create a valid transaction. These two facts taken together mean that someone knowing only your private key can steal from you.

Many avenues are open to thieves who steal private keys. Two of the most popular are storage media and communications channels. For this reason, extreme caution must be taken whenever storing or transmitting private keys.

Software wallets usually store private keys in a “wallet file” on the main hard drive. Wallets often place this file in a standard, well-known directory, making it an ideal target bitcoin-specific malware.

To counter this threat, software wallets offer an option to encrypt the wallet file. Any attacker gaining access to your wallet file would then need to decrypt it. The difficulty of doing so depends on the quality of the encryption and strength of the password being used. Wallet files can be encrypted on many software wallets by adding a password.

Although wallet backups are a good idea, they can potentially leak private keys. For example, it may be tempting to save a backup of your software wallet to a cloud storage service such as Dropbox. However, anyone capable of viewing this backup online (which could be a surprisingly long list of people) would be in a position to steal some or all of your funds. A similar problem could arise through emailing backups to yourself or leaving a private key around the house. Encryption can reduce, but not eliminate the risk.

Preventing the accidental release of private keys is the main purpose of “cold storage.”

Addresses are Derived from Public Keys, Which are Themselves Derived from Private Keys

A Bitcoin public key results from subjecting a private key to a set of mathematical operations defined in a set of standards known as Elliptic Curve Cryptography (ECC). Whereas a private key is an integer, a public key is a coordinate composed of two integers. To make a public key easier to process, it can be transformed into a single value.

The relationship between private keys and public keys is an example of a mathematical trapdoor - a function that’s easy to perform in one direction, but practically impossible to perform in the opposite direction. This unidirectionality lies at the center of Bitcoin’s security model.

Just as private keys can be shortened to make them more usable with displays and keyboards, so too can public keys. An address results from applying a multi-step transformation to a public key. This produces a string of text and digits, usually starting with the number “1”.

Notice that no network is needed at any point in the generation of a private key or the corresponding address. Every computer on the Bitcoin network knows about the mathematical relationship between public and private keys. This enables each participant to select private keys and sign transactions independently of the Bitcoin network. The enormous private keyspace ensures that any properly-selected key will be unique.

Security Depends on Choosing a Good Private Key

Knowledge of a private key is the only verification needed to spend funds from a Bitcoin address. Private keys should therefore be kept secret. However, careless selection of a private key can lead to theft just as easily as its accidental release.

For example, imagine that we want to use a private key that’s easy to remember. The number 1 is both easy to remember and a valid Bitcoin private key. But how secure would it be?

The private key 1 generates this address:

1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm

If you follow the link, you’ll notice that the address has already been involved in over 1,000 transactions for a total of over 7 BTC within the last few years. If you wanted, you could easily spend any available funds at this address because the private key is known to you.

Now imagine you’re a thief determined to steal bitcoin. One strategy might be to compile a list of easy-to-remember private keys. Next, generate the addresses for these keys and monitor the Bitcoin network for incoming payments to one of them. When one arrives, immediately sign a transaction moving the funds to another address you control.

Contrast the ease of this scheme with a situation in which a private key was chosen by a perfect random number generator. With no clue what the key might be, brute force iteration would be the only option. As we’ve already seen, carrying out this plan is physically impossible.

What would happen if the random number generator were not quite random? For example, what if all output private keys were clustered about a constant value within a narrow range?

Any attacker aware of such a defect could drastically reduce the necessary search space. Under the right conditions, it would become practical to monitor all of the addresses based on the faulty random number generator and steal funds from any one of them at will.

The need to select a good private key becomes especially important with brain wallets. One method to create a brain wallet starts with a passphrase such as “to be or not to be”, then applies a mathematical function to convert this text to a private key. Applying the most popular conversion algorithm (SHA-256) to this passphrase generates the address:

1J3m4nneGFppRjx6qv92qyz7EsMVdLfr8R

As you can see, this address was used as late as 2016 to store funds, which were immediately withdrawn.

Unfortunately, it’s not always easy to tell what qualifies as an insecure brain wallet passphrase and what doesn’t. Attackers can exploit this uncertainty and the inexperience of new users to steal funds. For example, a thief might compile an enormous database of common phrases and passwords. Such a database might number in the trillions of entries or more, but would still be searchable in its entirety with little computational effort.

Compare this situation to the one with website passwords. If you register for a web service using a password someone else happens to have chosen, you don’t take over their account because your username must be unique. Bitcoin private keys are different in that they serve the dual role of user identification (via address generation) and authentication (via digital signatures).

Secure private keys are generated with a high degree of unpredictability so they can’t be guessed before or after the fact.

Private Keys are (Somewhat) Portable

For the most part, wallet software hides the process of generating, using, and storing private keys. However, private keys can become visible from time to time. When this happens, understanding private keys and how they interact with your specific software becomes important.

Paper wallets present the most common route by which private keys show up outside of software wallets. Although they come in a multitude of formats, the essential feature of any paper wallet is a printed private key.

Many software wallets support sweeping. A sweep creates a new transaction paying one of the software wallet’s existing addresses. This procedure may or may not empty the address associated with the private key. For more information on the dangers of manipulating bare private keys, see Five Ways to Lose Money with Bitcoin Change Addresses.

Should your wallet application begin to malfunction, its private keys can often be imported into another application. This rescue procedure provides the second main route through which private keys become visible to end users. A closely-related procedure consists of restoring the state of a software wallet through a backup file.

Bitcoin can be thought of as an open messaging system secured by public key cryptography. In contrast to other systems protected by username and password logins, Bitcoin is secured through digital message signatures created with a unique private key. This single point of access places a very high value on the secure generation, use, and storage of private keys.

Stealing bitcoin is not an easy task, but it is possible. No need Quantum Computer to do it!

Look at these screenshots below.....

Click the image above to enlarge
Click the image above to enlarge
Click the image above to enlarge

Yes, hacking bitcoin is almost impossible to do. But to steal bitcoin, by getting the right private key with non-zero balance, you even don't need to hack anything at all.

There are some websites that can show you the list of private keys with its balance (such as directory.io, allprivatekeys.com, bitcoinlist.io, etc). All you have to do is, getting the right page that will display the list of private keys which one of them has non-zero balance. Getting the right page is not an one-time trial, but it may takes hundreds of trials to get the right one. All the private keys are there, you just only have to find the right ones :)


After you get the private key with non-zero balance, then you can import it and transfer its balance to your wallet.

You can watch the video on how to discover the right private keys and how to import them into bitcoin wallet, by clicking here.

And don't forget to laundering / mixing / tumbling your "dirty" bitcoin, so you'll get the "clean" one.

You can read "A SIMPLE GUIDE TO SAFELY AND EFFECTIVELY TUMBLING (MIXING) BITCOINS", by clicking here.

Good Luck :)


Related articles: