Sleeping beauty Bitcoin wallets wake up after 14 years to the tune of $2B

I would say the odds are zero because that's the likelihood of being able to brute-force anything in the key space.

It's not zero. https://lbc.cryptoguru.org/trophies

It's close enough.

There are 200 million+ BTC wallets.

They've found 54 out of 200 million+ or about 0.00002% of wallets - in how many years?

How does the equation change with $100m of cloud or GPU compute as GP speculated? These are all hobbyists.

It changes that if you attempt to liquidate that much BTC, BTC crashes and you've got 90% less money than you hoped for.

Do you really think they have no notion of liquidity? Why would they attempt to liquidate it all at once?

Not true at all! Everyone knows there are holes in the crypto algorithms and implementations which agencies use to achieve any objective they may have. On top of that there are also holes across the software and hardware stacks of various implementations. Just because they run all the researchers and fund a lot of it does not mean there are no holes.

Especially now with AI, I wouldn't be surprised if an amateur kicked a bunch of tires and got lucky.

Just because they are not published, does not mean they are not using them, someone else found them and are using them. Or they just have the keys from back in the day.

Can't wait to follow this story as it unfolds. The other risk is Quantum... That is going to be real fun when it starts making leaps above Moores Law.

There needs to be a industry wide effort NOW! That researches and generates keys in unconventional ways, different than the ways they are being generated now. Because Quantum is a beast. Those keys will need to be Quantum proof, which means that even if the agent knows the algorithm that is used to generate the keys they cannot duplicate the keys that were generated the first instance it was run. Or you can start doing Hashing across fingerprint, eye and dna data. That is coming my folks!

They could also do a private party transaction to sell the coins outside of an exchange, in order to hide the sale and also hide the price of the tokens sold.

This is common practice in the stock market, called "dark pools" [0]

> Dark pools came about primarily to facilitate block trading by institutional investors who did not wish to impact the markets with their large orders and obtain adverse prices for their trades.

[0] https://www.investopedia.com/articles/markets/050614/introdu...

Just the fear of future liquidation would eventually severely crash BTC.

Like it's crashing now on this news?

It would take approximately 6B H100 GPU days to crack every active BTC wallet.

So if you had 10,000 H100s running, it'd only take ~1500 years.

You'd have a high probability to find key in under ~1000 years, though.

Even if I'm off by 3 orders of magnitude, it would take a decade and cost billions, and not make financial sense.

There's ~$188B in Satoshi era wallets.

While ~$8B is huge news, due to the potential that all ~$188B might be in play, when most investors probably expected it was not prior to this - or at least the probability was low enough to barely factor, it's unlikely to crash BTC.

Further, moving BTC is one thing. Showing signs of liquidation is another.

That much should be able to get liquidated intelligently without moving the market.

The vast majority of BTC transactions are done this way. Anything of any size is traded via OTC desks or other more private avenues.

Active addresses have less entropy too

if someone could brute force a key, they would target small inactive wallets , rather than big wallets and drawing attention to it

You dont understand bitcoin or the math or the cryptography ehind it.

yeah, people think it's the selling that makes the price fall. it is the anticipation . markets are forward looking

It depends how it's sold. Market orders would have more impact than OTC .

Outside, as in off the blockchain? That would mean that after the transaction, both sides would know the key to the wallet and there would be a race about who lights up a transaction first.

Can you look me in the eye and state that you understand Bitcoin and the math and the cryptography behind it?

Even if you do, there could in theory still be a way to narrow down the key space or find some other shortcut to a wallet key, even if nobody has figured it out yet.

*at most ... years.

People always forget those numbers are worst case scenarios. I mean, you can get luck on the very first guess too.

After the transaction, you can still send the bitcoin to the purchaser's wallet.

But since the purchase itself happens off exchange, there's no record of how much the coins were sold for, so no impact on market price.

If that’s the plan you can guess a number for free, no outlay needed.

If your guess is generated by a QRNG and many worlds is true, than one version of you is very happy although the expected value is 1.03×10−66 USD.

A large wallet that’s been dormant for years suddenly becoming active will tend to pressure the price lower from the implied increase in liquid supply and fear that the wallet will continue to distribute coins.

It’s not just the printing of transaction price that can affect the market.

People are actively doing it. Mostly using clore.ai on their 4090x bundles.

I used to work in the gpu rental space up to about a month ago.

I talked to multiple people dropping hundreds of thousands of dollars on looking for those keys.

I'd put house odds at say 20:1 that someone cracked it over someone holding for 14 years and deciding now is strike time.

Also if it's a true crack, then Bitcoin price could collapse swiftly if someone just snatched a wallet for 200k of compute or whatever.

That's always been the real existential risk. I talked about it as the DES problem over a decade ago. Let's see if this is it

Those people were wasting their money. They could be running those GPUs from now until the end of the universe and still have approximately 0% chance of finding a single used key.

Right. Those were the ones I talked to, just by random chance. It means that there are a lot of them.

This implicates a few things - (1) people win the lottery every day and (2) it's highly unlikely that the best techniques are publicly known.

Perhaps there's something that requires $1,000,000 in investment to yield a 1:100 chance of finding a particular targeted wallet using some clever shortcuts.

The other explanation is very implausible: a human sits on wallets without splitting up the funds or derisking exposure, has wallets with a billion dollars sitting it in.

Now I only have a few million, but even I have something like 6 brokerages and 12 banks. Even when I was a btc holder, I didn't keep over $100k in a single wallet.

The snatching theory requires no new revolutionary math, no substantial breakthroughs, just some clever people with a lot of resources and a goal.

Either explanation is speculative. I think the "lucky researchers at some University" theory is more likely then the "let's wait 14 years until this $1,000 becomes $1,000,000,000."

Especially because (1) we're not exactly at some high water mark and (2) if this was just a person with a wallet trying to do something like pay for life's uncertainties, you can do basically 100% of that with like 4btc.

However if you successfully snatched the wallet, you're on a clock before someone else gets it. This is exactly the kind of movement you'd be doing

Also if some old bitcoiner comes out and says "hey that was me", we're still up in the air. If I had snatched a billion dollar wallet, the first thing I'd do is payoff an old btc'er to claim its there's to prevent market panic.

This isn’t like lottery odds. The space of keys here is vast. Like unimaginably so. 2^256 is a lot of keys.

If someone had a faster method for breaking elliptic curve keys, fast enough to have a realistic chance on GPUs, the repercussions for that would be waaaaaay larger than merely stealing some bitcoin. This is the same math upon which nearly all digital security in common use today is based. It’d be full-on cryptopocalypse.

Because maybe this isn't satoshi waking up, but finally those kidnappers hit that poor guy in the latest "we found satoshi" documentary

It’s the quantum computer.

"larger than merely stealing some Bitcoin"

It's US$2 billion. I can't imagine a better way of monetizing such an exploit than to convert it into cash by using Bitcoin.

The US govt can't pay you US$2 billion without it showing up as a line item in the federal budget. That's like 20% of the NSA's funding. You'd have to get authorization from the President and hold some emergency session of Congress. Other governments would pay less.

Hacking the normal banking system is also challenging. If you steal US$2 billion someone is going to notice and simply undo the transaction because banking doesn't believe in "code as law".

You're looking at it wrong. There doesn't need to be a generalizable, embarrassingly parallel, computationally lower class, key reduction.

Just this specific implementation with these specific wallets maybe using a version of the btc code with a small recently discovered bug that existed say for 3 months in 2011

You can have something extremely localized and get this result. And this is exactly the behavior people have long game theoried would happen under such a scenario.

You're implicitly making the claim that just because you can't find something widely discussed in literature than any optimization of any kind is impossible and nobody would ever dare to keep an advantage in stealing bitcoin wallets secret.

Stuxnet is way less plausible than this yet that happened.

People have been trying to do this for a decade and have in aggregate thrown probably north of $100 million into it through separate efforts. The idea of someone finally succeeding is kind of expected.

Again the only claim I'm making here is that this is not only a non-zero chance, but, in my mind, an over 90%.

How do you get that?

BTC private key space is 256 bit. Let's say a billion wallets, that's 30 bits, so you need to check 226 bits to hit one wallet.

A H100 does about 1000 TFLOPS at the very most, that's 10^15 or 50 bits per second (generously assuming we can check on key per FLOP).

6B days of that will give you an additional 50 bits (6 = 8 = 3 bits, B = 1000^3 = 30 bits, day = 10^5 seconds = 17 bits).

Now we're talking 100 bits. But as discussed above, you need to check 220 bits to hit a key. There's still quite a gap.

For comparison, the entire Bitcoin network (using 1% of world electricity) does about 1000 EH/s at the moment, that's 10^21 or 70 bits per second (so, roughly equivalent to a million of H100, using the rough overestimating sketch above).

Per year, that's 70+25 = 95 bits. Still far.

the most likely weakness is in the ECC implementation. i don't understand the math (who does?) but what the debate over https://safecurves.cr.yp.to/ tells me is that very few people know what a "weak curve" is but people agree that they exist. this has always made me sketch on ECC in general, especially since it is also used in Tor. Another possibility is compromising the RNG used for creating the pvt sig? which since these are early addresses they would have been from a very early version of the software, and might have used a shitty RNG. If this is a crack it could definitely be state level actors (who has the US pissed off lately? who have they not?). Whether it is state/private the goal would be to extract as much real money as possible before creating a panic, so will be interesting to see where the money goes.

Just speculating here, but isn't it quite possible someone wasn't intentionally sitting on it for 14 years and instead just couldn't access it? For example, if they've been sitting in prison this whole time. Something like that seems (statistically anyway) more plausible to me than getting lucky on guessing a key.

FYI the “safe curves” charts are garbage self-promotion for his own crypto algorithms. I generally respect DJB, but he didn’t even try to be unbiased with that analysis.

I understand the math and crypto behind it to a degree. I don't profess expert knowledge however. But I know enough to know the GP is wrong and I'm happy to point that out. If I thought there was any value in correcting GP claim by claim I would do so. But in reality it will just end up in me wasting my time trying to educate someone who doesn't want to be educated, and if they did they could go and research the math and cryptography for themselves.

As someone once said, I can explain it to you, but I can't understand it for you.

Why? Are you hypothesizing that they used bad RNGs?

>I would say the odds are zero because that's the likelihood of being able to brute-force anything in the key space.

you are correct at first pass, but it's a fact wallets have been cracked many times, perhaps at least 100s of millions of dollars. The "keyspace" for the cracked wallet is a subset of the nominal keyspace - the much smaller space covered by either a flawed random number generator (RNG), or the whole brainwallet fiasco, or a RNG where a seed is crackable (e.g. milliseconds since 1970 or unix epoch - some cracks, whitehat, have used this method). That's all what we know in the whitehat space, surely other tricks exist in the blackhat space

Changing global politics (e.g. allowing the complete decryption of diplomatic messages) has a value and magnitude of impact that is not easily measured in dollar terms.