Possible private key exploit?

Is there any way to create a tx without the private key, just knowing the public adress? Not even for a “creative” miningpool, by somehow inserting manufactored txs into their own mined blocks?

I had a miner running with pool.gold for a month, during the time when they did a lot of strange things. A lot of miners complained. Thing is, that suddenly my miner outputadress was empty. I did let the miner run for about a week, just to watch the thief activity. So next reward was emptied after about 15hours efter next reward and then 7 hours efter next, and then 3hours. My guess someone was adjusting a bot. The last 5 rewards was emptied in the same block as the rewardpayment! Impressive, I must admit. Most likely robotized theft.

So… Back to the private key. The private key for the mineradress has never been compromised. Its a paperwallet, USB-printed onto paper from a VM without network that was deleted directly after. Doing the work from a chrombook as GUI.

So how possible would you say it is to commit this theft without having the private key?

If we can be sure there is no possibility, what so ever, to do the above without the private key, I can only think of two alternatives how the theif got the key.

  1. The paperwallet creation algorithm is exploited (downloaded it to the vm mentioned above).
  2. Framegrabbed my chromebook while creating the key (seems very unlikely).

Any Ideas?

Here you can take a look at theft: bitinfocharts explorer

It’s unlikely there’s a private key exploit. By checking the decoded raw transaction, you can find all the inputs are signed correctly (unless the crypto library also used by Bitcoin is exploited).

It could be, but still very unlikely. Assuming you downloaded the paper wallet from GitHub, the full commit history is there and you can verify that the privkey generation code has not been touched. So, if the privkey generation algorithm is exploited, coinb.in should share the same issue.

By saying “empty”, do you mean the coins in your wallet was emptied or the unpaid balance in the pool website was emptied before paid? I guess you mean the later case because the balance chart shows it’s keep increasing until the day it got emptied. I didn’t really get your explanation. Could you add more details?

Btw, did you ever spend any coin from the receiving address? Some of the wallet software may create a change address every time spending the coin. The change address still belongs to you but original address will be emptied.

I believe he is talking about the wallet address he was using for mining - so this refers to when the Pool already decided that the mining reward was mature and paid it out to his wallet.

I agree; it looks like someone who has the private key to this wallet began withdrawing. I don’t think they were adjusting a bot, however. It looks to me like they first decided to take the .72 BTG on December 25th.

Two days later they checked the address, saw that there were new funds, and took that, too. To me, it wasn’t 15 hours after the reward, it was just manually checked about 48 hours after the first transaction taking money. This looks like manual activity.

At that point, knowing that you were letting the miner continue to put funds in there, they started checking more often… and picked up the last reward 3 hours after it showed up in your account.

Then the thief got more technically creative…

QUITE creative. @h4x3rotab, take a look at those “0” transactions.

For example, this:


Is clearly a mined block being paid into many miner addresses:

That transaction includes payment into @Messiah’s address:

But at the bottom of the block, there is another transaction:

This implies, to me, that the person wrote a bot which is:

  1. watching the mempool for a transaction into the “GRTi7” wallet
  2. posting a payment out of “GRTi7” as soon as it’s spotted

This is the only way I can understand the wallet getting funded and cleared out in the same block!

The only alternative I’m thinking of would be that the pool’s payment system had been compromised and was intentionally doing all this, but that doesn’t make sense… If the pool were stealing funds, it would just pay the funds directly to a thief’s wallet, and it would be indistinguishable from normal mining revenue. They wouldn’t be intentionally creating a trail through another wallet if they could avoid it… and using someone else’s private key would not be necessary. This looks like a Thief got hold of the private key.

Consequently, it seems to me that the private key must have been compromised somehow.

My read (and I am not the authority here) is that this is an exploit that required the private key.

Somehow grabbing the image from your Chromebook may still have been possible. Is there a print spooler? Could that image, or some temp file, have been left behind?

Also, just speculating here, it’s also theoretically possible (but EXTREMELY EXTREMELY unlikely) that a brute-force experiment found your private key, such as the Large Bitcoin Collider project. Someone involved there might also be checking BTC key-pairs against the BTG blockchain, since every BTC key-pair has a corresponding address on the BTG and BCH chains.

Lastly, @Messiah, it’s not impossible that you’re actually a clever troll and playing games with us! :rofl: No offense intended, and I’m not leveling any accusation at you, but I’m trying to think of every possible way to explain what we’re seeing in the blockchain… because what you’re pointing out is really, really weird.

The blockchain is pretty much irrefutable - almost everything else is possible. :wink:

Hi again,

The “GRTi7” adress is my paperwallet used to place the BTG’s received from the pool. I’ve been involved in blockchain tech since 2011 and I have never seen anything like this. I’m not accusing anyone and aren’t really sad for the loss, more interested how this was possible.

I actually just created a miner to support the ideology behind BTG - which also was the reason why I created this special paperwallet, cutout and glued into a specific page in “Hitchhikers guide to the galaxy”.

The vm I use when creating paperwallets is a template WinXP VM, which I first copy - do the work, then destroy. This mean I have a exact copy of the situation when creating the paperwallet. And, No. I didn’t download it from Github - I just saved the URL onto the vm. Only the VMWare player to boot up the VM and have a look at it. I have established contact with the pool.gold developer (Martin Kuvandzhiev) which also are interested - and he told me that he will have a look at the vm, when he have time.

I’m have no knowledge how to analyse the paperwallet page myself (not a developer).

I started to write a document about the case (here), not to accuse anyone, but I find it interesting, that I did mention for the pool.gold support on a private slackchannel - that I used a paperwallet - just before the theft. Noone else did know this and IF there is a exploit in the walletcreator - then, how likely is it that someone is randomly trying out adresses searching for adresses who used the paperwallet exploit.

The reason for contacting the support, was because most of their data on the site was wrong and I was far from the only one reacting to this on their slack. More about it in the doc mentioned above.

I’m no troll - will verify myself on request.

And… The wallet has never been used for anything alse but to receive pool reward.
And… Printerspool… No, printing directly over usb from vm to laserprinter.

Sorry for the late reply. Though, still, I didn’t find out the reason why your coins are stolen, I answered some of your questions. I will repeat them again and link the code for my verification.

Firstly, the coins are usually mined to pool’s wallet, waiting for 100 maturity time and then send to your wallet. So when you receive some coins, it was actually mined 100+ blocks earlier.

Second, it’s valid to spend the coin from a just received transaction. To be more specifically, when the thief see a transaction to your compromised wallet in mempool, even if it’s not packed by any block yet, they can spend your coins in the same block before any confirmation.

So basically, everything is explainable if the thief somehow got your privkey. Looks like you have a good security practice but still I’ve no idea why your wallet got compromised.

Code: https://gist.github.com/h4x3rotab/fc5e16f98429f7eebe39de904977aa5b

So basically, everything is explainable if the thief somehow got your privkey. Looks like you have a good security practice but still I’ve no idea why your wallet got compromised.

So, what we can conclude, is that the private key must have been compromised.

I have made my simple WinXP vm downloadable here (size: ~3gb, 10gb unzipped) and its bootable using vmware player. This vm is the template used when I created the key, so if there is an exploit in the BTGwallet.online - then its downloaded into the folder GTB as “BTG-Creator.html”. This is an exact copy of the environment used when creating the key, so if there is an exploit - then it should still exist there.

I’n not a developer, so I can’t analyse this myself. And I understand if people have other things todo… However, I think its so very unlikely that the theif managed to framegrab the private key
from my screen during the short time I created the paperwallet. AND, why this BTG paper wallet, when I’ve also have created wallets with larger amounts of BTC on. Very unlogic.


Hi There, i am not an expert, but i spent time to read everything you did. It sounds like a weak entropy with use of preset variables so that the created addresses from that wallet script can be guessed by malicious party and checked later on for balances to steal.

Still, this is a hypotheses with no proof. However, knowing the pool.gold software running the pool, this is the only sane reason i can come up with.