BTC private key space is 256 bit. Let's say a billion wallets, that's 30 bits, so you need to check 226 bits to hit one wallet.
A H100 does about 1000 TFLOPS at the very most, that's 10^15 or 50 bits per second (generously assuming we can check on key per FLOP).
6B days of that will give you an additional 50 bits (6 = 8 = 3 bits, B = 1000^3 = 30 bits, day = 10^5 seconds = 17 bits).
Now we're talking 100 bits. But as discussed above, you need to check 220 bits to hit a key. There's still quite a gap.
For comparison, the entire Bitcoin network (using 1% of world electricity) does about 1000 EH/s at the moment, that's 10^21 or 70 bits per second (so, roughly equivalent to a million of H100, using the rough overestimating sketch above).
They could also do a private party transaction to sell the coins outside of an exchange, in order to hide the sale and also hide the price of the tokens sold.
This is common practice in the stock market, called "dark pools" [0]
> Dark pools came about primarily to facilitate block trading by institutional investors who did not wish to impact the markets with their large orders and obtain adverse prices for their trades.
Outside, as in off the blockchain? That would mean that after the transaction, both sides would know the key to the wallet and there would be a race about who lights up a transaction first.
A large wallet that’s been dormant for years suddenly becoming active will tend to pressure the price lower from the implied increase in liquid supply and fear that the wallet will continue to distribute coins.
It’s not just the printing of transaction price that can affect the market.
While ~$8B is huge news, due to the potential that all ~$188B might be in play, when most investors probably expected it was not prior to this - or at least the probability was low enough to barely factor, it's unlikely to crash BTC.
Further, moving BTC is one thing. Showing signs of liquidation is another.
That much should be able to get liquidated intelligently without moving the market.
Not true at all! Everyone knows there are holes in the crypto algorithms and implementations which agencies use to achieve any objective they may have. On top of that there are also holes across the software and hardware stacks of various implementations. Just because they run all the researchers and fund a lot of it does not mean there are no holes.
Especially now with AI, I wouldn't be surprised if an amateur kicked a bunch of tires and got lucky.
Just because they are not published, does not mean they are not using them, someone else found them and are using them. Or they just have the keys from back in the day.
Can't wait to follow this story as it unfolds. The other risk is Quantum... That is going to be real fun when it starts making leaps above Moores Law.
There needs to be a industry wide effort NOW! That researches and generates keys in unconventional ways, different than the ways they are being generated now. Because Quantum is a beast. Those keys will need to be Quantum proof, which means that even if the agent knows the algorithm that is used to generate the keys they cannot duplicate the keys that were generated the first instance it was run. Or you can start doing Hashing across fingerprint, eye and dna data. That is coming my folks!
Can you look me in the eye and state that you understand Bitcoin and the math and the cryptography behind it?
Even if you do, there could in theory still be a way to narrow down the key space or find some other shortcut to a wallet key, even if nobody has figured it out yet.
I understand the math and crypto behind it to a degree. I don't profess expert knowledge however. But I know enough to know the GP is wrong and I'm happy to point that out. If I thought there was any value in correcting GP claim by claim I would do so. But in reality it will just end up in me wasting my time trying to educate someone who doesn't want to be educated, and if they did they could go and research the math and cryptography for themselves.
As someone once said, I can explain it to you, but I can't understand it for you.
Those people were wasting their money. They could be running those GPUs from now until the end of the universe and still have approximately 0% chance of finding a single used key.
Right. Those were the ones I talked to, just by random chance. It means that there are a lot of them.
This implicates a few things - (1) people win the lottery every day and (2) it's highly unlikely that the best techniques are publicly known.
Perhaps there's something that requires $1,000,000 in investment to yield a 1:100 chance of finding a particular targeted wallet using some clever shortcuts.
The other explanation is very implausible: a human sits on wallets without splitting up the funds or derisking exposure, has wallets with a billion dollars sitting it in.
Now I only have a few million, but even I have something like 6 brokerages and 12 banks. Even when I was a btc holder, I didn't keep over $100k in a single wallet.
The snatching theory requires no new revolutionary math, no substantial breakthroughs, just some clever people with a lot of resources and a goal.
Either explanation is speculative. I think the "lucky researchers at some University" theory is more likely then the "let's wait 14 years until this $1,000 becomes $1,000,000,000."
Especially because (1) we're not exactly at some high water mark and (2) if this was just a person with a wallet trying to do something like pay for life's uncertainties, you can do basically 100% of that with like 4btc.
However if you successfully snatched the wallet, you're on a clock before someone else gets it. This is exactly the kind of movement you'd be doing
Also if some old bitcoiner comes out and says "hey that was me", we're still up in the air. If I had snatched a billion dollar wallet, the first thing I'd do is payoff an old btc'er to claim its there's to prevent market panic.
This isn’t like lottery odds. The space of keys here is vast. Like unimaginably so. 2^256 is a lot of keys.
If someone had a faster method for breaking elliptic curve keys, fast enough to have a realistic chance on GPUs, the repercussions for that would be waaaaaay larger than merely stealing some bitcoin. This is the same math upon which nearly all digital security in common use today is based. It’d be full-on cryptopocalypse.
It's US$2 billion. I can't imagine a better way of monetizing such an exploit than to convert it into cash by using Bitcoin.
The US govt can't pay you US$2 billion without it showing up as a line item in the federal budget. That's like 20% of the NSA's funding. You'd have to get authorization from the President and hold some emergency session of Congress. Other governments would pay less.
Hacking the normal banking system is also challenging. If you steal US$2 billion someone is going to notice and simply undo the transaction because banking doesn't believe in "code as law".
Changing global politics (e.g. allowing the complete decryption of diplomatic messages) has a value and magnitude of impact that is not easily measured in dollar terms.
I’ve spent the last 15 years working in cryptography. I’m now running a startup making quantum computers. I know my customers :)
Switching to one-time-pads is easier said than done. Upgrading to PQC will be complicated and difficult, and there is a lot of recorded historical messages.
You're looking at it wrong. There doesn't need to be a generalizable, embarrassingly parallel, computationally lower class, key reduction.
Just this specific implementation with these specific wallets maybe using a version of the btc code with a small recently discovered bug that existed say for 3 months in 2011
You can have something extremely localized and get this result. And this is exactly the behavior people have long game theoried would happen under such a scenario.
You're implicitly making the claim that just because you can't find something widely discussed in literature than any optimization of any kind is impossible and nobody would ever dare to keep an advantage in stealing bitcoin wallets secret.
Stuxnet is way less plausible than this yet that happened.
People have been trying to do this for a decade and have in aggregate thrown probably north of $100 million into it through separate efforts. The idea of someone finally succeeding is kind of expected.
Again the only claim I'm making here is that this is not only a non-zero chance, but, in my mind, an over 90%.
the most likely weakness is in the ECC implementation. i don't understand the math (who does?) but what the debate over https://safecurves.cr.yp.to/ tells me is that very few people know what a "weak curve" is but people agree that they exist. this has always made me sketch on ECC in general, especially since it is also used in Tor. Another possibility is compromising the RNG used for creating the pvt sig? which since these are early addresses they would have been from a very early version of the software, and might have used a shitty RNG. If this is a crack it could definitely be state level actors (who has the US pissed off lately? who have they not?). Whether it is state/private the goal would be to extract as much real money as possible before creating a panic, so will be interesting to see where the money goes.
FYI the “safe curves” charts are garbage self-promotion for his own crypto algorithms. I generally respect DJB, but he didn’t even try to be unbiased with that analysis.
Just speculating here, but isn't it quite possible someone wasn't intentionally sitting on it for 14 years and instead just couldn't access it? For example, if they've been sitting in prison this whole time. Something like that seems (statistically anyway) more plausible to me than getting lucky on guessing a key.
There are 200 million+ BTC wallets.
They've found 54 out of 200 million+ or about 0.00002% of wallets - in how many years?