Bitcoin theft

A friend of mine had the misfortune of storing his bitcoins in Flexcoin, the Canadian Bitcoin Bank that was robbed of 800 bitcoins by a hacker earlier this week. Although of course, when I write "Canadian Bitcoin Bank", what it actually turns out to be is a company registered to a rented mailbox in the city of Edmonton Alberta, according to provincial records, with its sole director and voting shareholder one James Andrew Gray, who also gave the rented mailbox as his address. This according to Reuters.

The case is similar to Trade Fortress, another robbed Bitcoin Bank, that time in Australia, which lost 4100 bitcoins, allegedly to a hacker. Again, the "Bank" turned out to be a young Australian developer (I couldn't find out what his name was though).
It's tricky though to determine from a web page whether you're dealing with a teenager working from his parents' spare bedroom, or a large established company with proper offices in the bitcoin world.
However, even larger companies with proper offices don't offer any guarantees. Mt. Gox was supposedly one of those proper companies, but managed to somehow lose over 650,000 bitcoins. Again, information has since leaked out that the company didn't use bug tracking systems or source control for the code that it's developers produced, and the CEO was more interested in setting up a cafe that accepted bitcoins than running the exchange.
The only truly safe way of storing your bitcoins seems to be:

1. Get yourself a computer that's never been on the internet
2. Copy OpenSSL across to it using a USB stick
3. Generate a private key by tossing a coin 256 times, carefully writing down the result
4. Spend half a day checking you've typed the private key into your disconnected laptop properly, and generate a public key
5. Send your bitcoins to the address associated with the public key

And even that's not guaranteed.

This is, in my opinion, the biggest problem bitcoin faces.

Interesting addresses on the blockchain

The technical bit

A quick recap:

• Your bitcoin wallet consists of pairs of private/public keys.
• Each private key is a 256 bit number between 1 and about (1.15 times 10 to the power of 77). Note that this is slightly lower than 2 to the power of 256.
• The public key is generated from the private key using the "Eliptic Curve Digital Signature Algorithm", or ECDSA.
• The Bitcoin address is generated by a series of hashes (called SHA256 and RIPEMD-160), a checksum and finally encoding into Base58.
• The private key is used to sign any transaction transferring bitcoins from the bitcoin address associated with it to any other valid bitcoin address.
• The public key can be used to check that the private key signature of the transfer is valid; this is done by the bitcoin miners before adding the transaction to the blockchain.
• Once a transaction is added to a block in the blockchain it's finalized and can be spent (okay, in practice you need a few more blocks to add on afterwards to really finalize it - the block could be invalidated shortly afterwards. 6 further blocks is considered rock-solid confirmation).

So here is where the fun begins - lets take a test engineer approach to analyzing it.

What happens if you send bitcoins to a random address

If you simply invent a bitcoin address, like 1NyUkGNxZ1RoKmRUPYJBgouS1nJneDX6, the checksum shows that it's invalid, so the coins won't be sent.

If you accidentally pick a valid address, the coins are gone - no one will ever be able to spend them. The odds of someone having the private key to a random valid public bitcoin address are lower than you finding a specific grain of sand that was briefly stuck to your foot on the first day of your first beach holiday abroad.

The bitcoin address associated with a private key of 0

If you pick 0 as your private key (e.g. through programmer error) then the ECDSA algorithm returns a public key of 0400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000. The bitcoin address generating algorithm, when applied to this public key returns an address of 16QaFeudRUt8NYy2yzjm3BMvG4xBbAsBFM which at the time of writing this post has a balance of 0.01 bitcoins.

This sum can never be redeemed, as 0 isn't a valid private key and can't be used to sign the transfer transaction.

The blank bitcoin address

If you apply the bitcoin address generating algorithm to a public key that is null (i.e. the empty string), it returns a valid address. This could happen if there's an error in your software that doesn't pass the correct public key on to the bitcoin address generating algorithm in your code. The valid address returned is 1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E. This currently has nineteen transactions paid into it to a sum of almost 70 bitcoins - worth nearly 45,000 USD at the moment.

Unfortunately these coins can never be redeemed - there is no private key that returns a blank public key.

Obvious private keys

Here are some private keys with addresses that had a balance at some point, that I found.

Key 1, address 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm has had about 4.2 bitcoins over the years. There are several people monitoring it and transferring any balance within seconds if any is paid in.

Key 126, address 163bgHt747rfMKf7tM6XEoCzhKbvrYgZ6N had a small fraction of bitcoin paid into it once.

Key 2²⁵⁶-1, address 12M4QznuNZH2BRVbLK8SKvNqGTPJpCpST7 has had about 0.005 bitcoin. Technically speaking the key is invalid - it's too big, but in practice all code performs a modulo operation on it to reduce it's size.

Key (biggest valid ECDSA key), address 1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m has also been used a few times.

Brain wallets

Some bright spark noticed that if you take a SHA256 hash of some text you get a 256 bit number, which can be used as a private key. So people started using phrases as passwords to "carry" their bitcoins around in their head. Unfortunately brute-forcing these kinds of passphrases is far too easy, so I wouldn't recommend it. Here are some passphrases that have addresses which had balances at some point:

Key SHA256("password")

Key SHA256 ("password1")

Key SHA256("correct horse battery staple")

Key SHA256("you don't win friends with salad!")

Key SHA256("bitcoin is awesome") - 500 bitcoins taken from this one, that's a third of a million dollars today

Key SHA256("satoshi nakamoto")

And that's it for today.

Satoshi has been uncovered ... again.

Once again there's an article proclaiming that the mysterious founder of Bitcoin has been discovered. Amusingly, this candidate actually has the given name Satoshi Nakamoto, but now calls himself Dorian Nakamoto. However, the evidence is all circumstantial - the 64 year old man living in Temple City, California, could technically be the Bitcoin inventor; by all accounts he has the aptitude and the attitude, he was unemployed for five or so years leading up to the publishing of the original Bitcoin paper, and fell ill at about the time that Satoshi Nakamoto bowed out from developing the Bitcoin client further.

However, he denies that he is the founder, lives a relatively humble life, could do with the money that the million or so Bitcoins the real founder has presumably got access to, and his command of the English language appears to be much weaker than that of the writer of the original paper and bulletin board posts. Also, there's plenty of evidence that the real Bitcoin founder was paranoid about protecting his identity, so he's very unlikely to have used his own name in his dealings with the world.

My gut feeling is that he isn't the founder, although that may be wishful thinking on my part. But the coincidences add up to a fairly compelling story. I'd like to think that the real Bitcoin founder has thrown another red herring in our direction, and I'd be looking for a former associate of Dorian Nakamoto, who used the identity of his colleague as another layer of misdirection.

What do you think?

Update: even his own son describes Dorian S. Nakamoto as a bit of an "asshole". Perhaps the Bitcoin founder is indeed a previous co-worker who thought it would be an amusing to get a despised colleague to face a barrage of journalists.