How hard is it to "mine" a Bitcoin receive address? \ stacker news ~crypto

How hard is it to "mine" a Bitcoin receive address?

367 sats \ 8 comments \ @joda 8 Jun crypto

zaps forwarded to @OpenSats (100%)

Sorry this is a genuine question; I'm not answering it.

I'm wondering if it's an attack vector for a wallet that has access to your x/y/zpub to "mine" addresses similar enough to yours that you wouldn't notice.

The attack might work like this: The wallet works fine for months. But in the background, the adversary is mining receive addresses that share, let's say the first ten and last ten characters (out of I think 38 distinct characters in a segwit address). I think this is more than most people check (I hear often "I look at the last few"). It then gives you a malicious receive address and collects on it. It fakes your "balance" in the wallet so you think you have it.

Alternatively it could wait until it detects you are consolidating, and above a certain threshold, then it does the address swap.

view all related items

127 sats \ 1 reply \ @freetx 8 Jun

The last 5 (?) digits of an address are a checksum. So best practice is compare first 5 chars of address and last 5 chars (ignoring middle chars)...if first/last match then its statistically strongly probable that the address is correct.

0 sats \ 0 replies \ @joda OP 8 Jun

Oh I should have known that. Makes perfect sense.

27 sats \ 1 reply \ @tomlaies 8 Jun

No no, it's a valid question. And shows that you already have a feel how phishing-esque attacks work.

The answer is that your attack description should fail when the wallet checks the malicious receive address. It should easily realize that it isn't derived from your secret keys.

Guessing public addresses helps an attacker nothing. Guessing secret keys would - but this would be far more unlikely than finding an individual piece of sand on earth: not gonna happen.

0 sats \ 0 replies \ @joda OP 8 Jun

The hardware wallet doesn't "know" that you are sending to yourself. As far as it knows, you're creating a standard transaction. Unless it checks for exactly this type of attack (are the addresses similar enough to be suspicious?)

26 sats \ 0 replies \ @fiksn 8 Jun

Generating an address with chosen prefix and/or suffix is done by randomly choosing a private key and checking what the outcome is. It's similar as mining: every character more is exponentially more expensive, you don't have any difficulty adjustments tho. According to https://github.com/kangaderoo/vanitygen vanity address generator it's like 45 seconds for 4 chars of course depending on your hardware.

The attack actually works in that way that a similar address as yours sends you some small amount and then when you next time try to send to yourself you mistakenly send to that address. Of course this address reuse is already a problem on itself. I doubt attackers use more than one hour to generate those.

There is a valid use case for having just xpubs for instance for your point of sale device. In that case a malicious wallet could indeed give out wrong addresses. But there is no reason to even mimic addresses similar to the correct ones.

10 sats \ 1 reply \ @sudonaka 8 Jun

If you are using a compromised wallet then you are using a compromised wallet. No “mining” required.

You can verify this by only using open source wallets and also generating a matching address list in multiple softwares

(BlueWallet and Sparrow for example)

0 sats \ 0 replies \ @joda OP 8 Jun

I am assuming a hardware wallet that is not compromised, with software that is compromised.

That is exactly what I do-- generate and compare lists. But I think the clever attack vector would be to wait for several months before the attack. Let the user start trusting the software, as they use up those first 20 or so addresses they compared.

I'm sure it's not a common attack vector. But I'm curious about the math of generating/mining similar addresses, how feasible it is and how much time and power it takes.

0 sats \ 0 replies \ @geeknik 8 Jun

Mining a Bitcoin receive address that shares specific characters with another address is not a feasible attack vector due to the immense computational difficulty involved. The cryptographic algorithms used in Bitcoin address generation are designed to prevent such collisions, making this type of attack impractical with current technology. Instead, attackers are more likely to focus on other vulnerabilities, such as phishing, malware, or exploiting weak passwords.