[lordnacho]

Just a warning for people, I was playing around with BTC the other day and not generating random entropy from urandom, just putting in a short string.

I found my BTC was stolen immediately when I did this. It wasn't a lot of coins, since I was just testing, but it certainly cost me some debugging time as I wondered how the extra transaction had occurred.

Basically, someone out there has already generated the keys corresponding to short strings and is keeping an eye on any transactions on them. Maybe more than one group, who knows?

[tylersmith]

There are many of us with bots sweeping weak keys. Some of us give the coins back to a safe address, some people just keep it. It's like finding money on the sidewalk.

[null0pointer]

A lot of people are equating this to theft. While I can see their point, the concept of ownership in bitcoin is closely tied to control of the private keys. In this case many people control certain weak private keys so in a way you are giving your money away by sending to these addresses.

[ryan-c]

Taking money from someone who did not intend to give it to you is a dick move, regardless of legality or technical difficulty of doing so.

[tylersmith]

If it can be taken, somebody is going to take it. It can be people that intend to keep it, or could be a person to intends to give it back. If you left a bunch of money unsecured, which would you prefer? Not having it taken isn't an option if you use a weak key.

[baudehlo]

This is like admitting to stealing things from people who leave their houses unlocked. If you think that is all good then you need to re-evaluate your life choices.

[tylersmith]

You can try to create whatever analogy you want that makes it seem worse, but it's a fact that if you use a weak key somebody is going to sweep it. The only thing preventing it from being lost forever is people getting it first and returning it to secure keys.

[jacquesm]

No, it's like picking money off the sidewalk when someone drops their coins and then running away.

[tylersmith]

It depends on if they "run away" and keep it, or if they return it to the proper owner in a secure manner.

[molloy]

It's more like stealing from an unlocked locker at a public pool.

[tylersmith]

Not incorrect, but only if you assume the pool is available to every person on Earth and that no government has jurisdiction over things. In that case, I would personally take the items from the locker and leave information on how to securely retrieve them.

[ryan-c]

There are multiple parties doing this, at least tens of billions of keys in their databases.