pull down to refresh

... Containing all my UTXO's, does that enable him to pull any bitcoin off that adress?
Would'nt he need to sign any transaction using my hardware wallet?!
390 sats \ 2 replies \ @nout 26 Jan
Be really careful right now if you have someone telling you this. There are multiple ways how this could be a scam to trick you into giving them your seed or private key.
You may get fake email, or fake chat from a "friend" that tries to scare you.
In general no one can guess your private key unless you make some mistake and leak parts of your key (e.g. via using hacked software, storing it on your online connected device, etc). They can also try tricking you by modifying the website that shows how much bitcoin you have or similar.
In the case where you believe that they actually may be in possession of your private key (again that they in some way stole from you, hacked your machine, or you used hacked software...), first take a breath. Don't do any panic induced actions. Don't follow the steps they are telling you.
reply
Strictly hypothetically speaking.
reply
77 sats \ 0 replies \ @Murch 27 Jan
Strictly hypothetically speaking, if someone found one of the¹ private keys that match your address, they can spend your funds.
¹P2PKH, P2SH-P2WPKH, and P2WPKH use a cryptographic hash function with a 160-bit result to form the address. Since there are just shy of 2^256 private keys, for each of these addresses there exist about 2^96 private keys that can spend the funds. Luckily 2^160 is still an humongous number and a collision is astronomically unlikely given the key generation was reasonably random.
reply
reply
Are you the Murch from the third link?
I gather from this, that it is much more profitable to simply mine bitcoin, than to try the lottery on finding a collision.
Thanks, you make me sleep more right at night.
reply
Yep, that's me
0 sats \ 0 replies \ @gd 27 Jan
Generate a fresh seed, move all UTXOs to wallet on new PK.
reply
The chances of somebody "calculating" a specific private key for an address with funds is astronomically small, so small you can be broadly accurate in defining it as "zero". The chances of somebody who is telling you this being a liar is far, far more likely.
reply
If "someone" has your private keys he would've stolen your btc already. How sure are you that's real? If you have doupts just change to a completely different wallet (new seedphrase) asap.
reply
If they have a fitting private key, they can use it to sign the transactions. Hardware wallets house the keys generated via seed phrase generation, etc. This hypothetical person could have used your seed phrase to generate the private key on another hardware wallet. There is no mutual exclusivity between hardware wallets, meaning many can be loaded with the same private key derived from the same seed phrase.
Anyone more knowledgable than me, please correct me if I made any mistakes.
reply
deleted by author
reply
Hm, what's a way to fix this?
reply
109 sats \ 1 reply \ @C_Otto 26 Jan
Move the funds to an address that is under your control, assuming the attacker didn't already steal the funds.
reply
Everything is safe, no third parties "pushing" me to do something, I simply wanted to know.
reply
deleted by author
reply
Check. Check. Nah.
Say someone decides to see if he can calculate the private key related to my adress he found on some Blockexplorer... What can I do against this?
reply
31 sats \ 0 replies \ @ek 26 Jan
Say someone decides to see if he can calculate the private key related to my adress he found on some Blockexplorer... What can I do against this?
You do nothing but they probably start watching this video at some point:
reply
If that was possible nation state actors with virtually unlimited funds and computing power would be slurping up BTC left and right, and we wouldn't be here now.
reply
0 sats \ 0 replies \ @gd 27 Jan
If that was possible, the world’s infrastructure would be completely vulnerable to the same actor. Stealing UTXOs is not the way to make the most out of a way to crack SHA256.
reply