Bitcoin users around the world can relax: reports indicating thousands of private keys were released into the public domain have been dismissed.
A site called directory.io caused a brief panic yesterday when it supposedly listed every bitcoin private key alongside its corresponding public address. Headlines around the web proclaimed bitcoin doom, with some speculation that bitcoin’s minor drop in value was a direct result. It was, however, quickly revealed to be a false alarm, and then, a joke.
Reddit user fiveturns, claiming to be behind the site, said:
“I’m the owner of directory.io. This isn’t an attempt at a scam. The first entry isn’t “fake”. It is a private key with the value of zero. The next private key is one, after that comes two etc.”
“All of these keys (apart from zero) are valid. It is simply a joke. Remember when you’ve been told that it is almost impossible to generate a key-pair identical to somebody else’s? This is a visual representation of that improbability. Look how many pages there are!” he added.
The site’s lengthy header should have been a giveaway: as fiveturns wrote, the site features a list of computer-generated private key addresses that correspond to nothing in particular. Thus, there is no chance of your address being in there.
[post-quote]
Directory.io is actually a worthwhile demonstration of how strong the Bitcoin protocol is, and the (incomprehensibly massive to non-mathematicians) numbers protecting it too. In all those pages, there isn’t a key that matches any existing bitcoin key.
A better guide on your chances of finding someone else’s private key can be found here.
Generating the directory.io list “could be done with a 50 line script,” according to one expert. While they are genuine bitcoin private keys, they are all empty. This was quickly discovered once users attempted to import the keys to their own wallets.
Essentially, every time you create a new bitcoin address you’re doing what directory.io did, on a much smaller scale.
While bitcoin addresses, or ‘public keys’ allow users to send money to one another more smoothly than email, it’s your ‘private key’ that determines how much bitcoin you have, and whether you have the right to spend it.
Private keys are (hopefully) guarded securely by wallet software or printed on ‘paper wallets’, as anyone who discovers that key can access all the bitcoins stored at its corresponding address.
Having your real private key published on the internet would indeed be catastrophic, especially if you’re holding a large amount of bitcoin there.
Losing your private key (either by deleting it or throwing it somewhere you can’t retrieve it) means the bitcoins linked to that address are gone too – both to you and the world.
It’s important to remember that, despite exchange heists, wallet shutdowns and individual hacking crises, the Bitcoin protocol has remained rock-solid since going live in 2009 and (as of December 2013) has never been successfully compromised.
The bitcoin wiki says it all:
“It is safe to say that the currency itself has never been ‘hacked’. However, several major websites using the currency have been hacked, often resulting in high profile bitcoin heists. These heists are misreported in some media as hacks on bitcoin itself. An analogy: Just because someone stole US dollars from a supermarket till, doesn’t mean that the US dollar as a currency has been ‘hacked’.”
Directory.io’s creator even managed to earn some bitcoin for the work, and posted:
“I did not create this to crash the price of bitcoin, and it didn’t. People keep calling this fake or not real. Most people know how to generate every single bitcoin key-pair in existence. This doesn’t make it insecure. It’s secure because doing so is impossible. This is what people need to understand.”
He added that his donation link was there “for people that found it funny – some people did :)”.
Security Image Via Shutterstock