Verify a decision

{"actor":"system:backfill","investigation_id":"8820d3b8-cde1-46e9-8d06-d2227cb3096a","kind":"publish","page_slug":"1eu2pmence1ufifcco2uhjcdoqoratpt7","published_at":"2026-05-19T19:14:08.414Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"1EU2pMence1UfifCco2UHJCdoqorAtpT7","sections":[{"content":"The address 1EU2pMence1UfifCco2UHJCdoqorAtpT7 is a legacy P2PKH (Pay-to-Public-Key-Hash) Bitcoin address, identifiable by its leading '1'. According to blockchain explorer data indexed by Bitinfocharts and confirmed by Blockchair, the address holds approximately 9,999.99965367 BTC, with a total received balance matching its current balance — indicating zero outgoing transactions have ever been recorded. The address is therefore classified as fully dormant with no spending history. Its approximate USD value at the time of investigation exceeds $1 billion at prevailing BTC prices, placing it among high-value dormant wallets of interest to on-chain researchers and, allegedly, to malicious actors seeking to crack its private key.","heading":"Address Overview and On-Chain Profile","severity":"medium","sources":[{"credibility":2,"name":"Bitinfocharts — Bitcoin Address 1EU2pMence1UfifCco2UHJCdoqorAtpT7","type":"on_chain","url":"https://bitinfocharts.com/bitcoin/address/1EU2pMence1UfifCco2UHJCdoqorAtpT7"},{"credibility":2,"name":"Blockchair — Bitcoin Address 1EU2pMence1UfifCco2UHJCdoqorAtpT7","type":"on_chain","url":"https://blockchair.com/bitcoin/address/1EU2pMence1UfifCco2UHJCdoqorAtpT7"}]},{"content":"The address appears as item #87 in a GitHub issue titled '100 Rich Wallet Address Bitcoin For BurtForce BTC (CRACK)' filed against the repository Pymmdrza/BTCCrackWallet. The issue compiles high-value Bitcoin addresses — spanning legacy P2PKH, P2SH, and SegWit formats — and presents them as targets for automated key-collision and brute-force tooling. The repository's stated purpose is Bitcoin wallet brute-forcing. While successful brute-force cracking of a cryptographically secure Bitcoin private key is computationally infeasible with current technology, the address's presence on such lists indicates active attacker interest and that automated tools are being directed at it. Additionally, the address is indexed on privatekeys.pw, a site that catalogs Bitcoin addresses and associates them with private-key enumeration databases, further increasing its public exposure within communities engaged in key-recovery and cracking activities.","heading":"Brute-Force Target Classification","severity":"high","sources":[{"credibility":3,"name":"GitHub — 100 Rich Wallet Address Bitcoin For BurtForce BTC (CRACK), Issue #3, Pymmdrza/BTCCrackWallet","type":"community_report","url":"https://github.com/Pymmdrza/BTCCrackWallet/issues/3"},{"credibility":3,"name":"Private Keys Directory — 1EU2pMence1UfifCco2UHJCdoqorAtpT7","type":"other","url":"https://privatekeys.pw/address/bitcoin/1EU2pMence1UfifCco2UHJCdoqorAtpT7"}]},{"content":"The address carries a 'zachxbt' source tag within the AVOID.NET pipeline, indicating it was surfaced through ZachXBT's Telegram investigation channel or associated data feeds. ZachXBT (the pseudonymous blockchain investigator) regularly publishes findings on dormant wallets, flagged addresses, and theft incidents via his Telegram channel 'Investigations by ZachXBT.' However, exhaustive searches of publicly indexed Telegram posts, X/Twitter threads, and secondary reporting did not return a specific, verifiable post from ZachXBT naming this exact address as a brute-force target. The flag may derive from a private or non-indexed Telegram message, a pipeline ingestion of curated address lists cross-referenced with ZachXBT's broader research, or a post that has since been removed. This claim should be treated as low-confidence pending direct verification of a primary source post from ZachXBT's channel.","heading":"ZachXBT Flag and Source Tag Context","severity":"medium","sources":[{"credibility":2,"name":"ZachXBT — Investigations by ZachXBT (Telegram channel, public archive)","type":"social_media","url":"https://t.me/s/investigations"},{"credibility":2,"name":"ZachXBT — Wikipedia profile and investigation methodology overview","type":"other","url":"https://en.wikipedia.org/wiki/ZachXBT"}]},{"content":"The address format and its appearance in brainwallet and key-cracking tooling ecosystems raises the question of whether it may have been generated from a weak or guessable passphrase. Brainwallet addresses are derived by hashing a user-chosen passphrase with SHA-256, and addresses generated from weak passphrases are well-documented to be compromised within minutes of any deposit, as bots continuously scan for them. Research by Filippo Valsorda and others has demonstrated that commonly chosen passphrases are fully enumerated in publicly available cracking databases. The substring 'Mence' in the address is consistent with a vanity address — one generated to contain a meaningful string — rather than a pure brainwallet. Vanity address generation involves brute-forcing the private key space until an address matching a desired prefix or substring is found; this process is computationally intensive but does not inherently weaken the key. However, if the vanity generation used a flawed random number generator or reduced entropy (as documented in incidents such as the Profanity vanity-address vulnerability), the resulting private key could be significantly more vulnerable to targeted cracking.","heading":"Brainwallet and Weak Key Risk","severity":"high","sources":[{"credibility":2,"name":"Brainwallets: from the password to the address — Filippo Valsorda","type":"research","url":"https://filippo.io/brainwallets-from-the-password-to-the-address/"},{"credibility":2,"name":"Brainwallet — Bitcoin Wiki","type":"other","url":"https://en.bitcoin.it/wiki/Brainwallet"},{"credibility":2,"name":"Vanitygen — Bitcoin Wiki (vanity address generation methodology)","type":"other","url":"https://en.bitcoin.it/wiki/Vanitygen"},{"credibility":2,"name":"Wintermute Hack — CertiK (Profanity vanity address vulnerability precedent)","type":"research","url":"https://www.certik.com/resources/blog/wintermute-hack"}]},{"content":"Automated Bitcoin wallet brute-forcers — tools such as Plutus, BitCrack, and EnigmaCracker — operate by randomly generating private keys, deriving their corresponding addresses, and checking balances in real time. High-balance dormant addresses like 1EU2pMence1UfifCco2UHJCdoqorAtpT7 are attractive targets because a successful collision would yield a very large reward. Standard Bitcoin private key security (256-bit entropy via secp256k1) renders random brute force astronomically improbable — estimated at orders of magnitude beyond the age of the universe with all current computing power combined. Successful attacks in documented cases have relied on implementation weaknesses: reduced-entropy random number generators (as in the Milk Sad / libbitcoin bx incident involving 136,951 BTC), the Profanity vanity-address vulnerability exploited against Wintermute and others, and brainwallet passphrases enumerated via dictionary attacks. The risk to this specific address depends on whether its generation process had any such weakness, which has not been publicly confirmed.","heading":"Broader Context: Bitcoin Brute-Force Threat Landscape","severity":"medium","sources":[{"credibility":2,"name":"Detecting brute-force attacks on cryptocurrency wallets — arXiv 2019","type":"research","url":"https://arxiv.org/pdf/1904.06943"},{"credibility":2,"name":"The private key of 15 billion dollars in Bitcoin was accidentally cracked by the United States (Milk Sad / MT19937 RNG vulnerability) — ChainCatcher","type":"news_article","url":"https://www.chaincatcher.com/en/article/2213512"},{"credibility":2,"name":"Online Thief Cracks Private Keys to Steal $54M in ETH — Infosecurity Magazine (Profanity vulnerability)","type":"news_article","url":"https://www.infosecurity-magazine.com/news/online-thief-cracks-private-keys-1-1/"},{"credibility":2,"name":"How Hard Is It to Brute Force a Bitcoin Private Key? — Decrypt","type":"news_article","url":"https://decrypt.co/43093/how-hard-is-it-to-brute-force-a-bitcoin-private-key"},{"credibility":3,"name":"Plutus — Automated bitcoin wallet brute-forcer (GitHub, Isaacdelly)","type":"other","url":"https://github.com/Isaacdelly/Plutus"}]},{"content":"No confirmed theft or private key compromise of the address 1EU2pMence1UfifCco2UHJCdoqorAtpT7 has been identified in publicly available sources as of May 2026. On-chain data shows the balance remains intact at approximately 9,999.99 BTC with no outgoing transactions. The address's current risk is classified as a persistent threat surface rather than a confirmed incident.","heading":"Confirmed Compromise or Theft","severity":"low","sources":[{"credibility":2,"name":"Blockchair — Bitcoin Address 1EU2pMence1UfifCco2UHJCdoqorAtpT7 (balance verification)","type":"on_chain","url":"https://blockchair.com/bitcoin/address/1EU2pMence1UfifCco2UHJCdoqorAtpT7"}]}],"sources_used":[],"summary":"1EU2pMence1UfifCco2UHJCdoqorAtpT7 is a legacy P2PKH Bitcoin address holding approximately 9,999.99 BTC that has never had any outgoing transactions, marking it as a dormant high-value wallet. The address has been publicly circulated in attacker-community repositories as a brute-force cracking target, appearing in GitHub issue lists of 'rich wallet addresses for BTC crack' alongside automated key-collision tools. No verifiable private-key compromise or confirmed theft has been documented as of the investigation date; however, the address's inclusion in brute-force tooling databases and its indexing on privatekeys.pw elevates its risk profile considerably.","timeline":[{"date":"unknown","event":"Address 1EU2pMence1UfifCco2UHJCdoqorAtpT7 receives approximately 9,999.99 BTC. No outgoing transactions are ever recorded. The exact funding date is not retrievable from public search indices; on-chain explorer direct access was blocked (HTTP 401/403).","source":"Bitinfocharts / Blockchair (search-result inference)","source_url":"https://bitinfocharts.com/bitcoin/address/1EU2pMence1UfifCco2UHJCdoqorAtpT7"},{"date":"unknown","event":"Address is indexed by privatekeys.pw, a site that maps Bitcoin addresses to private-key enumeration databases, increasing its public exposure to cracking communities.","source":"Private Keys Directory","source_url":"https://privatekeys.pw/address/bitcoin/1EU2pMence1UfifCco2UHJCdoqorAtpT7"},{"date":"unknown","event":"Address added to GitHub issue #3 on Pymmdrza/BTCCrackWallet repository under the title '100 Rich Wallet Address Bitcoin For BurtForce BTC (CRACK)', appearing as item #87 on the list. The issue is labeled 'documentation' but contains no technical methodology.","source":"GitHub — Pymmdrza/BTCCrackWallet Issue #3","source_url":"https://github.com/Pymmdrza/BTCCrackWallet/issues/3"},{"date":"2026-05-19","event":"AVOID.NET investigation initiated. Address balance confirmed at approximately 9,999.99 BTC with no outflows. No confirmed compromise found. ZachXBT-specific primary source post not independently verified via public search.","source":"AVOID.NET investigation (this report)","source_url":"https://avoid.net"}]},"v":1}