The Large Bitcoin Collier (LBC) -not to be confused with LocalBitcoins – is a decentralized network of computers looking to utilize the collective computing power to find a collision of private Bitcoin keys. Its name pays homage to the Large Hadron Collider.
Essentially this project is looking to challenge the notion that it is “impossible” to break into a Bitcoin wallet via generating the coin’s private key by way of its public key. If ever successfully done, it could very well change the way that we think about Bitcoin. It would either sink the coin’s viability as a secure currency or prompt various developers to reassess the question of Bitcoin’s network security.
How Likely is This and Are My Coins Safe?
Considering that LBC has a trophy case of wallets they have cracked, we are not outside of the realm of this being a large problem in the future. LBC also claims that there is nothing illegal about searching for collisions themselves, and that some instances of breaking a wallet may result in financial gain for the pool or individual while still abiding within the law. LBC does, however, note that even taking the potential legal cut of a wallet’s contents still makes you an insufferable jerk.
Though the current number of successful wallet smashes is relatively low (probably even statistically insignificant considering the amount of bitcoin wallets), it raises alarms for me at the very least. However, encryption algorithms can always be upgraded, and frankly the threat of a widescale attack on wallets is great impetus to constantly rethink the network’s security.
While the chance of having your private keys smashed are low enough that no one really needs to worry too much now, there are some troubling things going on with LBC’s program code. Vice’s Motherboard recently did an exposé on a troubling discovery pointed out by a reddit user while pouring over the source code.
It would appear that several thousand lines of code have either been identified as malicious, dubious, or just plain unexplainable. The most worrying of all the discoveries as the actual backdoor built in for remote code execution. A debate/argument between the OP and the author of this code erupted and poured over on to bitcointalk.
The author argued that this was this was for removing a client from the disk, and implored the OP to suggest a better way than this remote code execution if they knew one. Though the argument was heated and many accusations were thrown, it was refreshing to see both parties restrain themselves from personal attacks and work together to discover the problem and its solutions. The previous lack of disclosure and disclaimer seemed to be the more offending aspect of the project.
LBC seems to have addressed these mains concerns by adding a warning on the site which discourages running this program on anything but a dedicated server or a virtual machine so that any remote code executions would/could not access or affect sensitive data. However they have not altered the code, so I agree that even if you trust LBC entirely, letting anyone potentially have full run of your files is worrying enough to stray away. Overall I would like to see this project or similar ones continue their efforts as a way to check Bitcoin’s security, however security concerns over who may have a backdoor into your computer leaves me wary and unconvinced.