1
Recently, a marketplace was said to have been reusing deposit addresses, such that clicking the "get new address" button would immediately give the user a different address, however, the "new address" was sometimes already funded.
Needless to say, this is terrible OPSEC, but I'm wondering how such an issue could arise. Is it a faulty implementation of BIP32? This seems more likely than reusing keypool addresses for bitcoind, but I'm curious how this issue could arise.
Can you point to more details about the alleged incident? – Nate Eldredge – 2015-04-14T13:37:38.373
I usually try to avoid IDing these services but I think the background information is especially pertinent to the question. Here's the link to Reddit /r/DNM: http://www.reddit.com/r/DarkNetMarkets/comments/322yms/psaarticle_dont_deposit_to_blackbank/
– Wizard Of Ozzie – 2015-04-14T13:41:45.303