I am a high school senior researching blockchain technology used by Ethereum. As I became a cryptocurrency holder less than 4 days ago, please excuse my insufficient knowledgement in the following matter. I discovered 11 Ethereum addresses with vulnerable private keys. These addresses use manually generated private keys that are easily discoverable and accessible. One of these addresses contain approximately $22 worth of Ether (ETH), based on the current trading value. What should I do?
There are many public private keys that are “well known”. Usually bots sit on them and as soon as any money moves in to them they immediately take the money out. Since addresses are pseudoanonymous, there is no way to get in touch with the legitimate account owner, and anyone who claims they are the legitimate account owner may just be a scammer who also has the key.
TL;DR: there is no one to report these things to. Money in such accounts is effectively up for grabs.
Everything Micah said is true. I’ll add the small addendum that leaving a comment on Etherscan is pretty much the universal method for communicating with or about a pseudonymous address. Not that it’s guaranteed, but it’s your best bet for reaching others using the address. And of course it goes without saying that this communication is not private.