The private key is multiplied against a specific generator point (G) on the secp256k1 curve to produce the public key.

After selling the vanity address to an unsuspecting buyer, the scammer simply waits for the victim to transfer funds to the address—then uses the retained private key to steal everything [19†L22-L25]. The scam is particularly effective because victims believe they are purchasing a unique, personalized address without realizing the seller still has complete control.