BTC puzzle 66 was solved recently, then stolen by bots

Status
Not open for further replies.
pancakett

pancakett

BANNED
Joined
Jul 11, 2024
Messages
89
Reaction score
44
Took years to solve, due an attempted transaction the public key was exposed - which was then used by the bots to hunt the private key within minutes and steal the reward.

This was nothing out of the blue though, it was well anticipated that the reward would be stolen as soon as the public key was exposed - which is why the only gamble to take would have been to get a private miner to mine the block, not exposing the pubkey before the transaction went through.. unless the miner decided to do the same lol
 
Advertise on BHW
Bambalina said:
Does this pose any risks to miners?
Click to expand...
not at all, this has nothing to do with miners.. the 66 bit puzzle was anyway gonna be a pc of cake to solve once the public key was revealed, with the insane calculation speeds we are capable of nowadays through programs like kangaroo etc I was just pointing out that whoever solved it should have approached a private miner at least to not expose the public key before the transaction went through

In simple terms, when you initiate a transaction, the public key is attached to it in the block - with that, you can try and look for the private key much much faster if you know where to look - and with puzzles you know exactly where to look. This being only a 66 bit range it wasn't a tough nut to crack, given the pubkey.. let's say puzzles 120 and above etc even with the public keys they aren't easy, let's not even think about the full range cuz that shit is impossible.. all this actually demonstrates how insanely secure an average user's wallet is from theft - the number of keys to look through would be like trying to find a specific grain of sand in a galaxy kinda thing.

it's all interesting though, now the puzzle 67 is gonna be twice as hard and so on
 
but I want to ask that from the public key, the transaction code can find the sender's identity?
 
Bambalina said:
but I want to ask that from the public key, the transaction code can find the sender's identity?
Click to expand...
If you are asking if the user stays anonymous, not really.. not an average joe but the authorities can easily track down a person behind a wallet these days - with all the KYC requirements that majority of the people go through. To remain anonymous takes a lot of effort and 99% of ppl imo don't bother. Also tracking transactions, where the money is going and coming from is pretty transparent on the blockchain.. if nothing works, at some point a person has to interact with the money - use it.. that's even harder to do anonymously.

If anonymity is priority you might want to look into Monero, as far as I know.. that's the only thing that's true to what most ppl think crypto is in terms of staying anon
 
pancakett said:
If you are asking if the user stays anonymous, not really.. not an average joe but the authorities can easily track down a person behind a wallet these days - with all the KYC requirements that majority of the people go through. To remain anonymous takes a lot of effort and 99% of ppl imo don't bother. Also tracking transactions, where the money is going and coming from is pretty transparent on the blockchain.. if nothing works, at some point a person has to interact with the money - use it.. that's even harder to do anonymously.

If anonymity is priority you might want to look into Monero, as far as I know.. that's the only thing that's true to what most ppl think crypto is in terms of staying anon
Click to expand...
I have heard a lot about the anonymity of XMR, I wonder if XMR leaves traces when transacting like BTC
 
Bambalina said:
I have heard a lot about the anonymity of XMR, I wonder if XMR leaves traces when transacting like BTC
Click to expand...
There is transactional data, but to put it simply, unlike other currencies.. it is not linked to users and so the identities. You have heard right.
 
I dont agree that having the public key you can gain access to private faster, there was something else going on
 
Grelmoss said:
I dont agree that having the public key you can gain access to private faster, there was something else going on
Click to expand...
you don't have to agree, it's a fact. Brute forcing methods with public key offer 100x more speeds than those without. Hence the already known fact for quite a long time that once 66 got solved, and a transaction is initiated.. it will be stolen right away due to the accessible public key - which happened.

It is also the reason why many people are only attempting puzzles above the 100 bit range, cuz anything below has a good chance of being stolen once the public key is exposed.. people have already made bots who scan the blocks 24/7 so when these puzzles are solved and the user initiates a transaction, they can scrape the public key and crack the private key before that transaction is completed.. this isn't possible on the larger puzzles because the time it would take to crack the private key wouldn't be within the time frame of the transaction being completed.
 
Grelmoss said:
I dont agree that having the public key you can gain access to private faster, there was something else going on
Click to expand...
It could be that the miner who got the transaction stole it for themselves [using the same method] but again.. it anyway would have been stolen due to stuff I mentioned, this was well known within the bitcoin community for quite a while now.
 
There is no relationship between a private key and its public one in ECDSA, if they initiated transaction they already got the private key. Only thing could have happened, they frontrunned the transaction
 
Grelmoss said:
There is no relationship between a private key and its public one in ECDSA, if they initiated transaction they already got the private key. Only thing could have happened, they frontrunned the transaction
Click to expand...
dude why don't you just run kangaroo or keyhunt from github, using bsgs for puzzle 66 range with the [now known] public key and see for yourself, won't even take a few minutes to get the private key.

stop trying to be a 'know it all' and do some research before repeating stuff you read on the internet that you clearly don't understand.
 
  • Like
Reactions: BNB
FederalAgent said:
this can be played by paying a stupidly high tx fee so that stealing the transaction isnt feasible due to the high tx fee

say the reward is 1btc. you pay 0.999 as tx fee and you keep 0.001 btc lol
Click to expand...
lol yea basically you gotta make sure the transaction goes through asap before the key is cracked using pubkey.. I guess the solver didn't get the memo or was simply in denial, for quite a while it was well known that a traditional transaction would result in losing the reward now that the solvers are fast af [with the public key method] as well as the hardware itself.

cuz most ppl now anyway are only trying to solve at least 80 & above for this reason,
and some only going for the ones with pubkeys revealed, basically every 5th puzzle, solved till 125, next one being 130.
 
pancakett said:
dude why don't you just run kangaroo or keyhunt from github, using bsgs for puzzle 66 range with the [now known] public key and see for yourself, won't even take a few minutes to get the private key.

stop trying to be a 'know it all' and do some research before repeating stuff you read on the internet that you clearly don't understand.
Click to expand...
You're right sorry lol I didn't knew that you have to guess part of the private key, I've just read about the puzzles.

The real question now is how did they know when scanning for the pub key that was the right one? Bruteforcing each transaction pub key with the target private one?

Also check the signed transaction message left by the prize stealer ahahah

TX input:
Code:
1FuckUmT5yBAvozf6gT8GRQVbJ7iBDUnrH

TX outputs:
Code:
1Jvv4yWkE9MhbuwGU66666666669sugEF 0.00000001
1YouAreSoDumbLoL666666666667K5aR4 0.00000002
1WhatWereUThinking6666666662wkqq1 0.00000003
1YouDeserveNothing6666666665sbbBC 0.00000004
1YouEpicFaiLure66666666666688GSDA 0.00000005
1BitchAssLoser66666666666669dBUVg 0.00000006
1AndEveryoneELse666666666669Vnc8C 0.00000007
1ThisisALosingGame6666666667HAZdf 0.00000008
1JustGetAReaLJob666666666665vGKVD 0.00000009
1YoureWastingTimeAndMoney664CVExC 0.00000010
1AndCausingCLimateChange6666HK8Qc 0.00000011
13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so 0.00000012
1Jvv4yWkE9MhbuwGUoqFYzDjRVQHaLWuJd 0.00000013
1FK5PjPNARQmg94n2cNHTo9417kWfXUDBQ 0.00002125
 
Last edited:
I would like to ask something here and maybe I am misunderstanding a key piece of information, because I have been brute forcing puzzle 66 with a custom CUDA software written in python. I wasnt sure what I was going to do if I found the key, was planning on using mara slipstream.

The Public address was known for puzzle66: 13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so

My understanding is that the transaction got front run by a bot as when the person who found the private key (https://btcpuzzle.info/keys/btc/000000000000000000000000000000000000000000000002832ED74F2B5E35EE) broadcasted the transaction publicly in the Mempool, the signature of the transaction Rx exposed the Public Key (not sure what this is) and thus a bot used this metadata in a kangaroo search (public address, public key) to find the private key and front run the transaction with a higher TX fee to secure the transaction to their address.

Is this correct?
 
/Misty said:
I would like to ask something here and maybe I am misunderstanding a key piece of information, because I have been brute forcing puzzle 66 with a custom CUDA software written in python. I wasnt sure what I was going to do if I found the key, was planning on using mara slipstream.

The Public address was known for puzzle66: 13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so

My understanding is that the transaction got front run by a bot as when the person who found the private key (https://btcpuzzle.info/keys/btc/000000000000000000000000000000000000000000000002832ED74F2B5E35EE) broadcasted the transaction publicly in the Mempool, the signature of the transaction Rx exposed the Public Key (not sure what this is) and thus a bot used this metadata in a kangaroo search (public address, public key) to find the private key and front run the transaction with a higher TX fee to secure the transaction to their address.

Is this correct?
Click to expand...
Its really confusing. How did anyone found out the private key has been cracked.
Suppose some person is scanning the key, and it got cracked in his computer. He only has the private key and noone else has it. He did a transaction and transferred funds to his wallet. Then we will only know that its been cracked. How did websites updated the private keys unless its a pool that got the key, they share.
And if the transaction can be diverted with higher fees, then whoever cracked it can use higher fee to transfer all the fund in his wallet isnt it?
 
Roshan2025 said:
Its really confusing. How did anyone found out the private key has been cracked.
Suppose some person is scanning the key, and it got cracked in his computer. He only has the private key and noone else has it. He did a transaction and transferred funds to his wallet. Then we will only know that its been cracked. How did websites updated the private keys unless its a pool that got the key, they share.
And if the transaction can be diverted with higher fees, then whoever cracked it can use higher fee to transfer all the fund in his wallet isnt it?
Click to expand...

The mistake that was made was that the person who found the key did a normal transaction through the mempool, a bot was waiting looking for a transaction coming from the wallet: 13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so which is puzzle 66 wallet. Remember that Puzzle 66 is only using 66-bit encryption vs standard sha-256 so its much much easier to crack vs a standard wallet.

When you do a transaction via the mempool it doesn´t happen until its been confirmed which usually takes 10 - 20mins give or take, so first the the transaction was broadcasted and within the signature of this transaction is the Public Key which is different from Public address. We know the public address: 13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so, but not the public key, this is only revealed in Tx.

The Public key is another piece of data which can be used to significantly narrow down the search for Puzzle 66, using this data and Kangaroo it seems that the bot cracked puzzle66 in around 30s, and front ran the original transaction.

I think the only way to securely take the rewards from future puzzles are:
  • Using a private pool to verify the transaction where you have a contract/deal with the operators.
  • mara slipstream: slipstream.mara.com
  • Timing the Tx perfectly less than 10/20second before the next block is mined
  • Setting a high initial TX fee which will outperform the bot (although the bot could be programmed to counter this and thus all the reward goes to the miners)
  • eventually when we are on puzzle 100+ I don´t know if kangroo with public address and public key will be able to find it faster than the average block time
  • having your own bot

Looking at the wallet history it really does look like the reward was snatched from some poor person who won the lottery (albeit only 25% into the range on 17quintillion keys).
 
additional information I would like to add is that in the block explorer: https://www.blockchain.com/explorer/addresses/btc/13zb1hQbWVsc2S7ZTZnP2G4undNNpdh5so

It seems that 90% of the BTC was sent to one wallet and 10% sent to another.

In my opinion this 10% was a service fee, either for using the snipe software, It seems to me that whoever sniped this was using a commercialized sniper bot.
 
pancakett said:
If anonymity is priority you might want to look into Monero, as far as I know.. that's the only thing that's true to what most ppl think crypto is in terms of staying anon
Click to expand...

Is this the reason Binance removed XMR from its listings - because it's a KYC exchange and having a way for people to erase financial transaction tracing is not in line with KYC?
 
deppo said:
Is this the reason Binance removed XMR from its listings - because it's a KYC exchange and having a way for people to erase financial transaction tracing is not in line with KYC?
Click to expand...
according to them it was 'we are checking the quality standards of assets' etc the usual bs but yeah it was probably because the governments don't like XMR - also I remember binance was being accused of money laundering activities, so maybe it was their way of saying 'we are handling it' again, the usual bs.. imo.
 
Advertise on BHW
Status
Not open for further replies.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Media Downloads

Marketplace

Account Selling Content / Copywriting EBooks / Methods Hosting Misc Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design More

Making Money

Affiliate Programs Hire a Freelancer IM Journeys Making Money Pay Per Click Site Flipping Want to Buy

BlackHat World

Dispute Resolution Forum Suggestions & Feedback Introductions Lounge
Back
Top