We have sent 0.0001 BTC each to ten different public addresses that have never before appeared on the blockchain but should still be considered high-risk and quite unsafe. It will be interesting to see how fast they are robbed!
Here is the transaction: fcbcaecced0e5df2988fbc274a6f60ae8159dbb76df0d647acb83502c656bac8
As seen, we are staking 0.001 BTC in total.
A few clues:
- Previously known (pass)words
One obstacle may be that that standard-tool Brainflayer doesn’t support segwit addresses. (Or are there forks that do? If so, please let us know.)
In other words, your job is to empty the following public addresses:
We know you can do it! This post will be updated all the details when (not if) all addresses have been emptied.
It would be cool if the person(s) who pull this off publish their solutions in the comments below.
This little experiment was possible thanks to a kind donation to this page; our public address at the bottom of this page. If you want to see more experiments and bounties like this, the tip jar is always open!
Update a few hours later
Yikes! That was a lot faster than we expected. All 10 public addresses were emptied within one minute and these transactions included in the same block 634753 as the original transaction.
Five different bots competed. We can be quite sure they are bots and not humans since they reacted literally within seconds and before the original transaction had been verified by the network. In other words, we can be quite sure that several different bots are constantly scanning the Bitcoin mempool for unsafe transactions and react immediately to them. Further, the transaction fees are extraordinarily high. The most successful bot grabbed 5 of 10 transactions, but at a very high price – it spent almost 85% on transaction fees! Presumably, the bots set the transaction fees very high in order to “win” (i.e. be chosen by the miner of the next block). Which leads us to the question: is it even worth it to run such a bot? Is it really winning to pay 85% in transaction fees? The tradeoff between “must win” (high transaction fee) and “must profit” (low transaction fee) is an interesting equation.
Alright, so how exactly did we produce these apparently unsafe public addresses? We created what some people refer to as brainwallets, which – in the simplest form – is taking the single-round SHA-256 hash of your passphrase (“something you can remember”) and use that as the private key. For this experiment, we used the following weak passwords (in bold):
The web has been abundant for many years with information about the inner workings of legacy addresses. You can, of course, find detailed guides for segwit addresses, but these guides and codes are quite technical. We didn’t expect that 10 weak segwit addresses would be robbed in seconds. But we were obviously wrong.
And this is interesting. It highlights the utter importance of using safe methods for creating private keys, regardless of which address type you use.
Comments and questions?
One more thing!
Consider the donation address at the bottom of the page. We re-invest all contributions into new projects for btcleak.com. Help us create new content and remain ad-free forever. Thank you.