Since the first round resulted in Bitcoin theft within seconds, we have decided to step up the game for the second round. Again, we have transferred 0.0001 BTC each to 10 different unsafe segwit addresses. Here is the transaction:
Again, all these public addresses can be considered brainwallets, as their private keys are single-round SHA-256 hashes of passwords or passphrases that we think humans could and would choose. In other words, they are not crazy and random strings of special characters, such as these, but rather memorable and human-like.
Put differently, “W)q|e9r?M%I|AdCaynz7*J_OSG” is not at all what any of these passwords would look like; something much closer would be “DragonDeath22”, but for obvious reasons, this is not one of the correct answers.
For the record, this time around we searched for all our generated SHA-256 hashes on hashes.org, and got 0 of 10 hits. We didn’t check with other sources, so some of them may very well have been published elsewhere.
We think that this challenge is significantly harder than the first, but by no means unbeatable. All passwords used are words or phrases that aren’t super-uncommon in plain text on the web. With password-lists and maybe with the addition of tools like hashcat, it should be possible to crack all 10.
The public addresses we allow and encourage you to empty are thus:
We wish you the best of luck, and we will of course update this post with all details, just as in the previous example, when all addresses have been compromised.
In the unlikely event that not all addresses are cracked within 7 days, we reserve the right to transfer back the coins to our own public address. And in this case too, we will of course update this post with the solutions.
We believe in you. Show us you can do it!
Comments or questions?
One more thing!
Consider the donation address at the bottom of the page. We re-invest all contributions into new projects for btcleak.com. Help us create new content and remain ad-free forever. Thank you.