Someone just lost half a bitcoin to fees \ stacker news ~bitcoin

Someone just lost half a bitcoin to fees

562 sats \ 9 comments \ @Rsync25 11 Jun bitcoin

there was actually a lot of competition to steal this output, so it was probably a well-known or very low-entropy address.

but for whatever reason this version that burnt it all to fees was received first by most mempool servers, so the RBF history isn't visible.

the attacker's address has a long history of similar activity.

e.g, here's another transaction from a few months ago that vaporized almost a full bitcoin to fees in order to steal only ~86k sats

it's hard to say why they've adopted this strategy.

it could be that the automated tool they use to sweep compromised funds is just terrible at bidding.

or perhaps it's a deliberate "scorched earth" policy to discourage competitors.

or it could be much more sophisticated:

by broadcasting two conflicting theft transactions simultaneously - one profitable, the other burning it all to fees - there's a slim possibility that a non-full-RBF miner will still mine the first, while the second blocks competing txs.

Original tweet: https://x.com/mononautical/status/1800496416252743919

view all related items

333 sats \ 2 replies \ @DarthCoin 11 Jun

Mononaut should post his investigations on SN not only on Twix. Non-Twix users can't read these threads. SN is much suitable for these kind of discussions. Somebody please inform Mononaut about the SN existence. I never used twix so will not make an account just for this. He can post on Twix only links to SN posts. Much better.

0 sats \ 1 reply \ @zx 11 Jun

Twix haha!

4 sats \ 0 replies \ @anon 11 Jun

Silly rabbit! Twix are for kids!

100 sats \ 0 replies \ @kilianbuhn 11 Jun

so it was probably a well-known or very low-entropy address. but for whatever reason this version that burnt it all to fees was received first by most mempool servers

For whatever reason? The reason is indeed quite obvious.

100 sats \ 1 reply \ @Wumbo 11 Jun

so it was probably a well-known or very low-entropy address.

Is there any logic to determine low-entropy address?

Or was this just bad luck and this address happen to be already guessed and recorded in a database with private key.

110 sats \ 0 replies \ @kilianbuhn 11 Jun

There are two possible ways:

Top down: You have a pubkey, know what system it was created on and then find weak randomness on said system
Bottom up: You know a system with weak randomness. You generete the keypairs for all of the frequent notsorandom numbers. You look on the chain if you find any of these pubkeys being used without any paytopubkeyhash

0 sats \ 0 replies \ @CruncherDefi 12 Jun

It's probably a bidding war in mempool where two bots overbids each other. It makes for a race-to-the-bottom dynamics.

0 sats \ 0 replies \ @dollarparity 12 Jun

It could be a small mistake in a large operation.

0 sats \ 0 replies \ @Satosora 11 Jun

What would be the point of this? And wouldnt you need a large foundation to be even able to start this, in case the fees add up instantly?