Last week, 55.8 Bitcoins were transferred with exorbitant fees of 83.7 BTC. This surprising transaction, the most expensive in terms of fees in Bitcoin history, finally reveals a potential hack of a newly created cold wallet. An anonymous user has claimed ownership of the funds and tells us more about how this transaction a priori came about.
55.8 Bitcoins transferred for 83.7 BTC fee
The surreal event of the most expensive Bitcoin transaction in history, which took place on November 23, 2023, caused quite a stir and raised many questions as to the reason for such a transaction. One user paid an astronomical transaction fee of 83.7 BTC, or around $3.1 million, to transfer 55.8 BTC. We now know more, and the user was in fact the victim of a hack.
It turns out that this transaction, involving a new Bitcoin-powered cold wallet, was immediately redirected to another address. The 83.7 Bitcoins benefited the AntPool mining pool, which validated the block containing the hack transaction. In dollar terms, this is the most expensive transaction in Bitcoin history.
In a surprising twist, an anonymous user, under the Twitter name @83_5BTC, claimed ownership of the funds and shared his wallet hacking story. According to his tweets, he created a new cold wallet, transferred 139 BTC to it, but these were immediately transferred to another wallet by a third party. He suspects a script was run on this wallet with a likely miscalculation of transaction fees.
It was my BTC that paid the high fee.
I created a new cold wallet, transferred 139BTC to it and it got transferred out to another wallet immediately.
I can only imagine that someone was running a script on that wallet and that the script had a weird fee calculation. ☹️
– Hackers_paid_83.5BTC_fee_with_my_money (@83_5BTC) November 24, 2023
At first glance, it might appear that this person is trying to take advantage of the situation to attract attention. However, the individual has authenticated his claim by signing the message “@83_5BTC is the owner of the funds that paid the high fee” with the address that was the victim of the hack, thus confirming that he really is the owner of the compromised address.
However, it’s important to note that anyone with the seed phrase for the targeted wallet could have signed this message. Thus, it could be that the author is the hacker himself, or another hacker trying to take advantage of the situation to recover the funds paid in fees to Antpool.
How could this hack have happened?
The user didn’t just lose these disproportionate transaction fees, but his entire 140 BTC wallet. Although he has yet to give a totally secure explanation as to the origin of the hack, the most plausible theory suggests that the wallet was generated from insufficient entropy. Then, with the help of an automated robot, the seed phrase was guessed and used to steal the funds.
Entropy, in computer science and cryptography, refers to the amount of randomness or unpredictability introduced into the generation of cryptographic keys, essential to guarantee their security and resistance to attempts at decryption or hacking.
An intriguing fact raised by @mononautical on X is that the 83.65 BTC paid in fees represents exactly 60% of the 139.42 BTC evaporated. In short, when @83_5BTC transferred those 139.42 BTC to his new wallet, the hacker’s script automatically moved 40% of the address value, or 55.77 BTC, to another wallet, using the remaining 60% to pay transaction fees.
Finally, tracking the transactions on the blockchain, we noticed that the stolen funds were all split into equal shares of 6 BTC. This raises the question: was this action an error in the malicious bot’s programming, or was it a deliberate move by an individual who appreciates the number 6?
Details of a transaction carried out by the hacker with the stolen funds
The incident also raises questions about the liability of mining pools in such situations. Although F2Pool previously refunded the fees mistakenly paid to Paxos, it remains to be seen whether Antpool will show the same leniency to this unfortunate user.
