Guys, I’ve always wondered: is brute-forcing really the only solution? At some point I read the one and only final message from saatoshi_rising, where he said he used a deterministic wallet to create this puzzle. He distributed the prizes in 2017, which means he must have either recorded every private key (perhaps in a file) or retained the exact master seed. That way he can reconstruct all wallets at any time—maybe he even had it tattooed. After a lot of research I wrote two C++ scripts that generate the exact same puzzle game, probably just like he did. I’ve tried countless seeds without success—maybe you’ll get lucky and uncover all 918 BTC. If you do, please stay fair and split half with me.

I offer two C++ scripts that let you replicate the Bitcoin Puzzle by saatoshi_rising.
Both scripts deterministically generate private keys, apply bitwise masks, compute P2PKH addresses and WIFs, and display progress through the keyspace.
The monolithic variant resides in a single file with direct OpenSSL and HMAC calls in main(), and outputs the index, private key (hex), address, WIF, and status (MATCH/FAIL)—it most closely matches saatoshi_rising’s original script from 2015/2017.
The modular variant is organized into meaningful functions, adds a %Range column and flexible seed handling, and is ideal for developers looking to integrate the code into modern projects.
If saatoshi_rising sees this script, he’ll be amazed at how many ways the same principle can be implemented—and perhaps a little nervous, since now anyone can scan all the puzzles in seconds.

Good Luck! https://github.com/onepuzzle/puzzle-generator