How do you know the winner is transferring and broadcasting the fund? Do you get the public key immediately after the winner broadcast the transation? Does this take time?
Yes. In
about 10-20 seconds you will be left with nothing.
It takes less than 2 seconds to break the private key of Puzzle 71 (once the initial TX is in the mempool), create the TX, and broadcast it, and to get it accepted by any miner.
The principle behind the puzzle bot can be explained more simply:
The bot checks a Bitcoin address for incoming transactions using a Python script.
If a transaction is found, it extracts the public key from the scriptsig field in the transaction input.
Example one-line Python command for puzzle 71:
python3 -c "import requests; import sys; address = sys.argv[1]; url = f'https://mempool.space/api/address/{address}/txs/chain'; r = requests.get(url); txs = r.json(); pubkey = next((vin['scriptsig'][-66:] for tx in txs for vin in tx['vin'] if 'scriptsig' in vin), None); print(f'Public key for address {address}: {pubkey}' if pubkey else 'Public key not found');" 1PWo3JeB9jrGwfHDNpdGK54CRas7fsVzXU
If the public key is found, it will appear like this:
Public key for address 197kFKvMHoRJPXktc8xJwMjeTuE9xijBQ: 029fd3d2479a37f40d03975cb51ce0fa18cbb709cc46b47caeaa1722cfd3683583
If not, it will return:
Public key not found
You can manually press Enter repeatedly until the public key appears.
Alternatively, you can automate it with a Python script that checks
every 5 seconds indefinitely.
The public key will appear as soon as someone broadcasts a transaction from that address.
Faster Execution with a Local Node
If you're running a local Bitcoin node (e.g., with Umbrel), you can query your own mempool instead of an external API:
url = f'http://mempool.localhost/api/address/{address}/txs/chain'
This reduces latency and speeds up detection.
Once the public key is obtained, Kangaroo is used to derive the private key, typically in 2-3 seconds.
The script then replaces the original transaction in the mempool before it gets confirmed.
Example:
bitcoin-cli createrawtransaction 'INPUTS' 'OUTPUTS'
bitcoin-cli signrawtransactionwithkey 'HEX' '["PRIVATE_KEY"]'
bitcoin-cli sendrawtransaction 'SIGNED_HEX'
No Rate Limits: Local mempool API is faster and unrestricted.
Real-Time Detection: Sees transactions as soon as they enter the mempool.
Thank you for your detailed explanation. It seems that this kind of robot can really steal the bonus very quickly. Although I don’t believe it can be done in 2 seconds, it seems that it can be done within a minute or even tens of seconds. Broadcasting in a public mining pool is indeed very dangerous.