This is a loophole in the puzzle's design, not a flaw in Bitcoin itself. The solver’s failure to protect their claim (e.g., by using tools like Mara or broadcasting with high fees) could be seen as negligence in a competitive environment. This ambiguity is why clear rules (or better puzzle designs) are needed. Without them, the "law of the jungle" (or in this case, the law of the mempool) prevails.


The creator’s statement clarifies:

https://bitcointalk.org/index.php?topic=1306983.msg18765941#msg18765941

The puzzle is a measuring instrument for the "cracking strength of the community."

It rewards brute-force tools (like the "Large Bitcoin Collider"), not mempool-sniping bots.

There’s no mention of RBF, transaction racing, or ownership transfer via mempool spies.

This implies the creator intended the reward to go to whoever cryptographically solves the key and not to opportunistic bots that exploit transaction propagation.

The creator could argue:

The bot did not solve the puzzle as intended.

It exploited a loophole (mempool snooping) unrelated to cryptographic security.

This violates the spirit of the experiment (transaction racing).


If the creator’s identity is known, they might try to argue theft under "unauthorized access" laws but this is untested.

Yo, even if you crack the code, who’s to say you’ll even get the bag? That’s mad sus. How’s that a fair race? Straight-up scam vibes. 💯

I just need someone to convince me that this is ethical. So far, no one has been able to prove to me that it’s legal. 

The Bitcoin puzzle could be a CIA honeypot to catch hackers brute-forcing keys.  Trust me bro

Let the bots and thieves take everything. 

No way. This is a fairly well-designed game. hahahahaha

Everyone here is lying about some progress, or they are supporting the creator of this puzzle in his illegal madness, trying to brute-force BTC keys.

I know that. So far, I haven't been able to connect Marguerite to this case. There is no clear cryptographic linkage between the addresses in this chain. We only see the large puzzle transaction from 1Czoy… splitting funds to a broad set of addresses. To prove exact links, examining the raw transaction outputs is the only reliable method. Crucially, based on public blockchain data, there is no direct cryptographic chain from 1Czoy… to 1A4T… and then to 1FLAMEN…

Then you need to change your sanitary pads.




If the creator explicitly designs a challenge where participants are invited to solve a cryptographic puzzle (e.g., through mathematical patterns, encryption, or deliberate clues), it is generally considered a legal competition. The owner consents to the transfer of funds upon successful decryption.

Example: Bitcoin "brain wallets" with passphrases, CTF (Capture The Flag) challenges.

If the "puzzle" is merely a disguised brute-force attack (e.g., trying random private keys until one works), this could be seen as unauthorized access to a financial instrument. Since Bitcoin private keys are mathematically derived (not "created" in a traditional sense), brute-forcing them without consent may violate: Computer Fraud and Abuse Laws (e.g., CFAA in the U.S.) if interpreted as unauthorized access.Theft or Conversion Laws if funds are taken without the owner’s explicit permission.

The creator claims there is "no pattern," meaning it’s essentially a brute-force challenge. While they frame it as a "measuring instrument," the act of distributing funds this way could be seen as:

If participants invest resources (electricity, hardware) for a chance to win, it might violate gambling laws in some jurisdictions.

If the creator did not legally relinquish ownership (e.g., via a smart contract or binding terms), brute-forcing the key might still be considered theft.

If the owner did not clearly relinquish ownership (e.g., by publishing a signed transaction or legal agreement), taking funds may be unlawful.

Intent: If the puzzle is structured as a brute-force attack rather than a solvable riddle, it could be argued that the creator is inducing illegal activity.

Jurisdiction: Laws vary by country. Some may view this as a harmless game, while others could treat it as theft or hacking.

Even if legal, brute-forcing random keys could harm innocent holders (e.g., if a solver accidentally cracks a key unrelated to the puzzle).

The Bitcoin community generally frowns upon non-consensual key cracking, as it undermines trust in cryptographic security.

The Bitcoin Puzzle is a controversial edge case. While the creator presents it as a "game," brute-forcing keys without explicit consent could be legally risky. If challenged in court, a judge might rule that:

The creator’s invitation does not override property rights.

Solvers who take funds without unambiguous permission could be liable for theft.

For absolute legality, puzzles should involve provable consent (e.g., signed messages, smart contracts) rather than raw brute-force incentives.

A cryptographically signed message from a Bitcoin address is the strongest possible proof . Courts and investigators increasingly recognize such signatures as valid evidence (similar to a digital notarization). A forum post alone carries no weight without cryptographic verification.  If the coins are genuinely "lost," courts may view brute-forcing as akin to finding abandoned property. However, if an owner emerges with proof, the brute-forcer could face liability for theft or unjust enrichment. If someone falsely claims ownership without cryptographic proof, they could face civil fraud claims or criminal charges (e.g., filing a false police report).
Courts treat BTC like money or assets, not "abandoned treasure." The risks far outweigh the fantasy rewards.

I have thought about it. And as someone who works in cybercrime investigations, I can tell you the law isn’t as binary as "the creator said it’s okay, so it’s legal." The law is written in black and white, but the words say "authorization," not "vibes." Unless the creator formalized this as a binding offer (a smart contract with explicit terms), you’re relying on not getting caught, not legal immunity.

Brute-forcing a key isn’t a recognized legal mechanism.

The creator’s intent might be clear to you, but courts need evidence of a valid contract or gift. If the private key is hidden within a puzzle or image (steganography, riddles, or cryptographic clues) and publicly posted (like GSMG.IO puzzle) by the owner, that’s fundamentally different from brute-forcing under the law.
Puzzle-solving = The owner deliberately encodes the key and invites solvers to extract it. This is closer to a unilateral contract ("Solve this, claim the prize").

If a company posts a puzzle on its website, that’s strong evidence of consent. Courts recognize "invited access" . Brute-forcing lacks this clarity. Even weak keys don’t prove the owner authorized all methods of access.

The puzzle creator’s public statement might imply consent, but unless it’s a legally binding contract (with clear terms, jurisdiction, and revocation mechanisms), authorities could still argue the method of access (e.g., brute-forcing) violates computer crime statutes. Courts often interpret “authorization” narrowly, e.g., Van Buren v. United States (2021) highlighted ambiguities in what exceeds "authorized access."

While the DOJ’s 2022 policy discourages charges for "good-faith security research," brute-forcing a private key lacks the same recognized public benefit as vulnerability disclosure. The policy also explicitly excludes "malicious" acts, and prosecutors might view unsanctioned access to funds (even via puzzles) as financially motivated rather than research.

Even if CFAA liability is avoided, criminal theft laws (e.g., state statutes) could apply. Most jurisdictions require explicit, lawful transfer of property. Cracking a key isn’t a traditional legal mechanism. The creator’s intent might not override statutory definitions of theft or fraud.

Unlike a test server in a bug bounty, the blockchain is a public ledger; the "system" accessed is the network itself. If the wallet’s security relies on cryptographic safeguards, bypassing them could be argued as circumventing a "technological barrier" under laws like the DMCA §1201 (though this is untested for puzzles).

If you live in Mongolia, it's probably safe. 

While the puzzle creator may intend for the funds to be claimed by cracking the key, that doesn’t automatically make it legal. Most jurisdictions don’t recognize brute-forcing as a valid way to transfer ownership. It’s still technically unauthorized access under computer crime laws. The creator’s forum posts might show intent, but unless they structured this as a binding contract or explicit waiver, the law could still view solvers as committing theft. In practice, nobody gets prosecuted because Bitcoin is pseudonymous and the creator isn’t complaining, but that doesn’t make it legally safe.

The creator of a "Bitcoin puzzle" (where funds are locked behind a private key that must be brute-forced) is intentionally creating a scenario where theft is incentivized. Even if they frame it as a game or challenge, the legal reality is:

They knowingly put funds in a position where unauthorized access is the only way to claim them.

They are effectively encouraging hacking/unauthorized access, which is illegal in most jurisdictions (e.g., under computer fraud, unauthorized access, or theft laws).


If the puzzle creator never relinquished ownership (e.g., by clearly stating "this is not yours until you solve X"), then solving the puzzle does not grant legal ownership, it’s still theft.

If they implied abandonment (e.g., "Whoever finds this can have it"), then it might be a gray area, but most legal systems don’t recognize brute-forcing as a legitimate claim method.

The puzzle creator could be legally liable because:

They structured a scheme that requires illegal actions (unauthorized access) to claim funds.

They knowingly set up a system that violates computer crime laws (e.g., CFAA in the U.S., similar laws in the EU/UK).

They may be seen as an accomplice to theft by deliberately creating conditions where theft is the only way to obtain the funds.


The puzzle creator is not innocent, they designed a system that requires illegal actions to claim funds. While they might argue it’s a "game," the law doesn’t generally recognize brute-forcing private keys as a legitimate way to transfer ownership.

Does anyone really think the creator of this puzzle didn’t anticipate what would happen with any puzzle under 100 bits? I’m still convinced this was a pre-planned scam. Unless the puzzle’s creator personally convinces me here otherwise.

Maybe they’re tired of grindin’ in the terminal for just 30 bucks 

Even if you solve it, it’s uncertain who will get the prize. So how does that fit into a fair puzzle race? This is the perfect example of a scam.

Give me the public key for puzzle 71

While I admire your passion for the puzzle, statistically speaking, you might have better odds of winning the lottery than cracking a 16-number mystery designed to be unsolvable. At least with the lottery, the rules are clear....