Search content
Sort by
Showing 20 of 996 results by nomachine
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
How do you know the winner is transferring and broadcasting the fund? Do you get the public key immediately after the winner broadcast the transation? Does this take time?
Yes. In about 10-20 seconds you will be left with nothing.
It takes less than 2 seconds to break the private key of Puzzle 71 (once the initial TX is in the mempool), create the TX, and broadcast it, and to get it accepted by any miner.
The principle behind the puzzle bot can be explained more simply:
The bot checks a Bitcoin address for incoming transactions using a Python script.
If a transaction is found, it extracts the public key from the scriptsig field in the transaction input.
Example one-line Python command for puzzle 71:
Code:
python3 -c "import requests; import sys; address = sys.argv[1]; url = f'https://mempool.space/api/address/{address}/txs/chain'; r = requests.get(url); txs = r.json(); pubkey = next((vin['scriptsig'][-66:] for tx in txs for vin in tx['vin'] if 'scriptsig' in vin), None); print(f'Public key for address {address}: {pubkey}' if pubkey else 'Public key not found');" 1PWo3JeB9jrGwfHDNpdGK54CRas7fsVzXU
If the public key is found, it will appear like this:
Quote
Public key for address 197kFKvMHoRJPXktc8xJwMjeTuE9xijBQ: 029fd3d2479a37f40d03975cb51ce0fa18cbb709cc46b47caeaa1722cfd3683583
If not, it will return:
Quote
Public key not found
You can manually press Enter repeatedly until the public key appears.
Alternatively, you can automate it with a Python script that checks every 5 seconds indefinitely.
The public key will appear as soon as someone broadcasts a transaction from that address.
Faster Execution with a Local Node
If you're running a local Bitcoin node (e.g., with Umbrel), you can query your own mempool instead of an external API:
Code:
url = f'http://mempool.localhost/api/address/{address}/txs/chain'
This reduces latency and speeds up detection.
Once the public key is obtained, Kangaroo is used to derive the private key, typically in 2-3 seconds.
The script then replaces the original transaction in the mempool before it gets confirmed.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
This Python script generates a fully signed raw Bitcoin transaction that can be used with the MARA Slipstream service (or any other broadcast method). Accepts any type of destination address: Legacy (P2PKH), SegWit (P2WPKH), or Taproot (P2TR).
Supports private keys in WIF (Wallet Import Format).
Automatically:
Fetches UTXOs (unspent outputs) from mempool.space
Example script output
Cheers
Supports private keys in WIF (Wallet Import Format).
Automatically:
Fetches UTXOs (unspent outputs) from mempool.space
Code:
import base58
import requests
import ecdsa
from bitcoin import *
import hashlib
def decode_wif(wif):
b = base58.b58decode(wif)
if len(b) == 38 and b[-5] == 0x01:
return b[1:-5], True # compressed
elif len(b) == 37:
return b[1:-1], False # uncompressed
raise ValueError("Invalid WIF format")
def get_pubkey(priv_bytes, compressed):
sk = ecdsa.SigningKey.from_string(priv_bytes, curve=ecdsa.SECP256k1)
vk = sk.get_verifying_key()
if compressed:
x = vk.pubkey.point.x()
y = vk.pubkey.point.y()
return ('02' if y % 2 == 0 else '03') + f"{x:064x}"
else:
return '04' + vk.to_string().hex()
def get_address(pubkey, compressed):
pubkey_bytes = bytes.fromhex(pubkey)
if compressed:
pubkey_hash = hash160(pubkey_bytes)
return pubkey_to_address(pubkey) # P2PKH
else:
return pubkey_to_address(pubkey) # P2PKH uncompressed
def address_type(address):
if address.startswith('1'):
return 'p2pkh'
elif address.startswith('3'):
return 'p2sh'
elif address.startswith('bc1q'):
return 'p2wpkh'
elif address.startswith('bc1p'):
return 'p2tr'
else:
raise ValueError("Unknown address type")
def fetch_utxos(address):
try:
url = f"https://mempool.space/api/address/{address}/utxo"
r = requests.get(url)
r.raise_for_status()
return r.json()
except Exception as e:
print("Failed to fetch UTXOs:", e)
return []
def estimate_fee(num_inputs, num_outputs, fee_rate, compressed, out_types):
# estimate size based on input/output types
input_size = 108 if compressed else 148
output_size = sum(43 if t == 'p2wpkh' else 34 for t in out_types)
total_size = 10 + num_inputs * input_size + output_size
return total_size * fee_rate
def create_transaction(wif, to_address, amount_btc, fee_rate):
priv_bytes, compressed = decode_wif(wif)
pubkey = get_pubkey(priv_bytes, compressed)
from_address = get_address(pubkey, compressed)
to_type = address_type(to_address)
utxos = fetch_utxos(from_address)
if not utxos:
raise RuntimeError("No UTXOs available")
inputs = []
total = 0
for utxo in utxos:
inputs.append({'output': f"{utxo['txid']}:{utxo['vout']}", 'value': utxo['value']})
total += utxo['value']
if total >= int(amount_btc * 1e8): break
if total == 0:
raise RuntimeError("Not enough inputs to cover amount")
send_amount = int(amount_btc * 1e8)
fee = estimate_fee(len(inputs), 2, fee_rate, compressed, [to_type, 'p2pkh'])
if total < send_amount + fee:
raise RuntimeError("Insufficient funds")
change = total - send_amount - fee
outputs = [{'address': to_address, 'value': send_amount}]
if change > 0:
outputs.append({'address': from_address, 'value': change})
tx = mktx(inputs, outputs)
for i in range(len(inputs)):
tx = sign(tx, i, wif)
return tx
# === Example Usage ===
if __name__ == "__main__":
WIF = "<wif_private_key>"
TO_ADDRESS = "1YourLegacyAddressHere" # works with 1..., 3..., bc1q..., bc1p...
AMOUNT_BTC = 6.70013241
FEE_RATE = 20 # sats/vB
try:
raw_tx = create_transaction(WIF, TO_ADDRESS, AMOUNT_BTC, FEE_RATE)
print("Raw Transaction:", raw_tx)
except Exception as e:
print("Error:", e)
import requests
import ecdsa
from bitcoin import *
import hashlib
def decode_wif(wif):
b = base58.b58decode(wif)
if len(b) == 38 and b[-5] == 0x01:
return b[1:-5], True # compressed
elif len(b) == 37:
return b[1:-1], False # uncompressed
raise ValueError("Invalid WIF format")
def get_pubkey(priv_bytes, compressed):
sk = ecdsa.SigningKey.from_string(priv_bytes, curve=ecdsa.SECP256k1)
vk = sk.get_verifying_key()
if compressed:
x = vk.pubkey.point.x()
y = vk.pubkey.point.y()
return ('02' if y % 2 == 0 else '03') + f"{x:064x}"
else:
return '04' + vk.to_string().hex()
def get_address(pubkey, compressed):
pubkey_bytes = bytes.fromhex(pubkey)
if compressed:
pubkey_hash = hash160(pubkey_bytes)
return pubkey_to_address(pubkey) # P2PKH
else:
return pubkey_to_address(pubkey) # P2PKH uncompressed
def address_type(address):
if address.startswith('1'):
return 'p2pkh'
elif address.startswith('3'):
return 'p2sh'
elif address.startswith('bc1q'):
return 'p2wpkh'
elif address.startswith('bc1p'):
return 'p2tr'
else:
raise ValueError("Unknown address type")
def fetch_utxos(address):
try:
url = f"https://mempool.space/api/address/{address}/utxo"
r = requests.get(url)
r.raise_for_status()
return r.json()
except Exception as e:
print("Failed to fetch UTXOs:", e)
return []
def estimate_fee(num_inputs, num_outputs, fee_rate, compressed, out_types):
# estimate size based on input/output types
input_size = 108 if compressed else 148
output_size = sum(43 if t == 'p2wpkh' else 34 for t in out_types)
total_size = 10 + num_inputs * input_size + output_size
return total_size * fee_rate
def create_transaction(wif, to_address, amount_btc, fee_rate):
priv_bytes, compressed = decode_wif(wif)
pubkey = get_pubkey(priv_bytes, compressed)
from_address = get_address(pubkey, compressed)
to_type = address_type(to_address)
utxos = fetch_utxos(from_address)
if not utxos:
raise RuntimeError("No UTXOs available")
inputs = []
total = 0
for utxo in utxos:
inputs.append({'output': f"{utxo['txid']}:{utxo['vout']}", 'value': utxo['value']})
total += utxo['value']
if total >= int(amount_btc * 1e8): break
if total == 0:
raise RuntimeError("Not enough inputs to cover amount")
send_amount = int(amount_btc * 1e8)
fee = estimate_fee(len(inputs), 2, fee_rate, compressed, [to_type, 'p2pkh'])
if total < send_amount + fee:
raise RuntimeError("Insufficient funds")
change = total - send_amount - fee
outputs = [{'address': to_address, 'value': send_amount}]
if change > 0:
outputs.append({'address': from_address, 'value': change})
tx = mktx(inputs, outputs)
for i in range(len(inputs)):
tx = sign(tx, i, wif)
return tx
# === Example Usage ===
if __name__ == "__main__":
WIF = "<wif_private_key>"
TO_ADDRESS = "1YourLegacyAddressHere" # works with 1..., 3..., bc1q..., bc1p...
AMOUNT_BTC = 6.70013241
FEE_RATE = 20 # sats/vB
try:
raw_tx = create_transaction(WIF, TO_ADDRESS, AMOUNT_BTC, FEE_RATE)
print("Raw Transaction:", raw_tx)
except Exception as e:
print("Error:", e)
Example script output
Quote
Raw Transaction: 0100000005b3138da741af259146ca2c4895bac7e0c08147679f88ce3302fb4db0584bf31205000 0006b483045022100fcc29e303b33016113a6ec23553187c0589859f0ba576e2dc09990fa29c61a cb02205a200c482ab1d4901853b47a62ec57cdfa87e8908e6e3204c1d5dbe7c14efb77012102122 09f5ec514a1580a2937bd833979d933199fc230e204c6cdc58872b7d46f75ffffffff15cda65f1e 46982fc082b15c8dbb60985d12a7e60b0c742263608cc9349f3808460000006b483045022100967 4dce2352f28d8ea52866a2cecbe153e6f9da0f228b0a5ceb7a2afa2a5cc78022045af0952718f04 e0f5c1dade18cc6f9309951d5025c3f9597af0e5c27e5afcde01210212209f5ec514a1580a2937b d833979d933199fc230e204c6cdc58872b7d46f75ffffffff5e24638c73bbff287f002d3035ac13 d43b373bed0470a8425b92ed7f601409b3000000006b483045022100d7acede82875fc6025d28a2 c7464a29b198ee477adcf0fbb7ac5bf1fc6b52b340220414620d32b062afef07773d90d958ad599 1bf06f3ff0720839c5f6e8364ec35901210212209f5ec514a1580a2937bd833979d933199fc230e 204c6cdc58872b7d46f75ffffffff10d650ec671f51e730c36da55623e6c9ae1f1803ea3cbb4cf8 2edc1f3e066358000000006b483045022100e55a20c9e40518ce4b9bbd3640350ae7d10ad7d86b0 bbfb3cac7dd778300ea0102203c54c9cd9d7fc8894b6d1f16b5558687047701e31e58257ea4b528 e14d86a58601210212209f5ec514a1580a2937bd833979d933199fc230e204c6cdc58872b7d46f7 5ffffffff6441384445a0f426ee689e2532e41fc6947dda41558026b80f5b1dfd7c58455d130000 006a47304402202dea305bc23b33c291aabde55273836b45c3f7a207cd138279133281a1e5094c0 22060a78ae12f61dee3ed8ae328a05c785957154e18abcd2d6893b4193eb2ed3ae601210212209f 5ec514a1580a2937bd833979d933199fc230e204c6cdc58872b7d46f75ffffffff023997ef27000 000001976a914f6f5431d25bbf7b12e8add9af5e3475c44a0a5b888aca1086202000000001976a9 14f6f5431d25bbf7b12e8add9af5e3475c44a0a5b888ac00000000
Cheers
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
If there was a template, then during the entire existence of the puzzle, it would have already been found. 
It really depends on your game plan. Sometimes it’s kangaroo, sometimes it’s BSGS, and believe it or not, sometimes you just gotta brute force it.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
From the report, private transaction services like MARA's Slipstream let users send transactions directly to trusted miners instead of broadcasting them publicly. This helps prevent quantum adversaries from seeing and hijacking transactions before they're confirmed. But it doesn't replace the need for quantum-resistant signatures at the protocol level. However, during the transition period after implementing those signatures, this approach can reduce risks. The text also mentions that these services are contentious now because they're used for non-financial data storage and create a two-tier system. This is supposed to help against quantum attacks because a quantum computer could potentially steal the transaction details (like the signature) and create a conflicting transaction if they can see it in the mempool before confirmation.
Will all mempools become like MARA?
I don't think so. But I think there will definitely be more of them.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
https://bitcointalk.org/index.php?topic=1306983.msg64379149#msg64379149 - Please, it's written here step by step
Quote
Private transaction services represent a potentially complementary or orthogonal migration
strategy that specifically addresses short-range attacks during the window of vulnerability
between transaction broadcast and confirmation. These services, such as existing private
mempools like MARA’s Slipstream [MDH24], allow users to submit transactions directly to
trusted miners rather than broadcasting them publicly, preventing quantum adversaries
from observing and hijacking transactions before confirmation. While this approach doesn’t
eliminate the need for protocol-level quantum-resistant signature schemes, it could reduce,
but not eliminate19, risks during the transition period after such schemes are implemented.
It’s worth noting that even today, such services are contentious in the community as they are
often leveraged to include non-financial data storage transactions in the blockchain, and they
create a two-tier system for transaction broadcast.
strategy that specifically addresses short-range attacks during the window of vulnerability
between transaction broadcast and confirmation. These services, such as existing private
mempools like MARA’s Slipstream [MDH24], allow users to submit transactions directly to
trusted miners rather than broadcasting them publicly, preventing quantum adversaries
from observing and hijacking transactions before confirmation. While this approach doesn’t
eliminate the need for protocol-level quantum-resistant signature schemes, it could reduce,
but not eliminate19, risks during the transition period after such schemes are implemented.
It’s worth noting that even today, such services are contentious in the community as they are
often leveraged to include non-financial data storage transactions in the blockchain, and they
create a two-tier system for transaction broadcast.
from --> https://chaincode.com/bitcoin-post-quantum.pdf
From the report, private transaction services like MARA's Slipstream let users send transactions directly to trusted miners instead of broadcasting them publicly. This helps prevent quantum adversaries from seeing and hijacking transactions before they're confirmed. But it doesn't replace the need for quantum-resistant signatures at the protocol level. However, during the transition period after implementing those signatures, this approach can reduce risks. The text also mentions that these services are contentious now because they're used for non-financial data storage and create a two-tier system. This is supposed to help against quantum attacks because a quantum computer could potentially steal the transaction details (like the signature) and create a conflicting transaction if they can see it in the mempool before confirmation.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Seven words remain to solve the puzzle 17+7 = 24 word
That's approximately 4.79 billion years.
You have a much better chance of solving a WIF (Wallet Import Format) key that is missing the last 12–14 characters than cracking anything related to BIP39. Related processes (like PBKDF2) are intentionally slow to resist attacks.
https://github.com/AlexanderKud/WIF-Cracker_NoMachine
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
⭐ Merited by mcdouglasx (3)
I’m trying to solve Zden’s Level 5 Puzzle:
Code:
import cv2
import numpy as np
import random
import time
from bitcoinlib.keys import Key
# Configuration
IMAGE_PATH = 'bitcoin-lvl5-puzzle.png'
EXPECTED_ADDRESS = '1cryptoGeCRiTzVgxBQcKFFjSVydN1GW7'
THRESHOLD_BINARY = 127
SLEEP_BETWEEN_ITERATIONS = 0.6 # Set 0 for maximum speed
MAX_ITERATIONS = None # Set to an integer to limit attempts
# Load Image
def load_image(path):
image = cv2.imread(path, cv2.IMREAD_GRAYSCALE)
if image is None:
raise FileNotFoundError(f"Image not found: {path}")
_, binary = cv2.threshold(image, THRESHOLD_BINARY, 255, cv2.THRESH_BINARY)
return binary
# Extract Shell Areas from Image
def find_shell_contours(image):
contours, hierarchy = cv2.findContours(image, cv2.RETR_TREE, cv2.CHAIN_APPROX_SIMPLE)
shell_areas = []
boxes = []
for i, cnt in enumerate(contours):
parent = hierarchy[0][i][3]
if parent != -1:
outer_cnt = contours[parent]
outer_area = cv2.contourArea(outer_cnt)
inner_area = cv2.contourArea(cnt)
shell_area = outer_area - inner_area
x, y, w, h = cv2.boundingRect(outer_cnt)
shell_areas.append(shell_area)
boxes.append((x, y, w, h))
# Sort rectangles top-to-bottom, then left-to-right
combined = list(zip(shell_areas, boxes))
sorted_combined = sorted(combined, key=lambda item: (round(item[1][1] / 10), item[1][0]))
sorted_areas = [item[0] for item in sorted_combined]
return sorted_areas
# Pair Shell Areas into Bytes
def pairwise_to_bytes(areas, strategy='random'):
bytes_out = []
if strategy == 'random':
indices = list(range(len(areas)))
random.shuffle(indices)
for i in range(0, len(indices), 2):
if i + 1 < len(indices):
a = areas[indices[i]]
b = areas[indices[i + 1]]
bytes_out.append(int(a + b) % 256)
else: # default to sequential
for i in range(0, len(areas), 2):
if i + 1 < len(areas):
total = areas[i] + areas[i + 1]
bytes_out.append(int(total) % 256)
return bytes_out
# Validate Candidate Key
def validate_key(byte_list):
if len(byte_list) != 32:
return None, None, False
hex_key = ''.join(f"{b:02x}" for b in byte_list)
try:
key = Key(import_key=hex_key)
address = key.address()
is_match = (address == EXPECTED_ADDRESS)
return hex_key, address, is_match
except Exception:
return hex_key, None, False
# Main Loop
def main_loop():
print("[*] Loading and analyzing image...")
binary = load_image(IMAGE_PATH)
original_areas = find_shell_contours(binary)
if len(original_areas) < 64:
print("Error: Fewer than 64 rectangles detected. Check image or detection logic.")
return
print(f"[+] Starting infinite decode loop ({len(original_areas)} rectangles)...")
iteration = 0
while True:
iteration += 1
print(f"\n--- Iteration {iteration} ---")
# Copy and apply white-line pixel hint modifications
areas = original_areas[:64].copy()
areas[39] += 17 # Rectangle #40
areas[52] += 6 # Rectangle #53
# Random pairing strategy
byte_list = pairwise_to_bytes(areas, strategy='random')
# Validate derived private key
hex_key, address, is_valid = validate_key(byte_list)
print(f"Private Key (hex): {hex_key}")
print(f"BTC Address: {address}")
print(f"Matches Expected: {is_valid}")
if is_valid:
print("\nSUCCESS! Matching key found!")
with open("winning_key.txt", "w") as f:
f.write(f"Private Key (hex): {hex_key}\n")
f.write(f"BTC Address: {address}\n")
break
if MAX_ITERATIONS and iteration >= MAX_ITERATIONS:
print("Reached max iterations. Stopping.")
break
time.sleep(SLEEP_BETWEEN_ITERATIONS)
if __name__ == "__main__":
main_loop()
import numpy as np
import random
import time
from bitcoinlib.keys import Key
# Configuration
IMAGE_PATH = 'bitcoin-lvl5-puzzle.png'
EXPECTED_ADDRESS = '1cryptoGeCRiTzVgxBQcKFFjSVydN1GW7'
THRESHOLD_BINARY = 127
SLEEP_BETWEEN_ITERATIONS = 0.6 # Set 0 for maximum speed
MAX_ITERATIONS = None # Set to an integer to limit attempts
# Load Image
def load_image(path):
image = cv2.imread(path, cv2.IMREAD_GRAYSCALE)
if image is None:
raise FileNotFoundError(f"Image not found: {path}")
_, binary = cv2.threshold(image, THRESHOLD_BINARY, 255, cv2.THRESH_BINARY)
return binary
# Extract Shell Areas from Image
def find_shell_contours(image):
contours, hierarchy = cv2.findContours(image, cv2.RETR_TREE, cv2.CHAIN_APPROX_SIMPLE)
shell_areas = []
boxes = []
for i, cnt in enumerate(contours):
parent = hierarchy[0][i][3]
if parent != -1:
outer_cnt = contours[parent]
outer_area = cv2.contourArea(outer_cnt)
inner_area = cv2.contourArea(cnt)
shell_area = outer_area - inner_area
x, y, w, h = cv2.boundingRect(outer_cnt)
shell_areas.append(shell_area)
boxes.append((x, y, w, h))
# Sort rectangles top-to-bottom, then left-to-right
combined = list(zip(shell_areas, boxes))
sorted_combined = sorted(combined, key=lambda item: (round(item[1][1] / 10), item[1][0]))
sorted_areas = [item[0] for item in sorted_combined]
return sorted_areas
# Pair Shell Areas into Bytes
def pairwise_to_bytes(areas, strategy='random'):
bytes_out = []
if strategy == 'random':
indices = list(range(len(areas)))
random.shuffle(indices)
for i in range(0, len(indices), 2):
if i + 1 < len(indices):
a = areas[indices[i]]
b = areas[indices[i + 1]]
bytes_out.append(int(a + b) % 256)
else: # default to sequential
for i in range(0, len(areas), 2):
if i + 1 < len(areas):
total = areas[i] + areas[i + 1]
bytes_out.append(int(total) % 256)
return bytes_out
# Validate Candidate Key
def validate_key(byte_list):
if len(byte_list) != 32:
return None, None, False
hex_key = ''.join(f"{b:02x}" for b in byte_list)
try:
key = Key(import_key=hex_key)
address = key.address()
is_match = (address == EXPECTED_ADDRESS)
return hex_key, address, is_match
except Exception:
return hex_key, None, False
# Main Loop
def main_loop():
print("[*] Loading and analyzing image...")
binary = load_image(IMAGE_PATH)
original_areas = find_shell_contours(binary)
if len(original_areas) < 64:
print("Error: Fewer than 64 rectangles detected. Check image or detection logic.")
return
print(f"[+] Starting infinite decode loop ({len(original_areas)} rectangles)...")
iteration = 0
while True:
iteration += 1
print(f"\n--- Iteration {iteration} ---")
# Copy and apply white-line pixel hint modifications
areas = original_areas[:64].copy()
areas[39] += 17 # Rectangle #40
areas[52] += 6 # Rectangle #53
# Random pairing strategy
byte_list = pairwise_to_bytes(areas, strategy='random')
# Validate derived private key
hex_key, address, is_valid = validate_key(byte_list)
print(f"Private Key (hex): {hex_key}")
print(f"BTC Address: {address}")
print(f"Matches Expected: {is_valid}")
if is_valid:
print("\nSUCCESS! Matching key found!")
with open("winning_key.txt", "w") as f:
f.write(f"Private Key (hex): {hex_key}\n")
f.write(f"BTC Address: {address}\n")
break
if MAX_ITERATIONS and iteration >= MAX_ITERATIONS:
print("Reached max iterations. Stopping.")
break
time.sleep(SLEEP_BETWEEN_ITERATIONS)
if __name__ == "__main__":
main_loop()
But man, even these low-reward puzzles are impossible to crack. Either there’s no explanation, it’s straight-up wrong, or it’s just unsolvable.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Mybe you interested in this unsolved 5btc puzzle from 2011 ? 😅
https://bitcointalk.org/index.php?topic=30122.0
Without sending BTC, the remaining characters cannot be predicted (they are randomly selected from the seed but remain unknown until revealed). You need to send 0.025 BTC each time, which is a ridiculous amount now. No Thanks.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Are we really all out of ideas? How about this: Any thoughts on the old wallets that just woke up today (or yesterday)? Lots of BTC suddenly moving out of old wallets... Reminds me of some puzzles we're all trying to solve... And I'll take any crazy, long-shot speculation/discussion about how those wallets may have been hacked...
NOT Satoshi's wallets... I'm talking about Satoshi-era wallets (meaning from back in the day). Most of those coins got consolidated from Legacy addresses to Bech32 addresses. Not sent to exchanges. I guess it’s a big deal to move your crypto to more secure wallets? Bunch of panic-sellers and FUD-spreaders overreacting online.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
the same dude?
Dude? Nah, she's a woman.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
All I mean to say is that I'm often tempted to try and figure-out the seed(s) used to generate the puzzle keys, as I think you've spent quite a lot of time doing... But every time I think about it, I have to remind myself that we just don't know enough / have enough data about where to start... Which version of which language was used, and which RNG (standard or cryptographic, Mersenne Twister or something else, etc) was used, or whether the rand was seeded once, before the loop with a static seed (like I tend to do, which I think is kind-of a common C# pattern) or again on every loop with a dynamically changing seed (the way the code you posted was), not to mention the seed's exact value itself, and who knows what other factors...
In 2015, a Puzzle BTC creator using Python + Electrum would likely have:
Generated keys via random.seed() (not PBKDF2/HMAC-SHA512).
Used WIF format (easily imported into Electrum using importprivkey) and ignored BIP-32/39.
This kept the puzzle simple, reproducible, and Electrum-friendly.
Consistent with real 2015 examples like 1FLAMEN6, which used raw SHA-256/RIPEMD160 hashes (not HD wallets) and WIF keys.
But who cares if I'm right or wrong?
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
How did you come to the conclusion that he used Python? Just because it's easier?
If you were a Puzzle BTC creator in 2015, you could have used Bitcoin Core, Electrum, or Armory. Electrum (written in Python) was already popular in 2015, and its wallet format is well-documented. Importing keys via the command line (electrum importprivkey) would be trivial with Python-generated WIFs.
Python’s random.seed() function ensures deterministic key generation, unlike C++’s std::rand(), which varies across implementations unless carefully controlled.
Python’s random uses a Mersenne Twister, while C++’s std::rand() depends on the compiler.
Since Electrum itself is written in Python, a Python script would integrate seamlessly.
The same code works unchanged from 2015 to 2025 (thanks to Python’s stability).You just need to know the seed.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
Ok, I think I see my mistake... I just went back to the original comment, and I realize now that I had read "a single master seed" as "master seed phrase" and not "a seed used to prime a RNG" ... Meaning, I thought the idea being proposed was that the puzzles were initially created by, like, using some off-the-shelf wallet software to automatically create a new wallet, complete with a BIP-39 seed phrase and a list of associated private keys, and then changing/masking those private keys to make the puzzles' keys, which (of course) would have disassociated them all from the original BIP-39 seed phrase... And I couldn't for the life of me figure out how that would be easier than just generating them all the way you show above...
So, I am dumb, just not the way I'd feared
So, I am dumb, just not the way I'd feared
Personally, if I were the creator, I would use this simple python script.You could straight-up import all them keys from 1 to 160 into Electrum right from the command line. Move all the bread in two clicks, no cap. Me? I’d use a Social Security Number as the seed, toss in ‘SatoshiNakamotoPuzzle’ plus the puzzle number, and bam, we locked in. I wouldn't even lie that I used a wallet.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
- #1 starts with a `1`
- #2 starts with either a `2` or `3`
- #3 starts with a `4`, `5`, `6`, or `7`
- #4 starts with any of the remaining possible hex chars
- then the pattern repeats for the next group of four keys, and so on...
is it actually possible that one seed phrase could/would actually make a series of consecutive keys that fit not just that specific pattern, but really any kind of repeating pattern at all...?? And how would you even find/make such a seed phrase...??
- #2 starts with either a `2` or `3`
- #3 starts with a `4`, `5`, `6`, or `7`
- #4 starts with any of the remaining possible hex chars
- then the pattern repeats for the next group of four keys, and so on...
is it actually possible that one seed phrase could/would actually make a series of consecutive keys that fit not just that specific pattern, but really any kind of repeating pattern at all...?? And how would you even find/make such a seed phrase...??
It is possible.
Code:
import random
import hashlib
import base58
for puzzle in range(1, 161):
lower = 2 ** (puzzle - 1)
upper = (2 ** puzzle) - 1
seed = "SatoshiNakamotoPuzzle" + str(puzzle)
random.seed(seed)
dec = random.randint(lower, upper)
private_key_hex = "%064x" % dec
private_key_bytes = bytes.fromhex(private_key_hex)
extended_key = b'\x80' + private_key_bytes
extended_key += b'\x01'
checksum = hashlib.sha256(hashlib.sha256(extended_key).digest()).digest()[:4]
wif_bytes = extended_key + checksum
wif_compressed = base58.b58encode(wif_bytes).decode()
print(f"Puzzle = {puzzle} {DEC} = {dec} seed = {seed} wif = {wif_compressed}")
import hashlib
import base58
for puzzle in range(1, 161):
lower = 2 ** (puzzle - 1)
upper = (2 ** puzzle) - 1
seed = "SatoshiNakamotoPuzzle" + str(puzzle)
random.seed(seed)
dec = random.randint(lower, upper)
private_key_hex = "%064x" % dec
private_key_bytes = bytes.fromhex(private_key_hex)
extended_key = b'\x80' + private_key_bytes
extended_key += b'\x01'
checksum = hashlib.sha256(hashlib.sha256(extended_key).digest()).digest()[:4]
wif_bytes = extended_key + checksum
wif_compressed = base58.b58encode(wif_bytes).decode()
print(f"Puzzle = {puzzle} {DEC} = {dec} seed = {seed} wif = {wif_compressed}")
python3 test.py
Quote
Puzzle = 1 DEC = 1 seed = SatoshiNakamotoPuzzle1 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU73sVHnoWn
Puzzle = 2 DEC = 2 seed = SatoshiNakamotoPuzzle2 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU74NMTptX4
Puzzle = 3 DEC = 5 seed = SatoshiNakamotoPuzzle3 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU75s2EPgZf
Puzzle = 4 DEC = 11 seed = SatoshiNakamotoPuzzle4 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU78rNKwdiH
Puzzle = 5 DEC = 22 seed = SatoshiNakamotoPuzzle5 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU7EL1wKGDm
Puzzle = 6 DEC = 53 seed = SatoshiNakamotoPuzzle6 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU7VmMqX3qc
Puzzle = 7 DEC = 73 seed = SatoshiNakamotoPuzzle7 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU7fj3itoEY
Puzzle = 8 DEC = 148 seed = SatoshiNakamotoPuzzle8 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU8K5DxCiQf
Puzzle = 9 DEC = 306 seed = SatoshiNakamotoPuzzle9 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU9fkdRpSex
Puzzle = 10 DEC = 634 seed = SatoshiNakamotoPuzzle10 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFUCV5z2PfC3
*****
Puzzle = 66 DEC = 38508275138367239239 seed = SatoshiNakamotoPuzzle66 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qZWCKpZnZsCqVzc1f9vt
Puzzle = 67 DEC = 146233885779705721938 seed = SatoshiNakamotoPuzzle67 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qbeiYkkDLY2iKmA6JS3q
Puzzle = 68 DEC = 204291343762893348650 seed = SatoshiNakamotoPuzzle68 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qcopt3giY39KjX9pfekV
Puzzle = 69 DEC = 588454650131287819678 seed = SatoshiNakamotoPuzzle69 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qkTtFZibZ9tNE96yFsjS
Puzzle = 70 DEC = 826730197180747088722 seed = SatoshiNakamotoPuzzle70 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qqDJuNu7s3FZKtsk9Pn7
Puzzle = 71 DEC = 1833056699595944202074 seed = SatoshiNakamotoPuzzle71 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3rBGXpLd8yP9kGu7rqRvw
Puzzle = 2 DEC = 2 seed = SatoshiNakamotoPuzzle2 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU74NMTptX4
Puzzle = 3 DEC = 5 seed = SatoshiNakamotoPuzzle3 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU75s2EPgZf
Puzzle = 4 DEC = 11 seed = SatoshiNakamotoPuzzle4 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU78rNKwdiH
Puzzle = 5 DEC = 22 seed = SatoshiNakamotoPuzzle5 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU7EL1wKGDm
Puzzle = 6 DEC = 53 seed = SatoshiNakamotoPuzzle6 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU7VmMqX3qc
Puzzle = 7 DEC = 73 seed = SatoshiNakamotoPuzzle7 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU7fj3itoEY
Puzzle = 8 DEC = 148 seed = SatoshiNakamotoPuzzle8 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU8K5DxCiQf
Puzzle = 9 DEC = 306 seed = SatoshiNakamotoPuzzle9 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU9fkdRpSex
Puzzle = 10 DEC = 634 seed = SatoshiNakamotoPuzzle10 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFUCV5z2PfC3
*****
Puzzle = 66 DEC = 38508275138367239239 seed = SatoshiNakamotoPuzzle66 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qZWCKpZnZsCqVzc1f9vt
Puzzle = 67 DEC = 146233885779705721938 seed = SatoshiNakamotoPuzzle67 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qbeiYkkDLY2iKmA6JS3q
Puzzle = 68 DEC = 204291343762893348650 seed = SatoshiNakamotoPuzzle68 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qcopt3giY39KjX9pfekV
Puzzle = 69 DEC = 588454650131287819678 seed = SatoshiNakamotoPuzzle69 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qkTtFZibZ9tNE96yFsjS
Puzzle = 70 DEC = 826730197180747088722 seed = SatoshiNakamotoPuzzle70 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qqDJuNu7s3FZKtsk9Pn7
Puzzle = 71 DEC = 1833056699595944202074 seed = SatoshiNakamotoPuzzle71 wif = KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3rBGXpLd8yP9kGu7rqRvw
Ayo, there’s a pattern in the seed, but them keys and decimal numbers? Nah, they straight-up random.
But bruh, tryna find and reverse-engineer the seed? That’s impossible. You’d have an easier time brute-forcing private keys than crackin’ that seed, no cap.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
It’s mad hard to prove someone’s in the game. Unless they’re buggin’ and move all their BTC where there’s KYC. Like Binance or somethin’. Me? I’d probably use an atomic swap and Monero. But even if they catch a trace(where would I send it), they’d need a whole army to roll up there. A whole army. Maybe even a bunker buster. And even then, they risk startin’ WWIII with another country.
So, you got a whole strategy to move this crypto in phases, huh? Probably through Russia or China? And you cool with kissin’ 30% goodbye after all them moves?
You think I’m out here buyin’ a house, drivin’ a Lambo, and partyin’ on a rooftop in Dubai? All at once? No. I’d be movin’ like $700-$800 a month for the next 20 years. Small moves, Ellie. Small moves.
Re: Bitcoin puzzle transaction ~32 BTC prize to who solves it
If the creator did not legally relinquish ownership (e.g., via a smart contract or binding terms), brute-forcing the key might still be considered theft.
If the owner did not clearly relinquish ownership (e.g., by publishing a signed transaction or legal agreement), taking funds may be unlawful.
Intent: If the puzzle is structured as a brute-force attack rather than a solvable riddle, it could be argued that the creator is inducing illegal activity.
If the owner did not clearly relinquish ownership (e.g., by publishing a signed transaction or legal agreement), taking funds may be unlawful.
Intent: If the puzzle is structured as a brute-force attack rather than a solvable riddle, it could be argued that the creator is inducing illegal activity.
This is impossible to solve, man. Not sure what's the fuss about? You want to arrest the creator of this puzzle? Aren't you? Or the participants? Come on.
It’s mad hard to prove someone’s in the game. Unless they’re buggin’ and move all their BTC where there’s KYC. Like Binance or somethin’. Me? I’d probably use an atomic swap and Monero. But even if they catch a trace, they’d need a whole army to roll up here. A whole army. Maybe even a bunker buster. And even then, they risk startin’ World War III with another country.
Re: Mark1 - pollard rho implementation (38 minutes for 80 bits solving on CPU)
If this is IDLP you don't need to store full keys, just distance from base start. This alone saves up to 20 bytes. However this works only if the max distance is ensured to never be reached.
Also I'm willing to bet an arm and leg that mmap-ing the DP file will lose big time against an actual database file, when there are lots of DPs, since they'll be spread around the disk, I wonder what your OS will have to say about that, when seeking around and pages start to swap in and out (besides all running apps stalling due to low free memory)
But seems that there's some kind of competition on these forums on who can reinvent a rounder wheel.
You're right about the distance-only storage optimization for DLP.
This implementation isn’t mine. I’m just analyzing the code. I haven't even started it in my OS. This is all theoretical. If the original author wants to optimize further, they’d need to adopt delta encoding (storing walk distances, not full keys), replace mmap with a proper DB for large-scale DP storage, and tighten memory limits to avoid thrashing.
These changes require significant redesign. Until then, it’s stuck with these limitations.
Re: Mark1 - pollard rho implementation (38 minutes for 80 bits solving on CPU)
Can this be further optimized in terms of speed?
The current implementation is already highly optimized, so further gains would likely be in the 10-30% range rather than order-of-magnitude improvements. The most promising areas would be hash function optimization and fine-tuning batch sizes for specific hardware.
These batch sizes could be tuned based on:
CPU cache sizes (L1/L2/L3)
Available SIMD registers
Benchmark different sizes (256, 512, 1024)
Current DP Table Structure:
Code:
#pragma pack(push,1)
struct DPSlot{ fp_t fp; Scalar256 key; };
#pragma pack(pop)
static_assert(sizeof(DPSlot)==40);
struct DPSlot{ fp_t fp; Scalar256 key; };
#pragma pack(pop)
static_assert(sizeof(DPSlot)==40);
8 bytes for the fingerprint (fp_t)
32 bytes for the scalar key (Scalar256)
Total: 40 bytes per slot
Could potentially reduce to 32-bit with:
More frequent collisions (manageable)
Secondary verification when matches occur
Savings: 4 bytes per slot (10% reduction)