Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
A user under the nickname 83_5BTC, from whose address a record commission of $3.1 million was paid on November 23, said that he was the victim of a hacker.
According to him, the attacker stole more than 139 BTC ($5.2 million) from him, including transaction costs of 83.65 BTC ($3.1 million).
"I created a new cold wallet, transferred 139 BTC to it, and they were immediately transferred to another address. I can assume that someone ran the script on this wallet and that the script had a strange commission calculation, " the user said.
To prove his words, 83_5BTC signed a message from the specified bitcoin address: "@83_5BTC is the owner of funds that paid a high commission." The signature was verified by Mononaut, the developer of the Mempool tool.
"The signature is verified, @83_5BTC appears to actually control the key from which the 83.7 BTC fee was paid," he noted.
Casa co-founder and CTO Jameson Lopp also confirmed the signature.
However, since the wallet is compromised, this signature is highly likely to have been created by a hacker.
A member of the niftydev community stated that he knows the person behind the 83_5BTC account, and he is not an attacker.
Representatives of AntPool, who verified the transaction, did not comment on the situation.
According to Mononaut, the most likely reason for hacking was the low entropy of the victim's wallet, which made it vulnerable.
In this case, several attackers could compete for stealing funds and increase the commission in order to speed up the withdrawal of funds to their address, the expert added.
Mononaut also noted that the commission paid was exactly 60% of the total amount of 139.42 BTC stolen, and a potential hacker additionally stole 0.001 BTC from the same address, paying 0.0006 BTC as a commission.
"This, combined with the speed of theft, seems like reasonable evidence of an automated script being used by the attacker," he explained.
Recall that on September 10, the infrastructure blockchain company Paxos mistakenly paid 19.82 BTC ($510,750) as a commission to miners for transferring 0.074 BTC (~$1,800).
Representatives of F2Pool reported that after the necessary checks, they returned the company's bitcoins.
According to him, the attacker stole more than 139 BTC ($5.2 million) from him, including transaction costs of 83.65 BTC ($3.1 million).
"I created a new cold wallet, transferred 139 BTC to it, and they were immediately transferred to another address. I can assume that someone ran the script on this wallet and that the script had a strange commission calculation, " the user said.
To prove his words, 83_5BTC signed a message from the specified bitcoin address: "@83_5BTC is the owner of funds that paid a high commission." The signature was verified by Mononaut, the developer of the Mempool tool.
"The signature is verified, @83_5BTC appears to actually control the key from which the 83.7 BTC fee was paid," he noted.
Casa co-founder and CTO Jameson Lopp also confirmed the signature.
However, since the wallet is compromised, this signature is highly likely to have been created by a hacker.
A member of the niftydev community stated that he knows the person behind the 83_5BTC account, and he is not an attacker.
Representatives of AntPool, who verified the transaction, did not comment on the situation.
According to Mononaut, the most likely reason for hacking was the low entropy of the victim's wallet, which made it vulnerable.
In this case, several attackers could compete for stealing funds and increase the commission in order to speed up the withdrawal of funds to their address, the expert added.
Mononaut also noted that the commission paid was exactly 60% of the total amount of 139.42 BTC stolen, and a potential hacker additionally stole 0.001 BTC from the same address, paying 0.0006 BTC as a commission.
"This, combined with the speed of theft, seems like reasonable evidence of an automated script being used by the attacker," he explained.
Recall that on September 10, the infrastructure blockchain company Paxos mistakenly paid 19.82 BTC ($510,750) as a commission to miners for transferring 0.074 BTC (~$1,800).
Representatives of F2Pool reported that after the necessary checks, they returned the company's bitcoins.
