Bitcoin Forum

The alleged victim, @83_5BTC, revealed that after transferring 139 BTC to a new cold wallet, the funds were immediately swept to another wallet by the attackers. The transaction split the sum, sending 55.77 BTC to the hackers’ wallet, while the rest, a staggering 83.65 BTC, was paid as a transaction fee. This incident surpasses the previous high-fee record of 19.8 BTC.

Mononaut, the anonymous operator behind the mempool.space bitcoin explorer, weighed in on the incident. He suggested that “the most likely explanation is that the wallet was generated from bad entropy.” In layman’s terms, this means the wallet’s security was compromised due to weak randomization in its creation process. Mononaut’s insight provides a crucial understanding of the technical flaw that may have led to this unfortunate event. source  (https://news.bitcoin.com/bitcoin-user-alleges-hack-linked-to-erroneous-83-65-btc-fee-incident/)

Bad entropy has always cause hacks to large number of wallets, this is mostly because by users trying to randomly picking their own mnemonic words from the 2048 words, humanly selection are often not too strong randomization. Another cause of this problem is the use of online tools to generate one’s seed phrase which is said to use JavaScript instead of python. Sites like Ian Coleman’s use this JavaScript and that is why it is always best to use wallets like electrum or even bitcoin core to generate one’s seed.

Antpool In my opinion shouldn’t return the fee because that signing of message from that address doesn’t prove anything, it could be the hacker still playing his tricks.

Bottom line is one should stay from generating their own seed and also from using online tools for that. There is no reason to try and complicate things, keep it simple.

Good advice but I have to say that this kind of thing shouldn't happen again not because of unpreparedness but because the vulnerability has been resolved already, I don't think that's the only thing that we have to continue reasoning that we should be careful, there should be some level of competency on the developer side that's going to make us comfortable even if we aren't that careful with our stuff, I think that it's the best that people aren't worried about this in the future and at the same time prepared about their security. That's a sad reason as to why there's a new record for tx fee, and it's to speed up the transaction of the stolen bitcoins.

This is the classic example on how everyone should manage their wallet if they have huge amount on it. Perhaps he should used multi-sig, 2 out of 3 and it increases the security, requiring at least 2 co signers.

Unless, the hackers also got the other keys, which could be very difficult unless it's a physical attack or the 5 dollar wrench attack.

We already have:

 - Someone just paid 83BTC for transaction fee,  (https://bitcointalk.org/index.php?topic=5475177.msg63206835#msg63206835)
 - someone pays 83.65 $BTC ($3,136,058) in transaction fees, overpaying by 120,258 (https://bitcointalk.org/index.php?topic=5475287.0)
 - Or here: Is\will Bitcoin become unaffordable to use? (https://bitcointalk.org/index.php?topic=5475215.0)

There are enough discussions on this topic and there is no need to create more. You can continue the discussion there, but it is not the first time that a software bug has caused this, and it may not be the last.

When you consider what hackers can do to steal whatever they stole, it merely makes me assume that 139 bitcoins should have been transferred, but what went to the hacker's address was roughly 55.77 bitcoins, and the remainder went to transaction fees. Those miners are quite fortunate.

Is it feasible to retrieve the 83.65 bitcoins that went to the transaction fee? This case, as far as I know, is still being investigated. Because it is still unclear whether this is a hacking event or a money-laundering conspiracy.
https://en.coin-turk.com/bitcoin-user-claims-3-1-million-fee-was-a-hack-not-an-error/

There's no mistakes about why the fees are very high, the hackers knows that he needs to get it confirmed in a hurry and put it in a wallet that he has control before anyone understands what happen and he could have mixed it already.

So not sure if the miners are going to return it back or if they are involved in the hacking that's why the hackers incentives them with that huge fees.

At the end of the end, everyone should take lessons from the incident and really learn how to protect that kind of huge amount of BTC.

This discussion was raised by EL MOHA recently Here is the discussion link Someone just paid 83B
TC for transaction fee (https://bitcointalk.org/index.php?topic=5475177.0)

Hugeblack your first and third links redirect me to the same post pls review.

Leave the Developer competency aside if it is tested and bad move elsewhere you should be the sole protector of where you put your funds that’s where there options. A developer might be prioritizing something that makes his work easier just like this online tools using JavaScript maybe because it is faster on browser than python who knows. Same thing apply to bugs, once a wallet doesn’t fixes if you can move else where.


I don’t think the could have help a lot because probably the wallet owner might have use the same method to generate the mnemonic for other signers too which will still have low/weak entropy and can still be breached or hacked

The topic can be locked since it was found to already have been discussed , there's a button right at the down side of post button whereby you can see lock thread button there, this is very important to do because there's no need of making repeated topics that had been already discussed here before, the more it's been encouraged to make use of the search engine before making a thread to know if it has been discussed or not.

I copied the wrong link from the wrong quote. This is the link.
 - Or here: Is\will Bitcoin become unaffordable to use? (https://bitcointalk.org/index.php?topic=5475215.0)

In general, this topic has been discussed in more than 3 topics and dozens of responses, and there is no need to repeat IT again.
It is better to lock this topic.

I am pretty sure Op did not notice them maybe because he didn't use the search button properly besides he is a newbie and such mistakes are quite common

I lost some Bitcoin and ETH to scammers through iancoleman, I was till new and learning at the time and I did import my recovery seed into iancoleman because I need to get my hands on my private keys since the wallet I imported is a multi wallet.

I have gotten tired of all these hacks that I just give up on every crypto wallets out there except hardware wallets only, I like the part where to send any asset out you need your hardware wallet to confirm the transaction, so why should I keep using a software wallet especially the wallets that functions using the internet.

If you can keep your private keys offline then you are good but the chances of making mistakes is big, creating your crypto wallets offline and keeping it offline is the safest idea ever.

Well if this is related to a theft I don't know why they moved the other topic to beginners and help board. Now lets say 2 people have the private key, how can you prove you are the real owner? Because I can just fake a seed phrase that produces what ever key I want, and if you can reproduce the same result on a wallet to claim that you have used to generate the key, then there is no way to prove it.

Maybe if there was a different protocol in place to double sign a transaction to allow any transfer, like signing a transaction with another key produced by a different method, but all cryptographically valid.

bitcoin repo has tools folder with one that does exactly that. you do not need to install core