Bitcoin puzzle transaction ~32 BTC prize to who solves it

[kTimesG]

Not sure what's the fuss about.

So you’re dead certain that you or no one else is gonna get nicked for this? Bruteforcing a private key’s just some basic shit, is it? I’m proper baffled, mate. Especially knowing the feds are all over us.

Of course I'm not, the creator may rightfully claim the funds.

Other individuals: not so much. While in the mempool, the order of TXs cannot be established, that is all I am saying. For example, a node can simply set a replacement's TX "first seen" tag to BEFORE the original transaction, making it thus the "initial transaction".

[Benjade]

“Unauthorized access” only occurs when you defeat a safeguard without the owner’s permission.
The puzzle creator has already said “first to crack the key keeps the coins,” which is explicit consent, exactly like a bug-bounty program inviting you to hack their test server. Contract law treats that as a unilateral offer: perform the task, keep the reward. Once consent is public, brute-forcing the key is neither theft nor computer misuse, because the owner has waived exclusivity and the only “system” you touch is the open blockchain.

Here:
Computer Fraud and Abuse Act — 18 U.S.C. § 1030(a): every CFAA offense hinges on accessing a computer “without authorization” or “exceeding authorized access.” If the owner invites you to try, that element is missing. https://www.law.cornell.edu/uscode/text/18/1030

And there:
DOJ charging policy for the CFAA (19 May 2022): prosecutors are told not to bring charges for “good-faith security research” when the owner has authorized the activity. https://www.justice.gov/archives/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act

The puzzle creator’s public statement might imply consent, but unless it’s a legally binding contract (with clear terms, jurisdiction, and revocation mechanisms), authorities could still argue the method of access (e.g., brute-forcing) violates computer crime statutes. Courts often interpret “authorization” narrowly, e.g., Van Buren v. United States (2021) highlighted ambiguities in what exceeds "authorized access."

While the DOJ’s 2022 policy discourages charges for "good-faith security research," brute-forcing a private key lacks the same recognized public benefit as vulnerability disclosure. The policy also explicitly excludes "malicious" acts, and prosecutors might view unsanctioned access to funds (even via puzzles) as financially motivated rather than research.

Even if CFAA liability is avoided, criminal theft laws (e.g., state statutes) could apply. Most jurisdictions require explicit, lawful transfer of property. Cracking a key isn’t a traditional legal mechanism. The creator’s intent might not override statutory definitions of theft or fraud.

Unlike a test server in a bug bounty, the blockchain is a public ledger; the "system" accessed is the network itself. If the wallet’s security relies on cryptographic safeguards, bypassing them could be argued as circumventing a "technological barrier" under laws like the DMCA §1201 (though this is untested for puzzles).

Think about it for 2 seconds, these are addresses whose private keys are very limited in their range and created specifically to make them easier to find. What don't you understand about the law? It's written in black and white.

I have thought about it. And as someone who works in cybercrime investigations, I can tell you the law isn’t as binary as "the creator said it’s okay, so it’s legal." The law is written in black and white, but the words say "authorization," not "vibes." Unless the creator formalized this as a binding offer (a smart contract with explicit terms), you’re relying on not getting caught, not legal immunity.

Brute-forcing a key isn’t a recognized legal mechanism.

The creator’s intent might be clear to you, but courts need evidence of a valid contract or gift. If the private key is hidden within a puzzle or image (steganography, riddles, or cryptographic clues) and publicly posted (like GSMG.IO puzzle) by the owner, that’s fundamentally different from brute-forcing under the law.
Puzzle-solving = The owner deliberately encodes the key and invites solvers to extract it. This is closer to a unilateral contract ("Solve this, claim the prize").

If a company posts a puzzle on its website, that’s strong evidence of consent. Courts recognize "invited access". Brute-forcing lacks this clarity. Even weak keys don’t prove the owner authorized all methods of access.

Again you’re mixing up a legal debate with the plain technical meaning of “brute-force.” In crypto, a brute-force attack is simply trying every possible key until one works, full stop. People have been invited to do exactly that for decades. RSA-129’s 129-digit ciphertext was cracked in 1994 by hundreds of volunteers who exhaustively searched the key space; the judges didn’t ask for a “binding offer,” they sent a congratulatory letter when the key fell after eight months of grinding CPUs. https://seclists.org/interesting-people/1994/May/42

A few years later, distributed.net tore through the RC5-56 challenge in 250 days, publicly billing the effort as “brute-forcing the entire keyspace” and collecting RSA’s prize with no courtroom drama attached. https://en.wikipedia.org/wiki/Distributed.net

Exactly the same thing happens with the Bitcoin puzzle series: the author publishes addresses whose private keys are missing n bits and dares anyone to brute-force the rest. Puzzle #66, holding 6.6 BTC, was solved nine months ago when someone enumerated the remaining 66 bits, textbook brute-force and nobody questioned the solver’s right to sweep the coins. https://www.linkedin.com/posts/thomas-wiesner_bitcoin-crypto-puzzle-activity-7241496381549404160-XQXG

So yes, courts decide authorization, but in these cases the authorization is the public challenge itself. Calling that process anything other than “brute-forcing” doesn’t make you sound legal-savvy, it just shows you’ve skipped the last thirty years of cryptography history.

So, if you work in cybercrime investigation, I'm the queen of England.

[kTimesG]

Mempool bot competition #2:

Address: 12B2uyEpoRsLDmJDLHJK5n4LeG946XtqM2
Puzzle 75 address space.
30 usd price.
Public key will be exposed tomorrow 27 June 2025 between 13.00 and 14.00 UTC.
Every participant BTC address which will be visible at least once in mempool RBF timeline will get 10 usd in BTC.

Thanks.

Seems I got it first.

[Benjade]

Not sure what's the fuss about.

So you’re dead certain that you or no one else is gonna get nicked for this? Bruteforcing a private key’s just some basic shit, is it? I’m proper baffled, mate. Especially knowing the feds are all over us.

Of course I'm not, the creator may rightfully claim the funds.

Other individuals: not so much. While in the mempool, the order of TXs cannot be established, that is all I am saying. For example, a node can simply set a replacement's TX "first seen" tag to BEFORE the original transaction, making it thus the "initial transaction".

That’s not how the mempool works. “First-seen” timestamps are local-only; they never leave the node, so you can’t fake one to make a replacement look like the original. A transaction can bump another only by spending the same inputs and paying a higher fee, that’s BIP-125, full stop. Why is everyone in this thread repeating myths instead of checking the actual spec?

[onepuzzle]

I won and you lose @kTimesG. Don’t cry 😛. But somehow the rich just get richer—like at work, mmm.

As a reward, I’ll buy myself a piece of gum.

[kTimesG]

That’s not how the mempool works. “First-seen” timestamps are local-only;

Nobody cares how the mempool works because it's not part of the blockchain consensus, it is not a global entity, and first seen timestamps have zero relevance. More over, they depend on the system clock, which may be off, on the network latency (a node may have been offline) and so on,

Not sure what the hell you're trying to say, honestly. I already explained why it is implausible to convince anyone that some TX was broadcasted before some other TX, because the fee-rate is not an indicator of chronology, but of mining priority.

I won and you lose @kTimesG. Don’t cry 😛. But somehow the rich just get richer—like at work, mmm.

As a reward, I’ll buy myself a piece of gum.

Not sure what you mean there. My address was the first one. I didn't bother with continuing raising fees unless there was some other newer TX. My latest replacement lasted 6 minutes.

So what did you win?

[3dmlib]

17tEfExZjJAUaaxFLT4FBzZ1Z3irB3BXB3
1Ph5YCaoXC3QHgHpMQph7oCQt2LJXdtQGA
1H4VB6pf82DxGb7w5Cgb6JZEB8MbtVcZUK
1HQuc7wK2LwQAwSXbiHqfbAHcLZfkrEPNP
12xRP9c7eeVvSiSJoCCtyQKoxoihYycrGx
1M6srxu5dVNA71K7EXbxMsyuK6hKbWNVnT

Does I forgot someone?

[kTimesG]

17tEfExZjJAUaaxFLT4FBzZ1Z3irB3BXB3
1Ph5YCaoXC3QHgHpMQph7oCQt2LJXdtQGA
1H4VB6pf82DxGb7w5Cgb6JZEB8MbtVcZUK
1HQuc7wK2LwQAwSXbiHqfbAHcLZfkrEPNP
12xRP9c7eeVvSiSJoCCtyQKoxoihYycrGx
1M6srxu5dVNA71K7EXbxMsyuK6hKbWNVnT

Does I forgot someone?

Yes. But it's not your fault, so those are fine for me.

I had 12 successfull push replacements in total, but many of them went to nodes that weren't up to date with the latest TXs, so they were eventually refused by mempool.space.

[3dmlib]

I think won who's txs was more time in the queue. He have best chance be mined on block mined. So, I won

[3dmlib]

I had 12 successfull push replacements in total, but many of them went to nodes that weren't up to date with the latest TXs, so they were eventually refused by mempool.space.

Is it possible to view entire RBF timeline somehow?

[kTimesG]

I had 12 successfull push replacements in total, but many of them went to nodes that weren't up to date with the latest TXs, so they were eventually refused by mempool.space.

Is it possible to view entire RBF timeline somehow?

You'd have to ask every node to give you a list of their mempool history.

Anyway, thx for the experiment. I got my TXs sit there for 15 minutes in total.

[3dmlib]

Anyway, thx for the experiment. I got my TXs sit there for 15 minutes in total.

You're welcome. I was adjusting my bot between 4.92 and 6.00. Then my ...axla address crushes you

[onepuzzle]

I had 12 successfull push replacements in total, but many of them went to nodes that weren't up to date with the latest TXs, so they were eventually refused by mempool.space.

Is it possible to view entire RBF timeline somehow?

You'd have to ask every node to give you a list of their mempool history.

Anyway, thx for the experiment. I got my TXs sit there for 15 minutes in total.

@3dmlib Thanks from my side too. It was fun. Who actually stole 69?

[Akito S. M. Hosana]

Who actually stole 69?

Do you really think anyone’s gonna confess? Look at ‘em. Everyone’s dead silent, like they got drowned out or somethin’. 

[MrGPBit]

@3dmlib Thanks from my side too. It was fun. Who actually stole 69?

The unknown He has now bought a house and drives a Lamborghini and is on holiday in Dubai

[onepuzzle]

Who actually stole 69?

Do you really think anyone’s gonna confess? Look at ‘em. Everyone’s dead silent, like they got drowned out or somethin’. 

I think that either kTimesG or nomachine stole it. By the way, having $750 k still isn’t enough to be financially independent—maybe that was true 15 years ago. Check out @RetiredCoder: he battled a puzzle for a year and hasn’t spent any of his winnings. Is he stingy, already rich, or just waiting for Bitcoin to hit $1 million? Sorry, I got off-topic. I wouldn’t use Electrum anymore. I’ll soon release a script that lets you generate raw transactions really quickly.

[kTimesG]

Who actually stole 69?

Do you really think anyone’s gonna confess? Look at ‘em. Everyone’s dead silent, like they got drowned out or somethin’. 

I think that either kTimesG or nomachine stole it. By the way, having $750 k still isn’t enough to be financially independent—maybe that was true 15 years ago. Check out @RetiredCoder: he battled a puzzle for a year and hasn’t spent any of his winnings. Is he stingy, already rich, or just waiting for Bitcoin to hit $1 million? Sorry, I got off-topic. I wouldn’t use Electrum anymore. I’ll soon release a script that lets you generate raw transactions really quickly.

You're forgetting the gurus: albert0bsd, WanderingPhilospher, and others. Yes, my bot was running when 69 got sniped, but it had a bug and it never managed to reach the gigantic existing fee before the TX got mined.

Otherwise, I was even in front of the computer when that shit happened, so I witnessed the logs 5 minutes after the block was mined, while tabbing through windows. But since I never imagined that 69 would ever go through the mempool, after tons of existing advices on why it should never be done, I gracefully simply fixed the bug and restarted the service.

[3dmlib]

Yes, my bot was running when 69 got sniped, but it had a bug and it never managed to reach the gigantic existing fee before the TX got mined.

Otherwise, I was even in front of the computer when that shit happened

This is exactly what happened with me also on 69. Tried to fix it in real-time, but didn't have time.
Don't wanna this again on 71-84

[onepuzzle]

Hey everyone! 🚀

I just pushed my open-source puzzle tool to GitHub:  
https://github.com/onepuzzle/btc-transaction

Fully transparent and virus-free (no shady Electrum hacks here)!

If I ever crack a puzzle myself, you’ll get your fair share. But don’t forget: I’ve got a Lambo to buy and some chill time in Dubai on my mind! 😎

Yes, my bot was running when 69 got sniped, but it had a bug and it never managed to reach the gigantic existing fee before the TX got mined.

Otherwise, I was even in front of the computer when that shit happened

This is exactly what happened with me also on 69. Tried to fix it in real-time, but didn't have time.
Don't wanna this again on 71-84

you guys failed at stealing. I’m sorry about that. 😏

[kTimesG]

you guys failed at stealing. I’m sorry about that. 😏

The only failure was exposing public key of a known UTXO address.

Since the public key might as well have been obtained from an already replaced TX, instead of the first one, it's a very weak argument to call it "stealing".Public keys can't be stolen, as they are, as they are called, public information, meant to be known to everyone.

From a solver's perspective, it's just having the additional information (the public key, not the private key). So there is an actual solving effort being done, which is the objective of the puzzle.

Like today's experiment shown, a lot of TXs can simply never make it to a mempool history service, such as mempool.space. Hence, there may always exist a very simple scenario, which nobody mentions:

The first solver's TX may not even make it to mempool.space, because it can very well first be seen by some other node, observed by somebody, replaced, and broadcasted again before the original TX makes it to mempool.space - making the initial TX inexistent in history, as it will be refused when relayed back from the original node (if that even reaches the point of happening).