Bitcoin puzzle transaction ~32 BTC prize to who solves it

[Bastketsrus]

-snip-
Suggestions are always welcome.

The brute force way: Start @ ~607809 (multiplied the last known value by 1.7) convert to hex, create addresses, check if one address matches the next in turn.

What would be the best tool to attack this in a brute force way while we all think on something better or discover a easier way?

Some GPU bot would be the best to brute force it, like shorena was saying.

Need to code one, but I'm not in the mood now

Anyone out there doing it? Or maybe there is something existing?

I think the best existing tool currently is yours or otherwise private. I would think the best way would be to modify (ocl)vanitygen according to BurtW's suggestion. You would need to limit the random number generator to a certain amount of bits and keep the rest.

I agree, a GPU approach is likely the best option. Modifying something like oclvanitygen to limit the keyspace seems like the most practical path right now. There is no ready made public tool for this, so it would need some custom work. If anyone is already experimenting with it, I would be interested to hear how it’s going.

[Kermits Froggy]

So as I understand correctly it should create starting points sequentially this way:
200000000000000000
200000000000000001
200000000000000002
...

For a range [A, B] the fastest way to compute it entirely is starting from the middle of it and adding all the constant points (half of the range size), using the shared inverse to get each (left & right) points, and finally moving off to the next middle point of a new range (for example, but not necessarily, the immediate next range). Rinse and repeat as many times as needed.

So those starting points make no sense, but I'm not surprised that it's something ChatGPT would gladly suggest. They should all be middle points of distinct partitions inside some larger range (your target range). There are various valid options to make this choice, in such a way that the entire target range is covered efficiently, eventually.

I was more thinking about how to manage renting on various platforms and their API specificities, the renting latency, etc… I’m quite sure you’ve experienced that their API design / rate limiting gets annoying quite fast ? That’s what I was referring to.

Never needed more than 50 or so actual instances at once, so my only interaction with such APIs was a script that destroyed all instances automatically once they were no longer needed. I kinda hunted the cheapest bid rates manually, so yeah, I had to do some clicks once in a while. I'm sure the bidding can be automated as well, but it seems to be a big problem to find a lot of cheap computing power... and at the end of the day it all comes down to what budget is allocated.

Oh ok, I might have overestimated your automation then. I was running thousands for 67 and 68, so automation and finding the cheapest programatically made a lot of sense. If ever you need to do that, hit me up I’ll share what I learned the long (and mostly annoying) way.

You were renting 1000s of GPUs on what platforms? On vast or clore going beyond 200 GPUs will mess up our initial budget/estimation of $0.15/hr/5090 GPU. Any tips?

I have API integration for every provider out there.
Whenever something is within budget (I had a $/trillion threshold) - rent it.
I also have integration with direct SSH connection to farms for private deals.

For 67 / 68 it made a lot of sense.
It was barely break even for 69.
For 71 there’s no way it’s profitable, even with perfect code and lowest energy costs in the world.

Hey hello Bram. Yes, 71 is 4x costlier than 69 which is borderline breakeven.

Regarding private deals with GPU farms for a different task. I have sent a DM in Aug and can't send another DM now, can you please respond?

[LBX]

Guys
Whoever has the key starts with
1PWo3JeB9jrG
Can you send the keys via PM

[bibilgin]

Guys
Whoever has the key starts with
1PWo3JeB9jrG
Can you send the keys via PM

I gave him my Telegram contact address privately.

I haven't received a message yet.

I have a few questions, we would appreciate it if you could answer them.

- Who are you?

- You haven't been active on the forum for a long time, and suddenly you're asking, "Could you please give me the addresses of 1PWo3JeB9jrG... privately?"

- You haven't explained the importance, meaning, or what you would do with 1PWo3JeB9jrG...

It's very strange to ask for something for free.

[k2laci]

HONESTPOOL VS BTCPUZZLE or other alternatives ?

[realnewuser]

HONESTPOOL VS BTCPUZZLE or other alternatives ?

I use both. However, there's one major concern I have with btcpuzzle. They pick verification addresses randomly, which means they could all end up in the first half of the range. This actually happened to me: my software crashed halfway through, but since all the check-addresses had already been found, the pool marked the range as verified. This means at least one range in btcpuzzle remains unverified, and I suspect this has happened more than once. Honestpool handles this much better: their ranges are half the size and each is split into 5 segments, with a random check-address picked from each segment.

[kTimesG]

However, there's one major concern I have

So you don't have any issues at all if a random dude scans only up until whatever amount of proof keys are found, and potentially marks some whatever ranges as "scanned", no matter if the actual target key is really in that range? For only 5 proofs, on average you can only trust that around 83% of each range was actually completed (and 0% trust that the key wasn't actually found already)..

Worse yet: somebody knows all the required proofs keys beforehand, since they were chosen. This is like trying to prove to someone that you know the answer of a problem, because the problem was created out of the known answer.

A better system would be based on PoW where the results confirm with a very high accuracy that the supposedly claimed range was really scanned (for example: presenting keys of all found hashes that pass some on-the-fly bit mask checking). These cannot be spoofed due to the statistical guarantees of the uniform distribution. It's also faster to search for a single pattern instead of a dozen different hashes.

[realnewuser]

However, there's one major concern I have

So you don't have any issues at all if a random dude scans only up until whatever amount of proof keys are found, and potentially marks some whatever ranges as "scanned", no matter if the actual target key is really in that range? For only 5 proofs, on average you can only trust that around 83% of each range was actually completed (and 0% trust that the key wasn't actually found already)..

Worse yet: somebody knows all the required proofs keys beforehand, since they were chosen. This is like trying to prove to someone that you know the answer of a problem, because the problem was created out of the known answer.

A better system would be based on PoW where the results confirm with a very high accuracy that the supposedly claimed range was really scanned (for example: presenting keys of all found hashes that pass some on-the-fly bit mask checking). These cannot be spoofed due to the statistical guarantees of the uniform distribution. It's also faster to search for a single pattern instead of a dozen different hashes.

I’m just sharing a problem I personally encountered. I don’t know of any other pools with an open API. Among the available ones, Honestpool’s verification is better implemented than BTCPuzzle's. Most other pools are closed-source and untrustworthy. If you know of a better pool, please share that information with us. People simply don't have much of a choice: it’s either searching solo or taking a risk by joining a pool.

[analyticnomad]

However, there's one major concern I have

So you don't have any issues at all if a random dude scans only up until whatever amount of proof keys are found, and potentially marks some whatever ranges as "scanned", no matter if the actual target key is really in that range? For only 5 proofs, on average you can only trust that around 83% of each range was actually completed (and 0% trust that the key wasn't actually found already)..

Worse yet: somebody knows all the required proofs keys beforehand, since they were chosen. This is like trying to prove to someone that you know the answer of a problem, because the problem was created out of the known answer.

A better system would be based on PoW where the results confirm with a very high accuracy that the supposedly claimed range was really scanned (for example: presenting keys of all found hashes that pass some on-the-fly bit mask checking). These cannot be spoofed due to the statistical guarantees of the uniform distribution. It's also faster to search for a single pattern instead of a dozen different hashes.

I’m just sharing a problem I personally encountered. I don’t know of any other pools with an open API. Among the available ones, Honestpool’s verification is better implemented than BTCPuzzle's. Most other pools are closed-source and untrustworthy. If you know of a better pool, please share that information with us. People simply don't have much of a choice: it’s either searching solo or taking a risk by joining a pool.

Can't you just use whatever range they give you, then turn around scan it by yourself?

Why would you trust any of these guys?

[HoMLoL]

Worse yet: somebody knows all the required proofs keys beforehand, since they were chosen. This is like trying to prove to someone that you know the answer of a problem, because the problem was created out of the known answer.

Please note that verification addresses are generated on-the-fly when a user clicks the "Check" button or sends an API request. This is done to avoid putting a sudden heavy load on the database, allowing it to handle the load gradually.

If a check has already been initiated (via the button or by selecting a range via the API), the addresses generated during that initial instance are displayed.

For security and fairness reasons, I do not store the private keys for verification addresses until the range completion is confirmed. Initially, only the addresses are created and saved for future verification.

When private keys for the verification addresses are submitted, the server generates compressed addresses from them and compares these against the database. If all verification addresses match, the corresponding range is marked as verified.

Therefore, no one knows in advance which private keys correspond to the verification addresses. 

The screenshots show the database structure and how it is populated.

As you can see, private keys are only recorded for those ranges that have been submitted for verification and confirmed.

https://www.talkimg.com/images/2025/12/18/UtnU0a.png
https://www.talkimg.com/images/2025/12/18/UtnXMo.png
https://www.talkimg.com/images/2025/12/18/UtndJT.png

[bibilgin]

Guys
Whoever has the key starts with
1PWo3JeB9jrG
Can you send the keys via PM

I gave him my Telegram contact address privately.

I haven't received a message yet.

I have a few questions, we would appreciate it if you could answer them.

- Who are you?

- You haven't been active on the forum for a long time, and suddenly you're asking, "Could you please give me the addresses of 1PWo3JeB9jrG... privately?"

- You haven't explained the importance, meaning, or what you would do with 1PWo3JeB9jrG...

It's very strange to ask for something for free.

Friends.

LBX has proven himself to be an unreliable person.
https://ibb.co/JwHK8jPD
Telegram Name: satoru_007k

He has now blocked me and deleted all messages.

[LBX]

Guys
Whoever has the key starts with
1PWo3JeB9jrG
Can you send the keys via PM

I gave him my Telegram contact address privately.

I haven't received a message yet.

I have a few questions, we would appreciate it if you could answer them.

- Who are you?

- You haven't been active on the forum for a long time, and suddenly you're asking, "Could you please give me the addresses of 1PWo3JeB9jrG... privately?"

- You haven't explained the importance, meaning, or what you would do with 1PWo3JeB9jrG...

It's very strange to ask for something for free.

Friends.

LBX has proven himself to be an unreliable person.
https://ibb.co/JwHK8jPD
Telegram Name: satoru_007k

He has now blocked me and deleted all messages.

Are you stupid for posting my account here?
 I spoke to you respectfully on Telegram. I didn’t do anything to you. I said that if you wanted to share, you were welcome to; if not, that was completely fine too, and I thanked you. In the end, I told you I didn’t want anything from you, yet you sent me a long message trying to teach me a life lesson. So I deleted you and blocked you.

[bibilgin]

Are you stupid for posting my account here?
 I spoke to you respectfully on Telegram. I didn’t do anything to you. I said that if you wanted to share, you were welcome to; if not, that was completely fine too, and I thanked you. In the end, I told you I didn’t want anything from you, yet you sent me a long message trying to teach me a life lesson. So I deleted you and blocked you.

I hope you've learned your life lesson.

The reason I shared your Telegram username is to warn others to be careful about trust.

If you had ended the Telegram conversation politely, without being disrespectful or making empty promises, there would have been no problem.

But in psychology, there's a name for this: take what you want and disappear. (This is something people pay attention to on digital platforms.)

Note: Anyone who deletes all messages without saying anything is untrustworthy.

[LBX]

Are you stupid for posting my account here?
 I spoke to you respectfully on Telegram. I didn’t do anything to you. I said that if you wanted to share, you were welcome to; if not, that was completely fine too, and I thanked you. In the end, I told you I didn’t want anything from you, yet you sent me a long message trying to teach me a life lesson. So I deleted you and blocked you.

I hope you've learned your life lesson.

The reason I shared your Telegram username is to warn others to be careful about trust.

If you had ended the Telegram conversation politely, without being disrespectful or making empty promises, there would have been no problem.

But in psychology, there's a name for this: take what you want and disappear. (This is something people pay attention to on digital platforms.)

Note: Anyone who deletes all messages without saying anything is untrustworthy.

First of all, respect people. I did not publish your account like you did mine. If there is no agreement on anything, then let everything go. I was respectful with you.

If you wanted to sell something, you should have simply stated your price. If I agreed, I would buy from you; if I didn’t agree, I am not obligated to anything.

I only opened the door by saying that if you didn’t mind sharing a key, you were welcome to do so. I did not say that I wanted to buy from you. You could have simply said, “I don’t share keys,” and that would have been the end of it, or you could have said, “I will sell it to you for this price.” If I agreed, we could talk.

[bibilgin]

First of all, respect people. I did not publish your account like you did mine. If there is no agreement on anything, then let everything go. I was respectful with you.

If you wanted to sell something, you should have simply stated your price. If I agreed, I would buy from you; if I didn’t agree, I am not obligated to anything.

I only opened the door by saying that if you didn’t mind sharing a key, you were welcome to do so. I did not say that I wanted to buy from you. You could have simply said, “I don’t share keys,” and that would have been the end of it, or you could have said, “I will sell it to you for this price.” If I agreed, we could talk.

"If you don't mind sharing the key, you can do so."
You didn't say a sentence like that.

On the forum - 1PWo3JeB9jrG... will you give the keys?

On Telegram - 1PWo3JeB9jrG... will you share the keys with me?

I asked, "Can you give me something in return?"

I told you who you are, that I don't know you.

- You made empty promises, saying everyone would give something. "Everyone here can say they'll send a gift to the person who helps if they find the wallet."

I didn't ask you for anything, I wanted you to determine the value, the price. And you're telling me the price is empty. (Empty promises.)

Look, friend, maybe you wrote it wrong. Maybe you misunderstood.
But when you ask something from strangers, there's no obligation to give them MONEY. I've shared many things with friends I communicate with via Telegram. (Without receiving any MONEY in return.)
Making MONEY is really easy, but earning TRUST is very DIFFICULT. (Note this down as a life lesson.)


You provide information about the work you've done. You explain it. You can ask for help with what you need (wallet details, prefix, software, hardware information, etc.).

If the person helping you is satisfied, they will definitely help.

[kTimesG]

Please note that verification addresses are generated on-the-fly
Therefore, no one knows in advance which private keys correspond to the verification addresses.  

If they are generated on the fly, that means they are known in advance at some point in time, so this is contradictory to "no one knows in advance".

Even with the best intentions, this is simply a ticking bomb waiting to go kaboom one way or another. Because it doesn't really secure anything, as it lacks a trust basis.

If you're passing onto users the responsibility of having to trust your server's key generation process, secure RAM evacuation of secret material, and generally whether any keys are stored or not wherever, with or without anyone (including yours) being aware, or maybe making them deterministic in nature due to some bug or feature, then what can I say, except I'm not the one that needs any convincing.

Honestpool handles this much better: their ranges are half the size and each is split into 5 segments, with a random check-address picked from each segment.

If this is true it's even worse: only 50% of all ranges can be trusted to have been scanned, on average. Who's to stop anyone from sending the "scanned" report after finding every key from every segment (which, on average, is found after 50% of each segment is done).

[LBX]

First of all, respect people. I did not publish your account like you did mine. If there is no agreement on anything, then let everything go. I was respectful with you.

If you wanted to sell something, you should have simply stated your price. If I agreed, I would buy from you; if I didn’t agree, I am not obligated to anything.

I only opened the door by saying that if you didn’t mind sharing a key, you were welcome to do so. I did not say that I wanted to buy from you. You could have simply said, “I don’t share keys,” and that would have been the end of it, or you could have said, “I will sell it to you for this price.” If I agreed, we could talk.

"If you don't mind sharing the key, you can do so."
You didn't say a sentence like that.

On the forum - 1PWo3JeB9jrG... will you give the keys?

On Telegram - 1PWo3JeB9jrG... will you share the keys with me?

I asked, "Can you give me something in return?"

I told you who you are, that I don't know you.

- You made empty promises, saying everyone would give something. "Everyone here can say they'll send a gift to the person who helps if they find the wallet."

I didn't ask you for anything, I wanted you to determine the value, the price. And you're telling me the price is empty. (Empty promises.)

Look, friend, maybe you wrote it wrong. Maybe you misunderstood.
But when you ask something from strangers, there's no obligation to give them MONEY. I've shared many things with friends I communicate with via Telegram. (Without receiving any MONEY in return.)
Making MONEY is really easy, but earning TRUST is very DIFFICULT. (Note this down as a life lesson.)


You provide information about the work you've done. You explain it. You can ask for help with what you need (wallet details, prefix, software, hardware information, etc.).

If the person helping you is satisfied, they will definitely help.

​it is your absolute right not to share any of the keys, and you are free to do so. Why don't you understand that I respect your opinion? The reason I deleted the chat and blocked you is that you posted a lengthy and insulting article, behaving as if you were lecturing me. I didn't make any binding promises to you; I clearly told you that I would share the prize with you in good faith only if the key you sent was actually related to solving the puzzle

​Look what you've done! You posted my Telegram account here as if I'm a criminal and stole something from you. That is
completely unacceptable and inappropriate behavior

https://imgur.com/a/EsUyrQT


​"This message is via PM. I am being respectful and clear with you. I respect your preference to talk on Telegram, but I personally prefer using forum messages only when I need something

[bibilgin]

​it is your absolute right not to share any of the keys, and you are free to do so. Why don't you understand that I respect your opinion? The reason I deleted the chat and blocked you is that you posted a lengthy and insulting article, behaving as if you were lecturing me. I didn't make any binding promises to you; I clearly told you that I would share the prize with you in good faith only if the key you sent was actually related to solving the puzzle

​Look what you've done! You posted my Telegram account here as if I'm a criminal and stole something from you. That is
completely unacceptable and inappropriate behavior

https://imgur.com/a/EsUyrQT


​"This message is via PM. I am being respectful and clear with you. I respect your preference to talk on Telegram, but I personally prefer using forum messages only when I need something

The message I wrote to you on Telegram contained no insults whatsoever. I have recordings if you want. Do you want me to upload the pictures?

What angers me is that you deleted all the conversations and then blocked me just because I stated the truth.

I gave you an example on Telegram. "Can you give me $500?
- I don't know you.
- Why should I give you $500? (I don't know what you're going to do.)

Answer: I'm going to invest the $500, I'm going to start a business. If I make good money from the business, I'll give you $5000. (No information about the investment or business.)

Where is the appropriate behavior in this?

If you want, review the whole situation, then think about it and I want you to see your mistakes again.

I uploaded the picture, did you look at it carefully?
After you send a greeting to someone, you receive a greeting in return.

Then you chat.

When you say, "But 3.5 hours later, I went out, I had work to do," that's something insignificant. So asking for 1PWo3JeB9jrG... is not important to you. But your behavior is important."


I want to say this to everyone:
If you didn't do anything wrong, why did you delete all the conversations?

Anyway, I don't want to prolong this any further. Good luck to everyone.

[WanderingPhilospher]

Please note that verification addresses are generated on-the-fly
Therefore, no one knows in advance which private keys correspond to the verification addresses.  

If they are generated on the fly, that means they are known in advance at some point in time, so this is contradictory to "no one knows in advance".

Even with the best intentions, this is simply a ticking bomb waiting to go kaboom one way or another. Because it doesn't really secure anything, as it lacks a trust basis.

If you're passing onto users the responsibility of having to trust your server's key generation process, secure RAM evacuation of secret material, and generally whether any keys are stored or not wherever, with or without anyone (including yours) being aware, or maybe making them deterministic in nature due to some bug or feature, then what can I say, except I'm not the one that needs any convincing.

Honestpool handles this much better: their ranges are half the size and each is split into 5 segments, with a random check-address picked from each segment.

If this is true it's even worse: only 50% of all ranges can be trusted to have been scanned, on average. Who's to stop anyone from sending the "scanned" report after finding every key from every segment (which, on average, is found after 50% of each segment is done).

Some will just never get it lol.

Everyone wants or demands "open source" yada yada, but all open source pools, have weaknesses. You try and tell them, but all will say, "trust". But I am not trusting anything that can be manipulated by others, solo or shared. Imagine a pool spends years trying to find 71 only to realize the range it was in was searched within the first 4 months, but a bad actor just wanted to spoof the range and get more credit for the shared prize.

Even on my solo pool, ones I have built/setup for others, everything is encrypted; the ranges sent to the clients, the PoW addresses, everything. And when the PoW addresses and private keys are sent back to the server, they are encrypted. So no lone bad actor or a rented GPU's owner, can possibly sabotage the entire pool. Yes, someone could hack into the server and figure out the encrypted key, so you have to also have fail safes for that as well.

Bottom line, if a pool has open source code, I skip it. I can spoof any of the ones currently running and there are a lot more smarter people out there than me, and malicious.

[realnewuser]

Alright guys, I hear you and I understand the skepticism. Thank you for your remarks. I am well aware that these systems can be insecure and that a malicious actor could sabotage the operation. However, what is your advice for regular participants like myself who don't own a GPU farm? Solo searching equates to thousands of years of computation. A pool offers completely different odds—as long as there isn't a bad actor to spoil it. We are simply lottery participants