t

[ecdsa123]

[pooya87]

so : someone has cracked it :
Question 1: How and why it has been happen?

This is a very old puzzle where someone created a brainwallet using the phrase "bitcoin is awesome" and the private key of this address has been known for the past 10 years. If by "cracked it" you mean solved the brainwallet puzzle, then yes.
As for the Question, in later years others may have tried to have some fun with the existing puzzle by sending coins there and/or spend the coins in this known address with weird nonce values.

[pooya87]

yes, but I'm asking about not private key, but nonce used in transaction.
this is weird.

that nonce k is the same as message hash in first 16 bytes

It could be a lot of things, as I said it could be someone just having fun trolling others watching this puzzle key or it could be a broken code that someone was testing using this key maybe someone watching the key to steal the coins sent to it.

When generating k deterministically using RFC6979 you use the message digest (z) too. A broken implementation could have messed up and after computing the final HMAC copied the result in the second half of an output that had the original digest in its first half.

[pooya87]

The only way to check it is to find out who sent these and ask them how or why they did it like that. Everything else is just guesswork.

[NotATether]

is any way for check that:

"When generating k deterministically using RFC6979 you use the message digest (z) too. A broken implementation could have messed up and after computing the final HMAC copied the result in the second half of an output that had the original digest in its first half"

?

Depends heavily on the wallet software, so if you know which one sent the transaction, you can just go through the source code, or assembly if it's proprietary, and study the nonce implementation used there.

[ymgve2]

This is someone's broken deterministic nonce generation.

Small hint: What's the SHA256 hash of "bitcoin is awesome" which is the private key of the transaction?

[ymgve2]

You didn't understand.

Where do you think the last 16 bytes of the nonce comes from?

[ymgve2]

privkey is 23d4a09295be678b21a5f1dceae1f634a69c1b41775f680ebf8165266471401b

second part of nonce is 23d4a09295be678b21a5f1dceae1f634

[ymgve2]

It seems like some homebrew way of creating a (bad) deterministic nonce. It's too simple and clean to be just a coding mistake.

And it's bad because reusing part of the unhashed private keys and z means the nonce can now be expressed purely as a linear function of other parts of the signing process.