A Popular Bitcoin Puzzle Has Revealed an Even Larger Mystery

A Bitcoin puzzle from 2015 was recently used as the springboard to reveal what appears to be an automated Bitcoin siphon.

|
Dec 12 2017, 2:00pm

“The Mystery of Satoshi Nakamoto” puzzle behind the 1FLAMEN6 Bitcoin wallet. Image:  @coin_artist

In 2015, an artist who goes by @coin_artist on Twitter created a Bitcoin puzzle known as “The Legend of Satoshi Nakamoto.” According to its creator, the puzzle consists of a painting that holds the key to a wallet that contained 4.87 bitcoin (or about $50,000 at current prices). Since its creation, a community of Bitcoin puzzle enthusiasts have been anxiously watching the puzzle’s wallet—known as 1FLAMEN6—for signs of activity. At any moment, someone might solve the puzzle and claim the bitcoin.

On November 17, the wallet saw its first activity in over two years—but rather than emptying it, someone had deposited .125 bitcoin, bringing the wallet’s total to a neat 5 bitcoin. The deposit was an unexpected surprise for the puzzle’s creator—and the obsessive community dedicated to solving it—but the circumstances leading to the deposit pointed to a far larger mystery in the Bitcoin world: a network of linked, easily accessible wallets facilitating automatic bitcoin transactions.

According to the hacker who discovered them, these wallets could possibly be part of a Bitcoin siphon that has been stealing bitcoins from a wallet service or exchange for years, kind of like the code in the film Office Space that was supposed to skim fractions of pennies from transactions. On the other hand, it could be something much more innocuous, like a coding error.

“The 1FLAMEN6 bitcoin address is one of the most closely watched addresses in the bitcoin space,” @coin_artist told me in an email. “So when the coins came into 1FLAMEN6 and brought the balance from 4.87 to 5 BTC, it was an exciting day for many of us. And what has been brought before us in regards to this exploit appears to be a giant puzzle.”

Three days before the mysterious deposit to the 1FLAMEN6 wallet, a redditor called fitwear posted in the Bitcoin subreddit that their wallet had been hacked and nine bitcoins were stolen. Unbeknownst to fitwear at the time, approximately .125 bitcoins from their compromised wallet had been donated to the 1FLAMEN6 puzzle.

This only came to light in late November after a post on Pastebin by an anonymous white hat hacker detailed how the theft of the nine Bitcoin had transpired. In their recounting, the hacker laid out how the fitwear theft was really research into the existence of a massive and long-running scheme to steal bitcoins.

According to the anonymous hacker’s Pastebin post, for the last few months the hacker has been working on ways of automatically generating private keys to gain access to wallets just to see if it could be done. This was how the hacker gained access to fitwear’s wallet in the first place.

One way of generating a private key for a Bitcoin wallet involves running an easy-to-remember phrase through SHA256, a cryptographic hashing algorithm that converts that phrase into a string of seemingly random numbers and letters. Rather than trying to remember that string itself, the person only has to remember the phrase used to generate it if they ever lose their key. When this phrase is run through the SHA256 algorithm, it will produce the same hash and the private key can be recovered.

This convenience comes with a major cost to security. It is well known in the Bitcoin world that when phrases such as “Satoshi Nakamoto” or “these aren’t the droids you’re looking for” are run through the SHA256 algorithm, they produce private keys to wallets that once held Bitcoin in them.

The anonymous hacker wanted to know whether it was possible to automate the process of guessing the seed phrases for private keys to wallets. After scraping the entire Bitcoin blockchain for every public wallet address that had ever been used, the hacker used these public addresses as the input for the SHA256 algorithm to generate millions of private keys, on the off-chance that someone else was hashing existing wallets to create new ones.

Got a tip? You can contact this reporter securely on Signal at +19284875164, OTR chat at doberhaus@jabber.ccc.de , or email daniel.oberhaus@vice.com

As it turned out, dozens of the private keys generated this way did provide access to wallets that had once held bitcoin in them. The same held true for keys generated from iterations of some banal phrase—for example, running the word ‘receiver’ through the SHA256 algorithm, taking the output and then running it through the SHA256 again—as well as transaction IDs.

After everything was said and done, the hacker had generated the private keys to well over 100 Bitcoin wallets. Yet there was something odd about these wallets: small amounts of bitcoin were being transferred into these wallets at irregular intervals and then being transferred out within seconds or minutes in some cases. Moreover, many of these wallets were chained together in a way that suggested to the hacker that this was the work of a bot—the public addresses of some of the wallets were used as the seed for the private key of other wallets that the bitcoin was being transferred into.

The hacker behind the Pastebin post believes that wallet archipelago they stumbled upon may be an automated Bitcoin siphon hidden in the code of a wallet generator or exchange and has been siphoning off small amounts of Bitcoin from the service for years.

But it’s not a sure thing. As the hacker noted, these automated Bitcoin transactions could also be the result of some faulty code, or perhaps a puzzle that was meant to be discovered.

Unfortunately, the truth to this mystery will probably never be known. According to @coin_artist, the reason the hacker deposited bitcoin into 1FLAMEN6 was to draw attention to the mystery because they knew it was being watched by a group of puzzle enthusiasts.

“It was a brilliant move to send a small amount of coin to the address to pique attention—the audience watching that address are brilliant hacker types, cryptographic puzzle solvers,” @coin_artist told me in an email. “And what has been brought before us in regards to this exploit appears to be a giant puzzle. I can’t think of a more talented group to help solve the riddle.”

Read More: The Mystery Behind the Largest Bitcoin Transaction Ever Made

After the hacker returned the nine bitcoin he had stolen from fitwear, the hacker reached out to blockchain.info with this information. (Fitwear allowed 1FLAMEN6 to keep the .125 bitcoin deposited to the puzzle wallet as a thanks for helping recover their nine bitcoin). According to Reddit DMs seen by Motherboard, fitwear relayed a message from the hacker to @coin_artist that explained that the hacker had only stolen the nine bitcoin to prevent whoever was running the bots from swiping them first.

According to a statement published by blockchain.info, of the 128 addresses provided to them by the anonymous hacker, none of them were linked to their service. As for fitwear, the reason their wallet had been vulnerable to the hacker’s bot was because he had generated it by running their public wallet address through SHA256 before importing that wallet into blockchain.info.

After everything was said and done, two mysteries remain: the solution to the 1FLAMEN6 puzzle, and the source of all the mysterious bitcoin transactions uncovered by the anonymous hacker. The one thing that’s known for sure, however, is that if you use an easy-to-remember seed for generating a wallet’s private key, it’s probably easy for a bot to guess, too.

“I think that people are quite clever and that there is a total possibility that something malicious is happening here,” @coin_artist said. “Designing a system where discoverable keys are generated and then monitored/harvested by a script is completely feasible. Take a minute and verify that your personal private keys are secure.”