Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
mononaut Profile picture
@mononautical
Nov 27 8 tweets 3 min read Twitter logo Read on Twitter
The signature checks out, @83_5BTC apparently controls the key that paid that 83.7 BTC fee.

1/🧵
Image
2/ They say they sent the coins to a fresh cold wallet, which was instantly swept by a third party.

The attacker managed to steal almost 56 BTC while paying 83.7 in transaction fees.

So the victim lost not only the fee, but their entire 140 BTC stack 😭

3/ The most likely explanation is that the wallet was generated from bad entropy - perhaps a brainwallet, or too few dice rolls/coin flips, or an insecure PRNG.

Let this be a reminder not to take shortcuts with your entropy, and ideally to use multisig for very large sums.
4/ It's unclear why the transaction was quickly fee-bumped using RBF.

If it was a low-entropy wallet, perhaps multiple attackers were competing to steal the funds?

5/ This might also explain the initial high fee.

It could make sense for automated low-entropy wallet sweeping scripts to be configured to spend a high percentage of the value in fees to hinder competitors (or victims) trying to broadcast replacements.
6/ Since the wallet is compromised, this message could have been signed by either the victim or attacker (or anyone else who brute-forced the bad entropy).

If @AntPoolofficial returns the fee, they'll need another way to verify the victim's identity.

7/ Should @AntPoolofficial return the stolen coins?
@AntPoolofficial

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with mononaut

mononaut Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mononautical

mononaut Profile picture
Oct 21
How does a lightning replacement cycling attack work?

There's a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.

So here's an illustrated primer...

🧵 1/n


Image
Image
Image
Image
2/ Imagine Bob is routing a lightning payment from Alice to Carol.

While in flight, the payment is protected by HTLC outputs in his pre-signed channel commitments with each peer. Image
3/ An HTLC (Hash/Time Lock Contract) is a conditional payment from sender to receiver.

It can be spent immediately by the receiver by revealing the preimage to a hash H, or reclaimed by the sender after some timeout.

Check out a real HTLC spend here: mempool.space/tx/4ec0f703e08…
Image
Read 20 tweets
mononaut Profile picture
Sep 13
🚨🚨🚨 BREAKING 🚨🚨🚨
The fat fingers belong to PayPal
I had initially discounted that possibility, but after receiving a tip-off I took another look.

The overpaid fee came from a hot wallet reusing the address bc1qr3...zpw3, which started operating in June of this year. Image
The on-chain activity is consistent with automated processing of fiat-denominated withdrawals, and also closely matches the behavior of a now inactive wallet bc1qhs...kx4n, which is labelled as PayPal on .

oxt.me
oxt.me/address/bc1qhs…
Image
Read 8 tweets
mononaut Profile picture
May 30
a substack post going around at the moment claims that a single entity owns 64% of all inscriptions created since early March, paying an eye-watering 1056 BTC for the privilege

it's not true.

block21m.substack.com/p/most-bitcoin… Image
I've seen a lot of takes already suggesting this sounds like market manipulation, money laundering, or a well-funded attack on Bitcoin by wealthy adversaries.

but the truth is much less exciting.
inscriptions are created with a two-phase commit/reveal process.

first, a taproot output is created which commits to the inscription data and a public key. Image
Read 8 tweets
mononaut Profile picture
Feb 4
While everyone's distracted by jpegs, something else is burning blockspace and bloating the UTXO set.

Over the past month, it may have used up to 2% of block capacity, created 0.4% of the current UTXO set, and fueled the recent spike in P2TR outputs.

mempool.space/block/00000000…
Each of the tiny transactions in that block spends a P2WSH input with a complex witness script.

It pays exactly 606 sats in fees, and creates a single P2TR output with a small round number of satoshis - usually 2500, 5000, or 10000.

mempool.space/tx/512e863a7b2…
The P2WSH inputs are peeled off one by one in precise amounts in long chains of apparently pointless transactions.
Read 9 tweets
mononaut Profile picture
Dec 4, 2022
I asked ChatGPT to take a 62-part political compass test.

here's the result.
The AI had strong opinions on only 12 of the propositions. You could probably guess which.

E.g: on racial supremacy:
on abortion
Read 11 tweets
mononaut Profile picture
Nov 7, 2022
FTX's main known cold storage balance dropped from 20136 BTC down to zero today, in the first activity on that address since early 2021.

mempool.space/address/bc1qtw…
Their hot wallet avoids address reuse, so it's tricky to estimate a balance, but tracing payouts on-chain suggests they might have about 12685 of that BTC remaining in hot addresses.
Withdrawals were processed in peel-chains of only 30 batched payouts at a time, which might genuinely explain throughput issues.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(