Japanese exchange DMM Bitcoin recently lost 4503 BTC, worth over $300m.

So what happened? Did North Korea hack their mainframe? Perhaps a team of elite thieves executed a series of elaborate heists to exfiltrate multisig keys from DMM's vaults?

Let's investigate... 🧵

https://twitter.com/nobsbitcoin/status/1796845620809887978

Here's the "theft" transaction. Note the output address, and the absurdly high fee of 0.1 BTC.

mempool.space/tx/975ec405ac9…

uh guys? seems to be driven by lots of transactions like this, committing to a large batch of inscriptions, but also creating a bunch of seemingly pointless 420-sat outputs.
mempool.space/tx/010b7b61208…

It looks like @AntPoolofficial finally noticed that 83.7 BTC fee sitting in their wallet.

antpool.com/newsDetail/457

https://twitter.com/mononautical/status/1727627818929094973

It's worth reiterating that this is a woefully inadequate way to verify the rightful owner of those coins.

Especially in light of the claims of a compromised wallet.

https://x.com/mononautical/status/1728946787539624017

The signature checks out, @83_5BTC apparently controls the key that paid that 83.7 BTC fee.

1/🧵

https://twitter.com/83_5BTC/status/1728873072349069352

2/ They say they sent the coins to a fresh cold wallet, which was instantly swept by a third party.

The attacker managed to steal almost 56 BTC while paying 83.7 in transaction fees.

So the victim lost not only the fee, but their entire 140 BTC stack 😭

https://x.com/83_5BTC/status/1727996658758058120

How does a lightning replacement cycling attack work?

There's a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.

So here's an illustrated primer...

🧵 1/n





2/ Imagine Bob is routing a lightning payment from Alice to Carol.

While in flight, the payment is protected by HTLC outputs in his pre-signed channel commitments with each peer.

🚨🚨🚨 BREAKING 🚨🚨🚨
The fat fingers belong to PayPal

https://twitter.com/mononautical/status/1700922069767114908

I had initially discounted that possibility, but after receiving a tip-off I took another look.

The overpaid fee came from a hot wallet reusing the address bc1qr3...zpw3, which started operating in June of this year.

a substack post going around at the moment claims that a single entity owns 64% of all inscriptions created since early March, paying an eye-watering 1056 BTC for the privilege

it's not true.

block21m.substack.com/p/most-bitcoin… I've seen a lot of takes already suggesting this sounds like market manipulation, money laundering, or a well-funded attack on Bitcoin by wealthy adversaries.

but the truth is much less exciting.

While everyone's distracted by jpegs, something else is burning blockspace and bloating the UTXO set.

Over the past month, it may have used up to 2% of block capacity, created 0.4% of the current UTXO set, and fueled the recent spike in P2TR outputs.

mempool.space/block/00000000… Each of the tiny transactions in that block spends a P2WSH input with a complex witness script.

It pays exactly 606 sats in fees, and creates a single P2TR output with a small round number of satoshis - usually 2500, 5000, or 10000.

mempool.space/tx/512e863a7b2…

I asked ChatGPT to take a 62-part political compass test.

here's the result. The AI had strong opinions on only 12 of the propositions. You could probably guess which.

E.g: on racial supremacy:

FTX's main known cold storage balance dropped from 20136 BTC down to zero today, in the first activity on that address since early 2021.

mempool.space/address/bc1qtw… Their hot wallet avoids address reuse, so it's tricky to estimate a balance, but tracing payouts on-chain suggests they might have about 12685 of that BTC remaining in hot addresses.