Bitcoin user claims to be victim of hack which led to record $3 million transaction fee

A Bitcoin BTC -0.56% user who claims to be the victim of the record-breaking $3 million transaction fee paid last week says they were hacked.

On Thursday, a Bitcoin user appeared to have accidentally paid an 83.65 BTC transaction fee — worth over $3.1 million. It set a new record in U.S. dollar terms for a single Bitcoin transaction, more than six times the previous record $500,000 fee paid in September.

On Friday, the self-proclaimed victim created a new X account under a handle similar to the fee amount paid, “@83_5BTC,” claiming it was their bitcoin used to pay the high fee. “I created a new cold wallet, transferred 139 BTC to it and it got transferred out to another wallet immediately,” 83_5BTC said. “I can only imagine that someone was running a script on that wallet and that the script had a weird fee calculation.”

The transaction paid the 83.65 BTC fee to transfer 55.77 BTC ($2.1 million). The pre-transaction balance was 139.42 BTC ($5.2 million). “55 BTC gone forever. 83.5 BTC to be decided,” 83_5BTC added.

Signature checks out

83_5BTC signed a message from the Bitcoin address in question saying, "@83_5BTC is the owner of the funds that paid the high fee." The signature was verified by Mononaut, the pseudonymous developer behind the Bitcoin explorer Mempool. “The signature checks out, @83_5BTC apparently controls the key that paid that 83.7 BTC fee,” Mononaut said today. Casa co-founder and CTO Jameson Lopp also verified the signature.

However, if the wallet is compromised, the message could have also been signed by an attacker, Mononaut added. The transaction was mined by AntPool in block 818,087, according to the blockchain explorer Blockchair. The previous record $500,000 fee paid in September was subsequently identified as a “fat finger” overpayment by the crypto services provider Paxos. F2Pool, the miner facilitating that transaction, agreed to reimburse that fee to Paxos. It is unclear whether AntPool would be willing to come to a similar agreement, but if it did, the Bitcoin mining pool would need another way to verify the victim’s identity.

Community member “niftydev” said they knew the person behind the 83_5BTC account and claimed they were the owner, not an attacker.

AntPool has not yet publicly commented on the transaction and did not return a request for comment from The Block.

Low-entropy wallet

According to Mononaut, the most likely cause was a low-entropy wallet, meaning it was created with insufficient randomness, making it vulnerable to hacking. The transaction was quickly fee-bumped using replace-by-fee (RBF) — a Bitcoin protocol feature that allows a sender to increase the transaction fee on an unconfirmed transaction, enabling it to be processed more quickly by the network. If it was indeed a low-entropy wallet, multiple attackers could have been competing to steal the funds, Mononaut suggested, explaining the high fee, with scripts configured to spend a significant proportion of the transaction to hinder competitors.

Mononaut later noted that the fee paid was exactly 60% of the total 139.42 BTC stolen, and the potential attacker also swept 0.001 BTC from the same address, paying 0.0006 BTC in fees. “This, combined with the speed of the theft, seems like reasonable evidence for an automated script set to pay a fixed 60% of the value in fees to steal coins sent to vulnerable addresses,” Mononaut said, with the 60% fee replacing an initial fee worth exactly 51% of the transaction which could have been from a different attacker or part of the same strategy.

“Let this be a reminder not to take shortcuts with your entropy, and ideally to use multisig for very large sums,” Mononaut added.