Bitcoin Bots Compete For Funds In Compromised Wallet Linked To Block Reward Identifier

A Bitcoin user lost funds after sending cryptocurrency to a compromised wallet that used a transaction identifier from a coinbase block reward as its private key.

The transaction identifier of the Coinbase from block 924,982 served as the private key for the wallet, creating a security vulnerability that triggered automated bot activity, according to cryptocurrency publication Protos.

The incident prompted automated computer programs connected to Bitcoin’s memory pool, or mempool, of pending transactions to compete for the funds. These bots automatically detect deposits into compromised wallets and broadcast replace-by-fee transactions to outbid competing programs’ fees to miners for withdrawal transactions.

In the reported instance, 0.84 BTC was sent and lost to an address with a non-random private key derived from a block’s coinbase identifier, according to blockchain data.

The automated systems employ replace-by-fee mechanisms to incrementally increase transaction fees in competition with other bots. In some cases, child transactions pay up to 99.9% of the transaction value in fees, according to observers monitoring such activity.

Private keys represent the most critical security element for protecting bitcoin holdings. When a private key is exposed or derived from common data patterns, theft typically occurs immediately, according to cryptocurrency security experts.

Many compromised wallets with non-random private keys utilize seed phrases with predictable patterns, including repeated words such as “password,” “bitcoin,” or “abandon,” according to security researchers. Any non-random pattern lacking true entropy can expose a private key and enable automated systems to drain deposits to the corresponding public key.

The incident demonstrates that non-randomness can extend beyond simple word patterns to include public information recorded on the Bitcoin ledger, such as transaction identifiers of block rewards. Failure to introduce mechanical entropy when generating private keys can enable brute-force attacks and compromise fund security, according to cryptography experts.

Hashing a private key via a transaction identifier does not provide sufficient entropy for secure private key storage, the incident illustrates. Miners and other mempool observers can monitor transaction identifiers for non-randomness and attempt to broadcast theft transactions using exposed private keys, according to blockchain security analysts.