Man who paid a record $3.1m in Bitcoin fees says he was hacked.

The user going by the handle 83_5BTC, from the адреса from which a record $3.1m fee was paid on November 23, says he has fallen victim to a hacker.

​​

It was my BTC that paid the high fee.

I created a new cold wallet, transferred 139BTC to it and it got transferred out to another wallet immediately. ?

I can only imagine that someone was running a script on that wallet and that the script had a weird fee calculation. ☹️

— Hackers_paid_83.5BTC_fee_with_my_money (@83_5BTC) November 24, 2023

According to him, the attacker stole more than 139 BTC ($5.2m), including transaction costs of 83.65 BTC ($3.1m).

«I created a new cold wallet, transferred 139 BTC to it, and they were immediately transferred to another address. I can only suppose that someone was running a script on that wallet and that the script had a strange fee calculation», the user said.

As proof of his words, 83_5BTC signed a message from the specified Bitcoin address: “@83_5BTC is the owner of the funds that paid the high fee”. The signature was verified by Mononaut, the developer of the Mempool tool.

The signature checks out, @83_5BTC apparently controls the key that paid that 83.7 BTC fee.

1/? https://t.co/vmZFn6sozN pic.twitter.com/rFcxmxOCwO

— mononaut (@mononautical) November 27, 2023

«The signature is verified; @83_5BTC apparently does control the key that paid the 83.7 BTC fee», the expert noted.

Co-founder of Casa and CTO Jameson Lopp also confirmed the signature.

Oops.
✅ signature verifiedhttps://t.co/a2Zt74RVf2 pic.twitter.com/NK8ZLS0O6S

— Jameson Lopp (@lopp) November 27, 2023

Nevertheless, because the wallet was compromised, the signature could very likely have been created by a hacker.

A member of the niftydev community said he knows the person behind the 83_5BTC account, and that he is not the attacker.

i know this guy: he started an anon account + is trying to get his bitcoins back after a wallet got hacked last week; if you know anyone at @AntPoolofficial etc retweets whatever appreciated https://t.co/ImpormWHWY

— niftydev (b/acc) (@niftynei) November 27, 2023

Representatives of AntPool, who verified the transaction, did not comment on the situation.

According to Mononaut, the most likely reason for the hack was the victim’s wallet’s low entropy, making it vulnerable.

In such a scenario, several attackers could vie to steal funds and raise the fee to speed withdrawals to their own address, the expert added.

Mononaut also noted that the paid fee was exactly 60% of the total stolen 139.42 BTC, and the potential hacker additionally withdrew 0.001 BTC from the same address, paying 0.0006 BTC in fees.

I just noticed that the ~83.7 BTC fee was exactly 60% of the stolen UTXO value.

(60% × 139.42495946 = 83.65497568)

And the attacker *also* swept a 100k sat UTXO from the same address, paying exactly 60k sats in fees https://t.co/b88xsi2iFk

— mononaut (@mononautical) November 27, 2023

«This, in combination with the speed of the theft, seems a reasonable demonstration of automated scripting by the attacker», the expert explained.

Earlier on September 10, the Rahos blockchain infrastructure company paid 19.82 BTC ($510,750) in fees to miners for transferring 0.074 BTC (~$1,800).

Representatives of F2Pool said that after the necessary checks returned to the company its bitcoins.