UPDATE: November 30
Antpool said in a statement on November 30 that it would refund the transaction fees but asked the private key holder of the reportedly compromised address to sign a message for verification.
It appears that the unusually high transaction fee of 83.6 BTC last week on bitcoin’s network was not the result of a fat finger error after all.
A self-claimed victim, identified as @83_5BTC on X, has come forward alleging that hackers stole 139 BTC from him or her. According to @83_5BTC, the hackers initiated a transaction last week, resulting in 83.6 BTC being used as transaction fees, while the remaining 55.77 BTC was taken away.
As previously reported, someone sent a bitcoin transaction on Nov. 23 for 55.77 BTC with another 83.6 BTC as transaction fees, marking the largest fee for a single transaction in bitcoin’s history. The transaction was confirmed in bitcoin block 818,087, mined by Antpool. The fee of 83.6 BTC alone is worth $3.1 million based on bitcoin’s current prices.
@83_5BTC claimed to have initially created a new cold wallet and transferred 139 BTC to it, but said the entire amount “got transferred out to another wallet immediately,” adding:
“I can only imagine that someone was running a script on that [cold] wallet and that the script had a weird fee calculation.”
Mononaut, the anonymous operator behind the Mempool Space bitcoin explorer, suggested that “the most likely explanation is that the wallet was generated from bad entropy.” Entropy, in this context, refers to a random number generated from a wallet to create the basis for the wallet’s recovery phrases.
“It’s unclear why the transaction was quickly fee-bumped using RBF [replace-by-fee]. If it was a low-entropy wallet, perhaps multiple attackers were competing to steal the funds?” said Mononaut. “This might also explain the initial high fee. It could make sense for automated low-entropy wallet sweeping scripts to be configured to spend a high percentage of the value in fees to hinder competitors (or victims) trying to broadcast replacements.”
In a subsequent post on X, @83_5BTC shared a signed message in an attempt to prove ownership of the address that sent out the 83.6 BTC in fees.
Mononaut verified the message, confirming that the X account @83_5BTC does control the address in question. However, Mononaut said that since the address was already compromised, the message could have been signed by either the real victim or the alleged hacker, adding:
“If Antpool returns the fee, they’ll need another way to verify the victim’s identity.”
As of the past few days, Antpool has not issued any comments regarding the potential return of the transaction fees or if the fees have already been distributed to its miner customers.”