Satoshi’s Treasure hacker claims first keys to $1M Bitcoin prize in minutes

A million-dollar scavenger hunt for Bitcoin commenced just a few days ago, but it only took minutes for one ingenious hacker to complete the first stage without actually going anywhere.

Satoshi’s Treasure is an alternate reality game urging players to work together to find private keys hidden in real-world locations. Clues are distributed periodically via a newsletter.

Inspired by Ready Player One, the game features leaderboards to show which teams are closest to collecting the prize. There are 1,000 private key fragments in total, and the $1 million worth of Bitcoin BTC is unlocked once 400 have been found.

This is very cyberpunk-chic

The clues to the first three keys were distributed via Blockstream’s Bitcoin satellite on April 15. They were supposed to lead players to discover QR codes buried in locations around the world, like San Francisco, London, Uganda, China, and Australia.

Instead of globe-trotting, player John Cantrell finished the first challenge without going anywhere – by hacking it.

He even published his method on GitHub to prove his success. “Just wrote up an explanation of how I obtained the first three key shards in a few minutes today,” he said via Twitter.

Cantrell began by using a QR code found and uploaded by a fellow treasure hunter. As this was the first clue, it was relatively easy – scanning it would send the player to unlock the key with a passphrase included at the same location.

“Now, we were supposed to wait until April 17 to get clues from the other cities for keys #2 and #3, but that wouldn’t stop me from digging around with all the new information we had,” wrote Cantrell. “All that time ‘playing’ notpron years ago was going to help me here.”

The first key was basically a gift!

Cantrell then checked the source code of Satoshi Treasure sites, only to discover the shards for the next two keys were sitting in source code, albeit encrypted.

“After I saw this source code, I realized because the check for whether or not the passphrase was correct was done locally, I could brute force this using a dictionary attack,” he added. “I also assumed the passphrases for key #2 and key #3 would be English words.

A Ruby script was used to crack the encryption almost automatically, which revealed the words required to unlock the 2nd and 3rd keys a full day before the clues were scheduled to be released.

Dovey Won of Wheatpond, one of the firms behind Satoshi’s Treasure, wrote“Yup, this is intended so we can test the level of crazy smartness of internet people. The faster it gets solved, the quicker difficulty level will go up.”

For those keen to play in Satoshi’s Treasure but can’t be bothered to leave their rooms, you can read Cantrell’s full walkthrough here.

Did you know? Hard Fork has its own stage at TNW2019, our tech conference in Amsterdam. Check it out.

Published April 17, 2019 — 16:22 UTC

What do you think?

0 points
Upvote Downvote

iPhone 11 rumors: Price, specs, features and everything else we know – CNET

2020 Lincoln Corsair brings smart luxury design to New York – Roadshow

Back to Top
Close Add post

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website. %privacy_policy%

Hey Friend! Before You Go…

Get the best viral stories straight into your inbox before everyone else!

Don't worry, we don't spam