Cash and Grab
As news.Bitcoin.com revealed yesterday, hundreds of bitcoin cash are stuck in segwit addresses after individuals mistakenly sent them there. Well, as of today that cash is no longer stuck. Someone has siphoned the lot and those coins now reside in a single address whose contents are worth over $600k. Explaining how they achieved this is complicated; explaining why is much simpler.
It was Antoine Le Calvez, a data researcher at p2sh.info, who discovered the feat, tweeting:
The likeliest reason for anyone going to the effort of retrieving a bunch of mis-sent bitcoin cash transactions is personal profit. If a recent Reddit post is correct, however, the entity appears to have performed the operation for altruistic reasons and is willing to negotiate with the original senders to return their funds. This may seem unlikely, but it is worth noting that mining pool BTC.com previously did just that for 100 BCH that had befallen the same fate. The poster, going under the name bchsegwitrecover, writes:
I have taken all of these coins to help those that have mistakenly sent BCH to segwit addresses. If you mistakenly sent BCH to a segwit address, send me a PM or send an email to firstname.lastname@example.org. Be sure to include the segwit address you are trying to recover coins from.
There’s a condition attached however – claimants will need to pay a bounty of 30%. As the poster explains, “Recovery requests will be processed manually and the transactions will be done daily. However I am only human and this may take a long time to do.”
Whoever scooped up the BCH floundering in segwit addresses has certainly done a comprehensive job: in addition to recovering one transaction of 33 BCH worth $41,000, they went to the trouble of hoovering-up all the shrapnel, including numerous transactions worth mere cents.
How Did This Happen?
Recovering bitcoin cash sent to a segwit bitcoin address isn’t easy, but it’s doable. With enough of an incentive – say $600,000 – someone was bound to step up and give it a go. Pulling off the feat calls for a two-part process, the first of which involves obtaining the scriptSig from the BTC addresses the BCH was sent to.
Get the scriptSig and you can spend the output from the P2SH-P2WPKH segwit address. Apply a particular hash, add in a network byte and checksum, convert the figure into Base58 format and – boom – you’ve got your scriptSig. Whoever recovered the $600k of BCH likely ran a script to automate the process for all 399 segwit addresses that were holding bitcoin cash. Those funds, all 493.5 BCH of them, now reside in this address.
The second stage of the process would have been to mine these transactions but without broadcasting them to the rest of the network. It is safe to assume that the person who obtained the scriptSig data also mined the transactions, either via a BCH solo rig, or potentially through one of the more shadowy BCH pools whose identity is unknown.
The transaction miner chose not to identify themselves.
And that’s how you exfiltrate $600,000 of cryptocurrency in one fell swoop. If the Reddit post regarding the matter is genuine, however, those coins are now in safe hands. In return for reuniting them with their original owners, bchsegwitrecover stands to make a cool $200,000. It’s a high price to pay for a moment’s carelessness, but it’s better than being offered no price at all.