there was actually a lot of competition to steal this output, so it was probably a well-known or very low-entropy address.
but for whatever reason this version that burnt it all to fees was received first by most mempool servers, so the RBF history isn't visible.
the attacker's address has a long history of similar activity.
e.g, here's another transaction from a few months ago that vaporized almost a full bitcoin to fees in order to steal only ~86k sats
it's hard to say why they've adopted this strategy.
it could be that the automated tool they use to sweep compromised funds is just terrible at bidding.
or perhaps it's a deliberate "scorched earth" policy to discourage competitors.
or it could be much more sophisticated:
by broadcasting two conflicting theft transactions simultaneously - one profitable, the other burning it all to fees - there's a slim possibility that a non-full-RBF miner will still mine the first, while the second blocks competing txs.
Mononaut should post his investigations on SN not only on Twix. Non-Twix users can't read these threads. SN is much suitable for these kind of discussions. Somebody please inform Mononaut about the SN existence. I never used twix so will not make an account just for this. He can post on Twix only links to SN posts. Much better.
reply
0 sats \ 1 reply \ @zx 11 Jun
Twix haha!
reply
Silly rabbit! Twix are for kids!
reply
so it was probably a well-known or very low-entropy address. but for whatever reason this version that burnt it all to fees was received first by most mempool servers
For whatever reason? The reason is indeed quite obvious.
reply
100 sats \ 1 reply \ @Wumbo 11 Jun
so it was probably a well-known or very low-entropy address.
Is there any logic to determine low-entropy address?
Or was this just bad luck and this address happen to be already guessed and recorded in a database with private key.
reply
There are two possible ways:
  1. Top down: You have a pubkey, know what system it was created on and then find weak randomness on said system
  2. Bottom up: You know a system with weak randomness. You generete the keypairs for all of the frequent notsorandom numbers. You look on the chain if you find any of these pubkeys being used without any paytopubkeyhash
reply
It's probably a bidding war in mempool where two bots overbids each other. It makes for a race-to-the-bottom dynamics.
reply
It could be a small mistake in a large operation.
reply
What would be the point of this? And wouldnt you need a large foundation to be even able to start this, in case the fees add up instantly?
reply