top | item 41555072

(no title)

Ok there is one good explanation for this case that I found in another comment here [0]: the person who found the private key made a transaction moving only part of the full reward, but in doing so exposed the full public key. A was monitoring the puzzle address for activity, picked up the public key, used it to crack the private key quickly and moved the rest of the funds.

Fascinating that the original cracker wouldn't know these details about Bitcoin transactions.

[0] https://news.ycombinator.com/user?id=mrb

discuss

BigParm|1 year ago

You can't derive an secp256k1 privkey from the associated pubkey. That's the whole point.

fidelramos|1 year ago

You are right in the general case. But the public key is included in a transaction when it gets signed, and in this particular case the attackers already had part of the private key, that's what allowed a different attacker to combine both pieces and break the private key quickly.