One Hacker Already Finishes First Stage of $1 Million Bitcoin Scavenger Hunt for Satoshi’s Treasure

A new alternate reality game called Satoshi’s Treasure was recently launched for public use, as users have to bond together to find real-world locations that hold private keys.

The game offers clues as to where these clues could be by distributing a newsletter. The game, which is inspired by the motion picture Ready Player One, has leaderboards that allow players to see which teams happen to be closest.

In order for the $1 million worth of Bitcoin at stake to be unlocked, 400 out of the 1,000 private key fragments have to be found.

On April 15^th, Blockstream’s Bitcoin satellite distributed the clues of the first three keys, and these clues were intended to be used by the players to go to locations around the world for the QR codes.

However, as reported by TNW Hard Fork's David Canellis, a player named John Cantrell did not have to go anywhere to complete the challenge. Instead, he decided to hack it.

Cantrell did not want to keep these secrets to himself, so he actually posted his method to GitHub to show exactly how he managed to unlock the keys in a matter of minutes. The post (https://gist.github.com/johncantrell97/bbab69bbde03d22eb8323fd94cd46db0) explains first that the clues to the keys were not supposed to be shared between cities until April 16^th, but “that wouldn’t stop” him from continuing to look around.

He found a QR code from one of the other treasure hunters in this game, which was the first clue.

After Cantrell checked the source code for Satoshi’s Treasure sites, he found that the two keys were encrypted, but easily found in the source code.

He said that he realized that he “could brute force this using a dictionary attack,” adding that he assumed that the other passphrases for the keys would end up being in English.

The encryption was cracked almost instantly with the use of a Ruby script. As soon as it was cracked, Cantrell had the words for the 2^nd and 3^rd keys before the clues even came out. Dovey Wan from Wheatpond, one of the firms that helped with Satoshi’s Treasure, commented on the hacker’s progress, saying that this whole setup “is intended so we can test” how clever the individuals of the internet are.

Considering how quickly these clues were “solved,” it is likely that Satoshi’s Treasure will be increasing difficulty with the clues and acquiring keys.

The full walkthrough is detailed on GitHub, including the source code and the script that he used. He encouraged anyone else involved to follow him on Twitter for other tips with the username “johncantrell97.”