Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
USDC 
Solana 
TRON 
Lido Staked Ether 
Figure Heloc 
Dogecoin 
WhiteBIT Coin 
USDS 
Cardano 
Hyperliquid 
Wrapped stETH 
LEO Token 
Zcash 
Wrapped Bitcoin 
Bitcoin Cash 
Binance Bridged USDT (BNB Smart Chain) 
Chainlink 
Wrapped Beacon ETH 
Monero 
Toncoin 
Canton 
Wrapped eETH 
Stellar 
Sui 
sUSDS 
Litecoin 
USD1 
Dai 
Coinbase Wrapped BTC 
Avalanche 
MemeCore 
Hedera 
WETH 
Ethena USDe 
Shiba Inu 
Rain 
USDT0 
Global Dollar 
Cronos 
PayPal USD 
Circle USYC 
Bittensor 
Tether Gold 
Uniswap 
Ethena Staked USDe 
BlackRock USD Institutional Digital Liquidity Fund 
Mantle 
Polkadot 
PAX Gold 
World Liberty Financial 
NEAR Protocol 
Ondo 
Ondo US Dollar Yield 
OKB 
Pi Network 
Internet Computer 
Little Pepe 
Falcon USD 
syrupUSDC 
HTX DAO 
Pepe 
Aster 
Sky 
Ripple USD 
Bitget Token 
USDD 
Ethereum Classic 
Aave 
Morpho 
BFUSD 
Janus Henderson Anemoy Treasury Fund 
KuCoin 
Ethena 
Jupiter Perpetuals Liquidity Provider Token 
Algorand 
POL (ex-MATIC) 
Kaspa 
Quant 
United Stables 
Jito Staked SOL 
Cosmos Hub 
Spiko EU T-Bills Money Market Fund 
Kelp DAO Restaked ETH 
Superstate Short Duration U.S. Government Securities Fund (USTB) 
Render 
Binance-Peg WETH 
Blockchain Capital 
Rocket Pool ETH 
NEXO 
Worldcoin 
Binance Bridged USDC (BNB Smart Chain) 
Stable 
Aptos 
Wrapped BNB 
Siren 
Filecoin 
Function FBTC 
Arbitrum 
Venice Token 
Gate 
Jupiter 
syrupUSDT 
JUST 
Flare 
Pump.fun 
Binance Staked SOL 
XDC Network 
VeChain 
BUILDon 
Bonk 
Beldex 
Pudgy Penguins 
NEW X CEO IS BACK 
Polygon Bridged USDC (Polygon PoS) 
OUSG 
Solv Protocol BTC 
DeXe 
Lombard Staked BTC 
Midnight 
GHO 
Dash 
clBTC 
SkyAI 
Usual USD 
Provenance Blockchain 
Official Trump 
Terra Luna Classic 
Virtuals Protocol 
USDtb 
StakeWise Staked ETH 
YLDS 
Kinetiq Staked HYPE 
Artificial Superintelligence Alliance 
tBTC 
A7A5 
WrappedM by M0 
Humanity 
PancakeSwap 
TrueUSD 
Injective 
Stacks 
Sei 
c8ntinuum 
EURC 
Mantle Staked Ether 
edgeX 
Aerodrome Finance 
Polygon PoS Bridged DAI (Polygon POS) 
Chiliz 
Curve DAO 
Resolv wstUSR 
COCA 
Kite 
Billions Network 
Doge Strategy 
ADI 
Liquid Staked ETH 
USDGO 
Arbitrum Bridged WBTC (Arbitrum One) 
Tezos 
SPX6900 
Spiko Amundi Overnight Swap Fund (EUR) 
Janus Henderson Anemoy AAA CLO Fund 
Wrapped Flare 
First Digital USD 
Unibase 
L2 Standard Bridged WETH (Base) 
Celestia 
Sun Token 
Steakhouse USDC Morpho Vault 
apxUSD 
币安人生 (BinanceLife) 
USX 
Ether.fi 
Binance-Peg XRP 
LayerZero 
Monad 
Ether.Fi Liquid ETH 
Renzo Restaked ETH 
Kinesis Gold 
Noon 
DoubleZero 
sBTC 
LAB 
Pendle 
Zebec Network 
Jupiter Staked SOL 
FLOKI 
Savings USDD 
Gnosis 
JasmyCoin 
Lido DAO 
Marinade Staked SOL 
Bitcoin SV 
Arbitrum Bridged WETH (Arbitrum One) 
A Bitcoin user lost funds after sending cryptocurrency to a compromised wallet that used a transaction identifier from a coinbase block reward as its private key.
- A Bitcoin user sent 0.84 BTC to a compromised wallet whose private key was derived from a block 924,982 coinbase transaction identifier, exposing it to theft.
- Automated programs monitoring the mempool detected the deposit and competed via replace-by-fee transactions, sometimes paying nearly 100% of the value in fees to claim the funds.
- Using predictable or publicly available data—like transaction IDs or common word patterns—for private keys enables immediate exploitation, highlighting the critical importance of true entropy in key generation.
The transaction identifier of the Coinbase from block 924,982 served as the private key for the wallet, creating a security vulnerability that triggered automated bot activity, according to cryptocurrency publication Protos.
The incident prompted automated computer programs connected to Bitcoin’s memory pool, or mempool, of pending transactions to compete for the funds. These bots automatically detect deposits into compromised wallets and broadcast replace-by-fee transactions to outbid competing programs’ fees to miners for withdrawal transactions.
In the reported instance, 0.84 BTC was sent and lost to an address with a non-random private key derived from a block’s coinbase identifier, according to blockchain data.
The automated systems employ replace-by-fee mechanisms to incrementally increase transaction fees in competition with other bots. In some cases, child transactions pay up to 99.9% of the transaction value in fees, according to observers monitoring such activity.
Private keys represent the most critical security element for protecting bitcoin holdings. When a private key is exposed or derived from common data patterns, theft typically occurs immediately, according to cryptocurrency security experts.
Many compromised wallets with non-random private keys utilize seed phrases with predictable patterns, including repeated words such as “password,” “bitcoin,” or “abandon,” according to security researchers. Any non-random pattern lacking true entropy can expose a private key and enable automated systems to drain deposits to the corresponding public key.
The incident demonstrates that non-randomness can extend beyond simple word patterns to include public information recorded on the Bitcoin ledger, such as transaction identifiers of block rewards. Failure to introduce mechanical entropy when generating private keys can enable brute-force attacks and compromise fund security, according to cryptography experts.
Hashing a private key via a transaction identifier does not provide sufficient entropy for secure private key storage, the incident illustrates. Miners and other mempool observers can monitor transaction identifiers for non-randomness and attempt to broadcast theft transactions using exposed private keys, according to blockchain security analysts.
