A $1 billion Bitcoin (BTC) portfolio emptied – The heist of the century or a veteran getting his loot back?

After more than 5 years of inactivity, a portfolio containing $955 million in Bitcoin (BTC) has been emptied. Was it a simple transaction by a long-time hoddler or the heist of the century by highly skilled hackers?

A major transaction for Bitcoin (BTC)

On Tuesday 3 November at 21:36 UTC, a transaction of BTC 69.369 was executed from a Bitcoin portfolio dormant since April 2015. The amount this transaction represents is considerable, $955 million at the time of its execution.

The fees for this transaction are derisory, in the order of only $12. Although they are higher than the fees often generated by such transactions, they remain very low.

Note that an initial transaction containing 1 BTC was issued, most likely to ensure that the destination address was the correct one, before sending the rest of the BTCs.

Apart from the value of this transaction, this one is quite special. The portfolio in question is believed to have fallen prey to hackers in recent years.

Two hypotheses are therefore envisaged, is it a simple movement by the owner of the portfolio, or have hackers managed to gain access to it? Let us deconstruct these theories.

Hypothesis n°1 – A long-time hodler comes up to date

First hypothesis, according to the data provided by the analysis company CipherTrace, it is likely that this transaction took place to migrate from one address format to another. CipherTrace points out that the old portfolio address used the Legacy/p2PKH system while the new address uses the Bech32/p2WPKH format.

Legacy addresses, Bitcoin Storm original address format, all begin with a „1“, while Bech32 addresses, Segwit’s native address format, all begin with „bc1q“. CipherTrace adds that only 5% of BTCs in circulation are currently held in Bech32 addresses.

As the address that held the funds predated the hard forks of Bitcoin Cash (BCH) and Bitcoin SV (BSV), it also contained 69,370 of the corresponding corners.

At the same time, the owner of the address therefore also moved all of its BCH and BSV to new addresses that had never been the subject of transactions before. The 69,370 BCHs represent $17.8 million, while the 69,370 BSVs represent $10.6 million.

Hypothesis 2 – Highly skilled hackers pull off the heist of the century

The second hypothesis is that hackers managed to get their hands on the portfolio. Indeed, this wallet is rather peculiar, as it is supposedly in the hands of hackers from all over the world.

For almost 2 years, a certain encrypted file „wallet.dat“ – among many others – has been circulating on the All Private Keys website. This website – rather suspicious in its methods – claims to be in possession of files holding the private keys of wallets very well stocked with bitcoins.

The file in question can therefore be purchased for 0.089 BTC, or approximately $1,215 at the time of writing these lines. However, there is no evidence that the file is genuine, so the likelihood that it is a scam is very high.

Some members of the crypto-community are convinced, however, that this transaction is the work of hackers. The hackers would have managed to access the .dat file linked to the wallet, and thus its private key.

Bitcoin’s mystery still unsolved

To date, it is difficult to know who is really behind this colossal transaction. However, the hacking hypothesis is unlikely, as a brute force attack against the wallet password is almost impossible to carry out unless the password in question is relatively short and uncomplicated.

It is therefore conceivable that the portfolio owner may have simply decided to move his funds to new addresses, to stop hackers trying to access the „wallet.dat“ file for good.