A million-dollar Bitcoin scavenger hunt began only two weeks ago, but one player has already built software to help others co-ordinate their detective efforts.
Satoshi’s Treasure works like this: game organizers split keys to $1 million worth of BTC into 1,000 “shards.” A newsletter sends hints for their discovery, and the first to collect 400 shards immediately unlocks the full prize.
So far, clues have led players to explore major cities like San Francisco and London, but they’ve also featured far-off places like Uganda and Australia.
When the game started, player John Cantrell hacked his way to the first three keys within minutes. He later detailed his methods with a walkthrough posted to GitHub.
To date, Satoshi’s Treasure has released five clues. At pixel time, the latest remains unsolved, but Cantrell did manage to unlock the fourth key with relative ease.
Satoshi’s Treasure mini-games will feature instant prizes
According to Primitive Ventures (one of the firms behind the quest), the overall goal is to educate those who know nothing about Bitcoin or cryptocurrency, and encourage them to participate.
“We absolutely guarantee that if you know a ton about literally any subject, there will be some clue that requires your knowledge,” said Primitive Ventures. “Most of the clues have nothing to do with cryptocurrency. The puzzles are designed by puzzle experts and enthusiasts around the world […].”
The game’s designers are yet to set a timeline for the game, but incoming clues are promised to be extremely diverse, and will now be arriving at random.
Founding partner Dovey Wan also confirmed there will be smaller Satoshi’s Treasure side-quests. Some will impact the primary game, while others will be independent and come with their own prizes.
“These might be geographically localized, or require a very specific set of knowledge,” Wan told Hard Fork. “In the lead up to the main hunt we did ‘mini hunts’ like this to test some game dynamics at college campuses in the US, for example, and those were fun—we’ll do more things like that soon.”
She also explained the $1 million valuation of the prize could fluctuate. While the amount of Bitcoin stashed away is certainly set, disclosing the exact amount would reveal the wallet, which is itself part of a clue soon to be released.
“For now, just know that it’s around $1 million of value (fluctuating a bit as BTC tends to do),” said Wan. “If it goes up a lot, we won’t remove any BTC—the prize will just be bigger. Conversely, if it crashes, so be it.”
Hacker tip: concentrate on what the clue is REALLY saying
Unlike the first set of clues (which relied on QR-codes and encrypted passwords), this one involved following a link buried within a GIF.
Users were then directed to purchase a ‘digital egg’ from a web store for a little over a dollar, which held instructions for claiming the key.
While this kind of clue-hacking comes second nature to Cantrell, it’s understandable when you consider he’s operating with over 20 years of practical software development know-how, and even holds advanced degrees in computer science.
Still, those keen to participate in the Bitcoin hunt without similar work experience shouldn’t be deterred. “When a new clue drops I try to figure out what the clue is really saying, what exactly does the puzzle creator want me to pick up on,” Cantrell told Hard Fork.
“For example, with this most recent clue, the link to the GIF said ‘nothing is what it seems.’ I’ve seen clues like this in other puzzles and it immediately makes me think that the file is not the type it appears to be at first glance,” he continued. “In this case, we were given a GIF file but it ended having a ZIP file hidden inside of it that contained the next clue.”
Cantrell explained he’s spent a lot of time playing other alternate reality games like Not Pron and Cicada 3301 . He noted that puzzle creators often re-use ideas as there’s a limit to the number of techniques and tools that can obfuscate information.
“So, if you’ve played through and understand the solutions to similar puzzles, then a lot of those same techniques will be obvious the next time you see them (or something similar) again,” said Cantrell.
Co-ordinating teams is going to be a real challenge
The thing is, players replicating Cantrell’s success might soon be out of luck. The longer the hunt goes on, the more disincentive there is to share keys – so you should probably learn what you can, while you can.
“I do not intend to continue fully open sourcing all of my methods going forward,” Cantrell told Hard Fork. “In the beginning of the hunt, I think most of the keys will become public knowledge and I enjoy sharing my thoughts on each puzzle, so I don’t see the harm in it.”
“I’m part of a team but I still enjoy trying to solve everything I can by myself,” Cantrell continued. “However, there are definitely some things that aren’t be possible without a team (e.g. being in certain physical locations).”
There’s also the problem of what happens when someone collects the first 400 key shards and unlocks the $1 million prize, especially considering playing solo seems borderline impossible.
Cantrell expressed there’s no simple solution. He mentioned one idea would be to have some subset of leaders in a group meet to combine the key shards and split the profits, in person.
Another involved using cryptography to ensure fair distribution, but he wasn’t exactly sure if it was actually possible.
“Teams need to come up with a way to manage these key shards in the most trust-minimized way possible,” Cantrell continued. “Teams could give all key shares they find to a trusted leader, but as soon as they have 400 shares, the leader could just steal the money for himself.”
To help, Cantrell actually designed and built software just for Satoshi’s Treasure. Ordobot is a Discord plugin that helps teams organize, make decisions, track contributions, and solve puzzles quickly. It even has functionality to run cryptographic tools directly in-app.
You can check out Ordobot here , and you can read Cantrell’s first set of Satoshi’s Treasure walkthroughs here , and here .
Did you know? Hard Fork has its own stage at TNW2019 , our tech conference in Amsterdam. Check it out .
Major European film group hacked to promote Bitcoin scam on Twitter
Another day on Twitter, another Elon Musk cryptocurrency giveaway scam. The official account of Pathé, the world’s second oldest operating film company and Europe’s second largest studio, has been hacked to spread malicious Bitcoin giveaway links.
To dupe users out of their cryptocurrency, the hackers promise to double the investment of anyone who sends a small amount of Bitcoin to their wallet. The hackers also updated Pathé’s account to impersonate Elon Musk, perhaps in an effort to lend more credibility to the fake giveaway.
It appears Pathé has since been able to reclaim its account and delete the tweet. It has also updated its avatar and display name to remove mentions of Elon Musk. Prior to deleting it, the tweet had already stacked over 850 retweets and 3,700 likes.
The more concerning part is that it seems tons of people have already fallen victim to the scam. The wallet address associated with the malicious links has received over 6 BTC (approximately $38,000) in the last 24 hours alone.
For the record, this is hardly the first time an incident like this has taken place on Twitter. Indeed, the micro-blogging service has been getting flak for failing to protect users against such cryptocurrency thieves for months now. Back in July, hackers were able to hijack an official Fox account to run the same scheme.
The situation has gotten so bad that Twitter had to introduce a new rule to prevent people from updating their display name to ‘Elon Musk.’
Eventually, Musk reached out to Dogecoin creator Jackson Palmer for help against the massive army of scambots. Unfortunately, this seems to have done little to curb the giveaway scam outbreak.
SEC fines Floyd Mayweather and DJ Khaled $750K for cryptocurrency shilling
The US Securities and Exchange Commission (SEC) has settled charges against boxing icon Floyd Mayweather and music producer DJ Khaled for failing to disclose payments they received for promoting now-defunct cryptocurrency firm CentraTech to millions of followers on social media.
While DJ Khaled received a payment of $50,000 to shill the failed initial coin offering (ICO), Mayweather pocketed $100,000, according to the SEC. Neither of them made those deals public.
Still that didn’t stop them from pushing the cryptocurrency to followers. DJ Khaled praised CentraTech as a “game changer,” while Mayweather invited followers to participate in its ICO.
For this sin, Mayweather agreed to pay a total of over $600,000 in penalties; DJ Khaled got away with smaller (but still hefty) fines of more than $150,000. Both Mayweather and DJ Khaled also promised the SEC not to promote securities for three, and two years, respectively.
The SEC noted that Mayweather had additionally failed to disclose payments he received for two other unnamed ICOs.
“These cases highlight the importance of full disclosure to investors,” said Enforcement Division Co-Director Stephanie Avakian. “With no disclosure about the payments, Mayweather and Khaled’s ICO promotions may have appeared to be unbiased, rather than paid endorsements.”
For the record, the US securities watchdog initially opened an investigation into Mayweather and DJ Khaled back in October – months after it charged CentraTech founders with fraud.
Since then, the SEC also released a statement to warn investors against blindly trusting celebrity-endorsed cryptocurrencies.