TL;DR: No one in the crypto ecosystem will ever say 15 May 2019 was boring. Mere minutes into the scheduled Bitcoin Cash (BCH) network upgrade, an unrelated bug was found, timed to be exploited for maximum negative media coverage. After developers heroically patched a fix, Calin Culianu noticed the attacker(s) left themselves wide open. He went from being frustrated to telling CoinSpice, “Damn, it felt good to hit the attackers back,” having pruned their addresses of funds used to act maliciously toward the BCH community. Here’s how he did it.

Developer Swipes BCH Attackers’ Funds Right Under Nose

“Early in the day I saw the attack,” Culianu explained to CoinSpice. “I panicked and was sad. I thought it was the end of the world. Then ABC developers fixed the bug, and things started to seem happier. I realized we can hit them back. So a bunch of guys and me got as much information as we could. Basically, once you see how [the attackers] spend their funds, you realize they are idiots and didn’t use crypto keys to secure these funds. We went to the block explorers and queried to figure out their addresses, and from there we cracked them.”

He wound up with 1.2 BCH spread out over 3,000 transactions, each at $0.23, netting about $500. “I am splitting it with my accomplices,” he insisted.

Calin Culianu is an American expat living in Europe, doing independent development work with the Electron Cash wallet team for about a year and a half. Well-regarded and known as NilacTheGrim, he’s also a keen observer of everything Bitcoin Cash. He recalls noticing “how the attackers created some funny transactions,” triggering a latent bug in the Bitcoin ABC client code. “These transactions were originating from addresses without signatures in them,” often called “anyone can spend,” he detailed.

Garbled Nothingness

Examining raw bytes in the suspect transactions, he caught something unusual:

{“txid”:”41a07f1032bfe17b17f3cca2978b64ffa0dd037a7813d7e623e2951f63fea287″,”hash”:”41a07f1032bfe17b17f3cca2978b64ffa0dd037a7813d7e623e2951f63fea287″,”version”:1,”size”:8290,”locktime”:0,”vin”:[{“txid”:”e8eeb5a5ebe4422edd460984da0d11c62abd93ea29c08f41a45451864ce174d5″,”vout”:1064,”scriptSig”:{“asm”:”0063babababababababababababababa5fba6851″,”hex”:”140063babababababababababababababa5fba6851″},”sequence”:4294967294},{“txid”:”e8eeb5a5ebe4422edd460984da0d11c62abd93ea29c08f41a45451864ce174d5″,”vout”:1065,”scriptSig”

To many readers, it probably appears to be garbled nothingness. Not to Culianu, who called it “a decoded transaction,” pointing out lines containing patterns such as “abababababababababa5fba6851” are what’s known as ‘scriptsig.’ “It specifies how to spend it, basically,” he explained further. “It’s Bitcoin Op Code, which lack a signature … some garbage they used to attack the BCH network. Anyone can make one of those because it’s not cryptographically secure, and then redeem all their funds.”

With regard to one of the addresses liquidated, Culianu admits he “missed a few pennies but I got most of it,” insisting to CoinSpice “there were hundreds of such addresses.” And because they do not have cryptographic keys guarding them, he could easily “crack” them, using the Electron Cash wallet. He also estimates nearly 3 BCH is still out there for the grabbing.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.

CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.