How to claim a prize

Finding the key is half the battle. Claiming without getting robbed is the other half.

Finding the private key is only half the battle. Claiming the prize without getting robbed is the other half. The puzzle 66 and 69 incidents proved that broadcasting your solution to the public mempool is a fatal mistake.

The threat: mempool bots

When you broadcast a transaction spending from a puzzle address, the transaction appears in the public mempool. The transaction signature reveals the public key associated with the address.

Bots monitor the mempool 24/7 for spends from known puzzle addresses. Within seconds of seeing your transaction, a bot can:

  1. Extract the public key from your transaction signature
  2. Run Pollard's kangaroo / BSGS to derive the private key (seconds to minutes for puzzles ≤ 70)
  3. Broadcast a replacement transaction (RBF) with a higher fee, redirecting funds to the bot's address

This is exactly what happened to puzzles 66 and 69.

The solution: private submission

Never broadcast puzzle solutions to the public mempool. Instead, submit your transaction directly to a mining pool that offers a private submission service:

  1. Sign the transaction in Electrum (do NOT broadcast). Copy the raw TX hex.
  2. Submit via Mara Pool Slipstream or another pool's direct submission service. The transaction goes straight to a miner, skipping the public mempool entirely.
  3. Wait for confirmation. Do not interact with the address again until the transaction is confirmed in a block.

Both Kowala (puzzles 67, 68) used this method successfully. Their transactions were mined without ever appearing in the public mempool.

Step-by-step: safe claim

  1. Find the private key (hex format) using your search tool
  2. Convert hex to WIF using an offline tool (e.g., bitaddress.org downloaded and run locally)
  3. Import the WIF into Electrum (running on an offline machine)
  4. Create a transaction sending the full balance to a new address you control
  5. Disable RBF in Electrum settings
  6. Sign the transaction but do NOT broadcast
  7. Copy the signed TX hex
  8. Submit via Mara Pool Slipstream or equivalent private channel
  9. Wait for block confirmation before doing anything else

Common mistakes

  • Broadcasting to public mempool — bots will steal your funds within seconds (puzzles 66, 69)
  • Using RBF — enables fee replacement, which is the mechanism bots use to front-run you
  • Online key conversion — entering your private key on a website compromises it immediately
  • Partial sweep — leaving dust in the address triggers another public key reveal on the next spend
  • Multiple transactions — puzzle 69 had its transaction replaced 4 times because the finder kept trying to rebroadcast
  • Network congestion — if the network is congested, your private submission takes longer to confirm, increasing risk
Bottom line: If you solve a puzzle, treat the private key like a live grenade. One wrong broadcast and the funds are gone. Prepare your claim procedure before you find the key, not after.