TLDR Version:

• /u/toshiromiballza loaded an unknown amount of crypto on an address and then pasted his seed.
• The catch was that he encrypted his seed with two dates using a program he wrote. The program moves certain words forwards and backwards from the word list based on the date used.
• I wrote a poor performing code breaker, checked over 6 million valid Ethereum private keys, and final found the correct address & key after 8 days.
• The address contained $15 of Ethereum, of which I instantly burned $2 sending an empty transfer, and then sent the remaining $11 (another $2 fee) to my address.
• The catch – the answer was hidden in plain sight the whole time.

Note: I'm adding an ELI5 on Mnemonic Seed Phrases in the comments if you want to learn more about them.

Original Puzzle Link: https://www.reddit.com/r/CryptoCurrency/comments/ovrnvp/bruteforceable_puzzle_free_crypto_for_whoever

​

The Puzzle

• Initially, the information /u/toshiromiballza presented left a pretty impossible puzzle. He gave us a seed phrase, and let us know that he had used his program to shift the words.
• The wordlist for phrases is known. His program would take the integer number from dates and look forward that many words to replace the current word.
• For example, if the first word was "deer" he applied the value of the year 1956 to it, going through the list, looping back to the start and finally landing on, maybe "frog".
• This happens to all the words in the phrase. His program will then unscramble the words when you decrypt. Going backwards to get back to the source word.
• Without any information and his programming taking a variable 1-4 dates, there was nothing to do. Too long to crack.
• But, /u/toshiromiballza helped us out giving some vital information.
  • He used two dates.
  • The date range was from the start of the 20th century to now.

Cracking the Puzzle

• What people generally don't tell you when you get into crypto is that private keys are just random numbers. What keeps your account safe from another person getting it, is that the random number is picked from a pool so big, it is essentially impossible to choose the same random number as someone else.
• This has also fascinated me, and I have wanted to learn the process to create private keys & addresses so once I saw we had a little more information I decided to get started.
• My code was simple:
  • Take his "encrypted" phrase and brute-force it by attempting every possible date combination.
  • Once I found a legit phrase that created an Ethereum private key, I would check it using the Etherscan API. I batched 20 accounts together at once to move through more quickly.
  • Looking at the API results, I would see if the value was greater than zero and if so, print out the results including the dates, private key, and Ethereum address.
• I used an open-sourced piece for the technical work of going from a seed phrase to an address & private key – what did all the hard bits.
• See my code here: https://github.com/willhblackburn/brute-force-seedshift-puzzle-pub
• I loaded the dates and started.

The Crack

• Within 5 minutes I realized this would still take weeks with my poorly optimized code. I said I would refactor the code later went back to review the post to make sure I got all the hints I could.
• I realized in /u/toshiromiballza's post about the dates, it seemed that one date was from the 21st century and one was from the 20th century.
• So, I modified the dates to check one date from the 20th century against all the 21st century dates up to now.

The Result

• Life happened and refactoring didn't. But I just left my PC on. The script was not using any sizable amount of CPU or memory.
• Crashing would happen randomly, and the most egregious bit was that my code would just print API errors. Skipping over 20 valid accounts that could hold the correct private keys. Not really even logging the dates where errors were happening. Anyone of those could be the legit combination. Really bad coding, that I was going to fix…
• 7 days past and I woke up on Monday (8/9), scrolled through the logs and there it was. The beautiful private key and address.
• I checked the account and found a $15 ETH balance – one transaction from a Coinbase address.
• I imported the private key to MetaMask to send myself the funds. I sent the transaction. Oh wait, I forgot to add the value – the actual Ether. I'm so used to having a hardware wallet confirmation, I moved too quickly and just burnt $2 in an empty transaction. Nice.
• Sent a proper transaction this time and ended up with $11 of time-spent-and-electricity-adjusted profit.

Collisions

• I checked over 6 million other Ethereum addresses via the Etherscan API and none of them contained any Ether or history.
• These numbers are created using a hash algorithm that is known to be collision resistant. So, as long as you choose a really random number, it is essentially impossible to find the same address and account as someone else (a collision).
• It was neat to see it in practice. Millions of private keys to addresses that have never been seen.

Hidden in Plain Sight

• A smarter detective could have reasoned this out without brute force.
• We knew that there were two dates, one in the 1900s and one in the 2000s.
• Furthermore, it seems the dates were connected. The most likely way to connect two dates would be a birth and death date of someone.
• Who's the most prominent person we know in crypto that has already passed away in the 2000s?
• That's right, Hal Finney. The decryption dates were: May 4, 1956 & August 28, 2014. His lifespan.

Thanks for the puzzle /u/toshiromiballza and the $11!

note: originally posted under an my public account that didn't have enough karma.