On July 4, 2025, American Independence Day, $8.6 billion worth of Bitcoin was moved under circumstances that defy all conventional logic. This investigation reveals the backstory of an event that could redefine our understanding of cryptographic security.
✴️ The Historic Event: When $8.6 Billion Moves in Silence
July 4, 2025 will remain etched in Bitcoin history. During the day, 80,000 BTC—equivalent to $8.6 billion at current prices—were simultaneously moved from 8 wallets that had been dormant for over 14 years. Each wallet contained exactly 10,000 BTC, in perfect symmetry that immediately rules out any coincidence.
This surgical coordination represents the largest Bitcoin movement ever recorded in a single operation. But beyond the dizzying figures, it's the very nature of this transaction that raises questions. Because unlike the usual "whale" awakenings, this operation bears all the hallmarks of a technical demonstration... or a major cryptographic exploit.
The Concerned Wallets: Fossils from the Bitcoin Era
The 8 addresses involved share troubling characteristics:
- Identical format: All use the P2PKH (Pay to PubKey Hash) standard, massively employed in Bitcoin's early years
- Total inactivity: No outgoing transactions since their creation, between 2010 and 2011
- Uniform amounts: Exactly 10,000 BTC per wallet, suggesting a common origin
- Same activity period: All funded during the golden age of early adopters
🕰️ Origin Transaction Revelation: Two Creation Waves
Analysis of origin transactions reveals that the 8 wallets were created in two distinct waves, with different patterns that deserve documentation.
🌊 First Wave - April 2, 2011
Unified pattern: Single source address funds two wallets
-
21:08 UTC: 1HqXB9sr... → 12tLs9c9... (10,000 BTC) : View transaction
-
22:18 UTC: 1HqXB9sr... → 1KbrSKrT... (10,000 BTC) : View transaction
🌊 Second Wave - May 4, 2011
Distributed pattern: Multiple source addresses for six wallets
-
01:14 UTC: 1HARDyr... → 1P1iThx... (11,326 BTC) : View transaction
-
01:28 UTC: 1FVmPsu... → 1CPaziT... (10,006 BTC) : View transaction
-
01:40 UTC: 1ETcR4G... → 14YK4mz... (10,000 BTC) : View transaction
-
02:01 UTC: 19TWUYm... → 1ucXXZQ... (10,000 BTC) : View transaction
-
02:01 UTC: 1Jfz35J... → 1BAFWQh... (10,000 BTC) : View transaction
-
02:10 UTC: 1NmBMvh... → 1f1miYF... (10,000 BTC) : View transaction
The Dormant Wallet Paradox
This case reveals what could be called the dormant wallet paradox: the longer a wallet remains silent, the more we assume it's lost forever. And yet, the longer the silence lasts, the more strategic it becomes. Inactivity feeds forgetfulness, but sometimes masks extreme vigilance.
In the Bitcoin universe, absence of movement is not necessarily forgetfulness. It's sometimes a stance. The thesis that dormant wallets were "probably lost forever" seems increasingly wrong. On the contrary, the more time passes, the more facts suggest that some of these wallets are not forgotten... but watched. And sometimes, reactivated with surgical precision.
This uniformity is not insignificant. It suggests that these wallets don't belong to distinct investors, but result from a common generation process—possibly automated.
🧾 Hidden Messages: When the Blockchain Becomes Communication Terrain
But the most intriguing aspect of this case lies in the four OP_RETURN messages inscribed on the blockchain just before the main transfer. These "digital graffiti" reveal meticulous staging:
First Message: Declaration of War
"LEGAL NOTICE: We have taken possession of this wallet and its contents"
An unambiguous message. The entity behind this operation publicly claims possession of the funds, with legal formalism reminiscent of real estate seizures.
Second Message: The Ultimatum
"Not abandoned? Prove it by an on-chain transaction using private key by Sept 30"
More than a provocation, it's a technical challenge. The message requires legitimate owners to prove their possession by signing a transaction with their private keys—the only irrefutable proof of ownership in the Bitcoin universe.
Third Message: Legitimation
"NOTICE TO OWNER: see salomonbros.com/owner-notice"
The reference to an external site professionalizes the operation. By visiting the Salomon Brothers site, we discover a complete legal notice explaining the claim procedure and establishing a legal framework for appropriating "abandoned" funds.
Fourth Message: The Artistic Signature
"4 8 15 16 23 42"
Here are some links for the curious (but this is accessible via Arkham) :
- mempool.space/address/12tL
- mempool.space/address/1Kbr
- mempool.space/address/1P1i
- mempool.space/address/1CPaz
- mempool.space/tx/ac35cc92a1
- mempool.space/address/bc1q
The famous "Lost Numbers" from the TV series Lost. To understand the scope of this reference, we must dive back into the universe of this cult series (2004-2010). These six numbers constitute one of the central mysteries of the plot: they appear everywhere on the mysterious island, must be entered every 108 minutes in an underground station to "save the world," and seem cursed—bringing misfortune to anyone who uses them (lottery, gambling, etc.).
In Lost, these numbers represent the obsession with control in the face of the unknown, the question of destiny versus free will, and above all... the idea that certain secrets are too dangerous to be revealed. The parallel with this Bitcoin operation is striking: someone who holds a potentially revolutionary (and dangerous) technical secret for the crypto ecosystem chooses to sign their exploit with these cursed numbers.
Even more troubling: in Lost, these numbers eventually cause a global catastrophe when their control system fails. A subliminal message about the potential consequences of this exploit?
But the most intriguing discovery remains to come: the episode "Orientation" of Lost, where Desmond reveals the crucial importance of these numbers (which must be entered every 108 minutes to "save the world"), was first broadcast on ABC on October 5, 2005. Exactly 20 years later than the Bitcoin deadline. This temporal coincidence is statistically impossible. It confirms that the operation was conceived as a total narrative work, where every detail has meaning. The entity behind this operation does not simply perform a technical exploit—it signs a cryptographic performance of unparalleled sophistication. https://en-m-wikipedia-org.translate.goog/wiki/Orientation_(Lost)?_x_tr_sl=en&_x_tr_tl=fr&_x_tr_hl=fr&_x_tr_pto=rq
A Detail That Confirms Deliberate Intent
In-depth analysis of the addresses reveals an additional troubling detail: one of the destination addresses, bc1qwq5geath93h01nfsrmnwnfuck2f9ypv4ewyl4j, explicitly contains the word "fuck" in its sequence. This statistically quasi-impossible "coincidence" confirms that nothing was left to chance in this operation.
Generating a Bitcoin address containing a specific word requires considerable computing power and a deliberate "vanity address" process. That the entity behind this operation took the time and resources to generate an address containing this provocative term reveals several things:
- Artistic intention: Every element of the operation carries a message
- Technical mastery: The ability to generate custom addresses demonstrates advanced expertise
- Calculated provocation: The choice of the term "fuck" is not random in an operation that defies conventions
- Personalized signature: Like the Lost Numbers, it's an intentional trademark
This discovery adds to other artistic elements (Lost Numbers, July 4th timing, October 5th deadline) to confirm that we are not facing a simple technical exploit, but a total cryptographic artwork.
This sequence of messages reveals a sophisticated strategy mixing legal intimidation, technical challenge, and cultural references. The complete opposite of a simple opportunistic hack.
🧬 The Technical Hypothesis: The P2PKH Flaw Finally Exploited?
The uniformity of the targeted wallets and their P2PKH format raise a disturbing question: what if someone had succeeded in exploiting a cryptographic weakness?
Vulnerabilities of the P2PKH Format
The P2PKH format, although still used today, presents characteristics that distinguish it from modern standards:
- Independent generation: Each address has its own private key, generated separately
- Absence of hierarchical structure: Unlike modern HD wallets (BIP32/BIP39), no common seed
- Variable entropy: The quality of randomness depended on the generation tools of the time
The Exploited Pattern Theory
The most troubling hypothesis is that these 8 wallets share a common defect in their generation. Several scenarios are possible:
1. Faulty generator: Many paper wallet creation tools, popular between 2010 and 2013, used weak or predictable pseudo-random generators.
2. Insufficient entropy: If the keys were generated with a compromised random source (system clock, faulty generator), they could be reconstructible.
3. Algorithmic pattern: Once a first key is cracked, analysis of its structure could reveal an exploitable pattern to identify other vulnerable keys.
Historical Precedents
This hypothesis is not pure speculation. Bitcoin's history records several cases of private keys compromised by generation defects:
- JavaScript generator flaws from bitcoinpaperwallet.com
- Android entropy problems identified in 2013
- Brain wallet exploits with too predictable phrases
If this theory is confirmed, we may be witnessing the most sophisticated exploitation ever carried out against Bitcoin.
⚖️ Legal Staging: Protection or Demonstration?
The legal sophistication of this operation intrigues as much as its technical aspect. The Salomon Brothers site and the claim procedure reveal a meticulously prepared legitimation strategy.
A Tailor-Made Legal Framework
The site salomonbros.com/owner-notice presents a complete legal argument:
- Doctrine of abandonment: Funds are considered abandoned after 14 years of inactivity
- Claim procedure: Two ways to prove ownership (on-chain signature or official documentation)
- Grace period: 90 days to come forward, until October 5, 2025
- Legal appropriation: After this deadline, funds could be legally claimed
The Digital Adverse Possession Strategy
Beyond simple legal protection, this operation reveals a more sophisticated strategy: applying an ancestral common law principle to the digital world. The entity applies logic analogous to that of real estate or material goods:
"I have taken possession of abandoned goods, made it public, offer a 90-day contestation period, and without contestation, I become full and legitimate owner."
This approach draws inspiration from several established legal concepts:
1. Abandoned Property Doctrine
In certain jurisdictions, property can be considered abandoned if the owner has not manifested themselves for a determined duration, and if a third party takes possession in a public and open manner. Although timelines are generally longer (several years), the fundamental principle exists.
2. Adverse Possession
Strong principle in American real estate law: if you continuously, openly, and without permission occupy property for a defined period (often 10 to 15 years), you can claim full ownership. The entity transposes this logic to the cryptographic domain, exploiting the current legal void.
3. The 90-Day Rule
In certain legal contexts (foreclosures, transfers, claims), 90 days suffice to trigger a change in legal status in the absence of contestation. This period seems deliberately chosen for its recognition in various legal systems.
Why This Strategy Is Formidable
This approach raises profound philosophical questions about digital property:
- What constitutes abandoned digital property? Do 14 years of inactivity constitute abandonment?
- Who can claim ownership? Does technical possession trump historical rights?
- Does silence equal renunciation? Does lack of reaction validate appropriation?
The entity exploits the fact that no law precisely defines abandonment in the Bitcoin universe, potentially creating a revolutionary legal precedent.
Anticipated Protection
This legal staging could serve several objectives:
1. Retroactive legitimation: If the operation involves a technical exploit, this legal framework offers an alternative legal justification.
2. Protection against investigations: Facing authorities, this procedure demonstrates a willingness to respect property rights.
3. Resistance test: The 90-day deadline allows verification that legitimate owners can no longer actually access their funds.
The Bitcointalk Precedent
A troubling element emerges from the archives: in 2013, a user named Ahalipoor had already mentioned one of these addresses on the Bitcointalk forum, suggesting it could be "recoverable." This message, long ignored, now takes on particular resonance. https://bitcointalk.org/index.php?topic=271049.msg3033744#msg3033744 https://bitcointalk.org/index.php?topic=5365862.0
Was it a prediction? An early test? Or simply a coincidence? This detail adds a fascinating temporal dimension to the investigation.
🔍 Implications for Bitcoin: Myth or Revolution?
If this operation confirms the exploitation of a cryptographic flaw, the consequences for Bitcoin could be considerable.
Questioning Inviolability
Bitcoin rests on a fundamental postulate: the practical impossibility of cracking a private key. If this postulate wavers, the entire edifice of trust could crumble.
Impact on perception: The revelation of a flaw, even limited to old formats, would shake confidence in wallet inviolability.
Market reaction: A questioning of cryptographic security could provoke panic movements, particularly among holders of large old wallets.
Forced migration: Holders of old P2PKH wallets could be forced to migrate to more recent and secure formats like Native Segwit (bech32, addresses starting with "bc1") which offer better cryptographic resistance.
The Specter of Satoshi's Wallets
The deepest concern involves wallets attributed to Satoshi Nakamoto, Bitcoin's creator. These addresses, dormant since 2010, represent about 1 million BTC and mainly use the P2PKH format.
If the revealed exploit applies to other wallets from that era, the consequences would be cataclysmic:
- Economic impact: Putting 1 million BTC on the market would cause a price collapse
- Crisis of confidence: Compromising Satoshi's funds would question Bitcoin's very foundations
- Community fracture: The community could divide on what course to take (hard fork, blacklist, etc.)
Possible Community Reactions
Facing such a situation, several reactions are conceivable:
1. Denial and minimization: Some might deny the problem's magnitude or limit it to isolated cases.
2. Technical migration: Acceleration of the transition to more secure standards (Taproot, quantum-resistant wallets).
3. Protocol intervention: In an extreme scenario, a hard fork could "freeze" compromised addresses.
4. Philosophical acceptance: Recognition that technical evolution makes certain wallets obsolete.
⏳ Future Scenarios: What Will Happen?
The October 5, 2025 deadline approaches, and several scenarios emerge.
Scenario 1: Probable Liquidation
Although no sale has been officially announced, economic logic suggests the entity could proceed with liquidating the 80,000 BTC after the claim deadline expires. This massive injection of liquidity into markets could:
- Cause a brutal drop in Bitcoin prices
- Trigger panic selling among other holders
- Attract regulatory attention to sellers' identities
- Test institutional market absorption capacity
Because let's be realistic: who would invest such technical and legal resources to simply... keep Bitcoin? The objective is presumably economic.
Scenario 2: Technical Escalation
If other old wallets are compromised in the following weeks, we could witness:
- A race to migrate vulnerable wallets
- The emergence of a "recovery" market for abandoned funds
- Attempts to exploit Satoshi's wallets
- A massive exodus to more modern storage solutions
Scenario 3: The Revelation
The entity could choose to publicly reveal the method employed, transforming this exploit into an educational demonstration. This transparency could:
- Allow the community to identify and protect other vulnerable wallets
- Accelerate development of more robust cryptographic solutions
- Establish new security standards for old wallets
- Transform a threat into an improvement opportunity
Scenario 4: Status Quo
In the hypothesis where the 90 days pass without legitimate owners manifesting, the entity could:
- Keep the funds without liquidating them, establishing a legal precedent
- Use them as collateral for other financial operations
- Redistribute them according to philanthropic or community criteria
- Simply demonstrate their capacity without profiting from it
🌐 Beyond Bitcoin: Lessons for the Crypto Ecosystem
This case transcends Bitcoin alone and questions the entire cryptographic ecosystem.
Planned Obsolescence of Security Standards
Technological evolution inevitably makes yesterday's security standards obsolete. This reality, already observable in traditional computing, now catches up with cryptocurrencies.
Lessons for developers: Need to anticipate the evolution of computing capabilities and cryptanalytic techniques.
Implications for users: Importance of keeping storage solutions up to date and not considering security as permanently acquired.
Platform responsibility: Obligation to accompany users in migration to more robust standards.
Redefinition of Digital Property
This case poses profound philosophical questions about the nature of property in the digital universe:
- Does technical possession (key holding) take precedence over legal ownership?
- Can simply inactive assets be considered "abandoned"?
- What legitimacy to grant to those who "awaken" dormant funds through technical exploit?
Impact on Regulation
Financial authorities are following this case with attention. Its regulatory implications could be major:
New obligations: Strengthening security requirements for crypto service providers.
Legal framework: Clarification of the legal status of funds "recovered" by technical exploit.
International cooperation: Need to harmonize regulatory approaches facing these new challenges.
🎭 Conclusion: Silent Revolution or Narrative Master Stroke?
The 80,000 BTC case will remain in Bitcoin history, and all elements converge toward a troubling evidence: we are very probably witnessing the first major cryptographic exploit in Bitcoin's history.
The Technical Exploit Hypothesis: Quasi-Evident
The operation's sophistication, its meticulous legal staging, and especially the perfect coordination of 8 uniform wallets massively argue for a successful technical exploit. This elaborate legal protection would make no sense for simple owners recovering their own funds.
Why this legal cover? Because sending $8.6 billion to a centralized exchange without legal justification would immediately provoke an international investigation. The staging of the 90-day deadline and the legal framework of "abandonment" offers anticipated protection against authorities.
The timing is not random: July 4th (independence), Lost reference (dangerous secrets), 90-day ultimatum... Everything converges to transform a technical exploit into a legitimized narrative performance.
Two Other, Less Probable Hypotheses:
2. Opportunistic recovery: Truly abandoned funds have been recovered by their legitimate owners, using staging to protect themselves legally.
3. Artistic demonstration: A Bitcoin whale orchestrated this operation as a conceptual performance, mixing cultural references and power demonstration.
The Importance of October 5th
Whatever the true nature of this operation, the date of October 5, 2025 will mark a turning point. If the announced sale takes place, we will measure the real impact on markets. If it doesn't take place, the mystery will thicken further.
Better understand the potential exploit
Beyond Speculation
This case illustrates a fundamental truth: Bitcoin is not just a technology, it's a living ecosystem where technical innovation, economic strategy, artistic creativity, and power play intermingle.
Each transaction tells a story. Each block carries a memory. And sometimes, like July 4, 2025, these stories become legends.
The future will tell us whether we witnessed a simple awakening of dormant wallets or the first act of a silent cryptographic revolution. In either case, the Bitcoin ecosystem will emerge transformed.
Because ultimately, this case poses the essential question: in a universe where code is law, who really holds power? The one who writes the rules... or the one who knows how to circumvent them?
This investigation will continue with developments on October 5, 2025. The answers to our questions will shape the future of Bitcoin and the entire cryptographic ecosystem.
Update to follow...
🔍 Post-publication discoveries: when the investigation reveals its secrets. (last update 2025-07-07)
The Ultimate Easter Egg: 733 Third Avenue, the Nod to Crypto Hunters
But the most striking discovery remains to be uncovered. By digging into the Salomon Brothers website information, meticulous analysis reveals what could be the greatest easter egg of this operation: a direct reference to the world of crypto forensics and one of the most famous investigations in Bitcoin history.
⚠️ Important clarification: This discovery, flagged by user @IssanSatoshi on Twitter, remains at this stage a troubling hypothesis rather than a certainty. Nevertheless, the converging elements deserve to be noted as they fit into the sophisticated narrative logic of this operation.
733 Third Avenue: More Than an Address
This address, referenced on the salomonbros.com site, is far from random. 733 Third Avenue, New York, NY 10017 is the headquarters of EisnerAmper, one of the most renowned firms in crypto forensics and blockchain investigation. But that's not all.
Gary Alford: The Man Who Unmasked Dread Pirate Roberts
This same address houses the offices where Gary L. Alford worked, the IRS special agent who identified Ross Ulbricht as Dread Pirate Roberts, the founder of Silk Road. Alford used "old-school" investigation methods—meticulous Google searches and analysis of online discussions—to trace back to the real identity of the creator of history's most famous darknet market.
An Encrypted Message to Investigators
By referencing this address, the entity sends a clear message to the forensic community:
"I know your methods. I know your history. I know who you are and where you work."
It's simultaneously:
- A tribute to crypto investigation capabilities
- A provocation toward those who might attempt to track them
- A demonstration of knowledge of the crypto forensic milieu
- A challenge: "You unmasked Ulbricht... can you find me?"
Absolute Narrative Sophistication
This reference adds to other artistic elements to confirm we're facing a total cryptographic artwork. The entity doesn't settle for a technical exploit—they weave a narrative web that encompasses:
- Bitcoin's history (Silk Road, Ulbricht)
- Pop culture (Lost Numbers)
- Crypto investigation (EisnerAmper, Alford)
- Legal principles (adverse possession)
- Temporal symbolism (anniversary dates)
🎯 The Counterparty Signal: Coded Message to Bitcoin Insiders
Investigation Methodology: Anticipating Future Scenarios
As part of this investigation pushed to the maximum, I explored potential scenarios for the continuation of this operation. A crucial question emerged: if the entity successfully exploits other ancient wallets - notably those from the Satoshi era - what would it do with these funds?
The burn address hypothesis seemed logical: rather than massively selling millions of BTC and causing market collapse, the entity could choose to "burn" part of these funds by sending them to destruction addresses. This strategy would allow making a strong philosophical statement while avoiding catastrophic economic consequences and intensive investigations.
It was while exploring this hypothesis - burn addresses as potential future destinations - that a major discovery emerged regarding activities from July 2nd onward...
The Counterparty Signal: Coded Message to Bitcoin Insiders
A new discovery reveals even more advanced technical sophistication. On July 2, 2025, the day of the first OP_RETURN messages, a particular transaction reveals a signal intended for Bitcoin community insiders.
🔍 Investigation note: This technical discovery was identified during in-depth research on other potential messages, but it's thanks to expert analysis from @IssanSatoshi that the precise meaning of this signal could be decoded.
548 sats: The Historical Dust Threshold
The July 2nd transaction transfers exactly 0.00000548 BTC (548 satoshis) to the official Counterparty address: 1CounterpartyXXXXXXXXXXXXXXXUWLpVr.
This amount is not random. 548 satoshis corresponds precisely to Bitcoin's historical dust threshold - the minimum amount for a transaction to be considered valid and non-spam by the network.
Counterparty: Signal to Bitcoin OGs
Counterparty is a decentralized protocol launched in 2014, built on Bitcoin, that allows creation of custom assets and tokens. Using this specific address sends a clear message to insiders:
"I know Bitcoin's deep history. I master meta protocols. I'm part of the first generation."
A Sophisticated Technical Beacon
As a technical analyst explains: "Sending exactly this amount to the Counterparty address activates a precise signal, known to historical users. An on-chain beacon. The OP_RETURN message is publicly readable, but it's this type of micro-payment that speaks to insiders. It encodes an intention, a signature, a date, or a trigger."
Technical Profile of the Entity
This use of Counterparty reveals an even more sophisticated profile:
1. Authentic Bitcoin OG: Knowledge of first-generation protocols (2014)
2. Deep technical mastery: Precise calculation of dust threshold
3. Community culture: Signaling to initiated peers
4. Meticulous planning: Signal sent from day one of the operation
Implications of This Discovery
This Counterparty beacon confirms the entity:
- Is not an opportunistic hacker but a historical actor in the Bitcoin ecosystem
- Masters the entire ecosystem: from low-level cryptography to meta protocols
- Communicates in multi-layers: public messages (OP_RETURN) and technical signals (Counterparty)
- Addresses different audiences: general public via Lost Numbers, insiders via Counterparty
The Puzzle Completes
Each discovery reveals an additional layer of sophistication:
- Community: Signaling to Bitcoin OGs via Counterparty
This operation transcends simple technical exploit to become a total cryptographic artwork, mixing all aspects of the Bitcoin universe in a narrative performance of unprecedented sophistication.
Nothing is left to chance. Every detail carries meaning, every reference tells a story. This is narrative haute couture applied to the crypto universe.
