Burning millions on the blockchain: how hackers used bitcoin to send a message

Burning millions on the blockchain: how hackers used bitcoin to send a message


On 18 June, something remarkable happened on the bitcoin blockchain. A series of 2 087 transactions totalling nearly 18.5 bitcoin, worth close to US$2-million (R35.5-million), was sent to a single address: 1FuckiRGCTerroristsNoBiTEXXXaAovLX.

The message embedded in that address left little to interpretation. It was a public and permanent insult aimed at Nobitex, Iran’s largest cryptocurrency exchange, which had just suffered a devastating cyberattack.

What made this event different was not the financial loss. The stolen crypto was not used to buy luxury goods, fund illicit operations or laundered through money mixers. It was simply exiled on-chain. As malicious as the act was, it was not about financial gain. The attackers set millions of dollars on fire and made sure the world could see it.

The bitcoin frozen in digital limbo formed part of a broader, $90-million theft. The rest of the funds were drained from Nobitex’s wallets across other blockchain networks such as Ethereum and Tron and rendered inaccessible in the same manner. Instead of hiding or spending the assets, they were sent to addresses with no access, effectively burning them. This was not theft for profit, but a message, with funds trapped in plain sight.

To understand how this works, it helps to look at how bitcoin and similar blockchains operate. Each wallet is secured by a pair of keys – one public and one private. The public key, which is used to derive the wallet address, is like your bank account number. Anyone can send funds to it. The private key is like your password or Pin, allowing you to move or spend those funds.

Bitcoin’s design means the wallet address (account) is mathematically derived from the private key (Pin) using a one-way cryptographic function. This is known as a trapdoor function. It is easy to calculate one way, but practically impossible to reverse. If you lose the private key, there is no way to recover the funds. There are no password resets, no call centres and no undo button.

Burning crypto

This is what makes it possible to “burn” crypto. If a wallet address is created manually without being derived from a valid private key, then no key exists to unlock it. Bitcoin can still be sent to the address, but it can never be recovered or moved. This is exactly what happened. The attackers sent bitcoin to an address that looks like a readable phrase but was never linked to a private key. The coins are visible on the blockchain, but permanently out of reach.

The address itself is a vanity address. These are bitcoin addresses with human-readable words or patterns. They are created by generating vast numbers of possible addresses until one matches a specific prefix. For example, generating a bitcoin address that starts with “1Mazars” might take minutes or an hour using standard computing tools. Creating one that starts with “1ForvisMazars” would take exponentially longer, possibly weeks or even months.

Read: Crypto is becoming a ‘practical payment method’ in South Africa

Now consider the address used here: 1FuckiRGCTerroristsNoBiTEXXXaAovLX. Generating an address with this level of complexity using brute force would take thousands of years. This tells us the address was not generated using a private key. It was constructed deliberately as a destination for burning bitcoin. The funds were not just sent away. They were locked in a vault with no door.

Could someone eventually guess the private key? In theory, yes. In practice, no. Bitcoin uses 256-bit encryption, which creates more possible keys than atoms in the observable universe. Cracking one would take longer than Earth has existed.

The author, Wiehann Olivier
The author, Wiehann Olivier

Imagine locking R40-million in a steel safe, dropping it into the Congo River during peak flood season, and destroying every copy of the key. The funds exist but are completely unreachable.

What makes this more frustrating is that everyone can still see the money. That is the paradox of bitcoin. Every transaction, address and balance is visible to anyone with internet access. You can see the 18.5 bitcoin sitting in that address. You can trace each of the 2 087 deposits. But you cannot do anything about it. No court order, developer or government can reverse the transaction.

It is also important to clarify that bitcoin was not hacked. The vulnerability was at Nobitex. Like most centralised exchanges, it was responsible for securing users’ private keys. That is where the breach occurred. Bitcoin itself worked exactly as intended. It recorded a valid transaction and enforced the rules as designed.

The group claiming responsibility, Predatory Sparrow, is believed to have links to Israeli intelligence and has previously conducted cyberattacks against Iranian infrastructure. Regardless of the motivation, this was a deliberate act of destruction. The message was clear, and the method irreversible.

This incident marks a new chapter in cyberwarfare. With just an internet connection and access to blockchain networks, attackers can now inflict permanent, borderless financial damage. In this case, they did not steal. They erased.

And now, that message lives forever on the blockchain. Visible to all. Recoverable by no one.

Get breaking news from TechCentral on WhatsApp. Sign up here.

  • The author, Wiehann Olivier, is a partner and fintech & digital assets lead for Forvis Mazars in South Africa

Don’t miss:

Crypto shakeout: bitcoin soars, altcoins crater