Cryptorun warm-up: I just hid 4x0.25 ETH in Brussels — let the bounty hunt start!

You want free Ether? Run run run!

Ready to run and hunt?

The Cryptorun challenge is coming up soon, in one month from now. This challenge is about BeCode, crypto, running, and Brussels. Since I’ll be running more than 60KM during the challenge, I thought it’d be even nicer to share the efforts and get some other folks to run a bit as well for crypto. Enters the Cryptorun Bounty Hunt warm-up! Ready?

The rules of the game

  • I have hidden 4 QR codes across my favourite running spots in Brussels
  • Each QR code links to a unique secret website, with a unique secret password in the URL parameters
  • Each website is a DApp connected to its own smart contract, which will let you query the smart contract to claim your bounty using the secret password
  • Each smart contract has been topped-up with 0.25 ETH, that are yours to claim if you’re the first to find a QR code!

An example to warm you up

A sample secret QR code

Got it? Maybe you need to send the link from your smartphone to your computed. It should lead you to this lengthy address: http://a777aaa4eb79df623933add32490950f9e9e8d00f1a9.cryptorun.brussels.s3-website.eu-central-1.amazonaws.com/?secret=f172873c63909462ac4de545471fd3ad3e9eeadeec4608b92d16ce6b500704cc

Note the very long domain name (the longest allowed by AWS S3, actually), as well as the ‘secret’ parameter. On the website, you’ll see this nice button:

Exciting, eh?

When you click it, MetaMask will open and ask you to make a transaction to this smart contract:

The smart contract is out there, waiting for you!

See the function claimBounty on line 20? It will only be triggered if the right secret is used, as the below tests show.

Test, test, test — always test stuff

If you found the right secret, you’ll get the bounty baby. Ain’t it nice? The secret is very though to guess so hopefully the only way to get the money is really to be the first one to find the QR code. Plus, the complex link makes it difficult even to find the contract in the very place. But I’d be happy to hear about and learn from successful hacking attempts.

So, let’s go!

My personal Strava heatmap

I will reveal the first of the 4 locations on April 17 evening, then 1 new location every 5 days. Stay tuned to be the first in the know! You can follow me on LinkedIn, here on Medium, or register directly on this form, letting me know you want to be notified of new locations.

I wish you a lot of success for this game, and please spread the love about BeCode and the Cryptorun challenge

Cheers and thanks for reading!

Thomas from Cryptizens.io

Co-founder & CTO at Canyon Legal.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store