TrueFi Engineering
Published in

TrueFi Engineering

Mystery puzzle solved or why we gave away 7 ETH to an absolute stranger

On the 16th of November, a mysterious poster appeared in the Warsaw metro. In large, block letters the headline read: “SOLVE THE PUZZLE. CLAIM THE REWARD.” The only other pieces of information were an Ethereum smart contract address, a piece of code mentioning 7 ETH in a withdraw function, and the #0xPolandHeist hashtag.

Most of the commuters that day were oblivious to what was in front of their eyes, but those with basic coding knowledge were able to decipher the message and investigate further.

Posts on Twitter, Telegram, Reddit, and even the infamous 4chan board started popping up. People were looking for the meaning behind the poster and tried to connect the dots.

Theories ranged from a Cyberpunk 2077 marketing campaign to a new type of honeypot scam trying to rob you of your hard-earned ETH. None of them turned out to be true…

🙌🏻Today we are revealing the whole story behind the 0xPoland heist.

Let’s take a look at the contract code first. It’s quite straightforward. In order to withdraw the balance from the contract, the winner needs to call the solve function and pass the solution as a parameter. Comments in the code indicate that there are clues hidden somewhere, which should enable to put together the secret phrase.

One nuance of the puzzle code was coming from the front-running challenges described in Dark Forest. In order to avoid the transaction being front-run, the winner had to commit the hash of the solution several blocks before issuing a transaction that solves the puzzle. To make front-running of the commit impossible, hash had to include the address of the potential winner. Those little tricks made it impossible to front-run the transaction and withdraw the funds by pesky bots.

🤓For those not familiar with Ethereum…

Deploying such a smart contract could be compared to placing a transparent safe, full of money, on a street corner in the center of Warsaw. Every pedestrian could see what’s inside, anybody who knows the combination could open the safe, take the money and run. Obviously, those with the knowledge of how safes are built and operated would have an edge over a regular pedestrian.

🌳First clue

So how does one piece together the secret phrase? Obviously, we didn’t want to make that too easy. The first clue was posted on 0xPoland Twitter account on the 19th of November. It contained three important elements:

Let’s dissect this clue.

The regex code tells us that the clue should start with uppercase and end with a period dot.

“0x01ccfbfc” is a piece of control sum of the correct solution to the clue.

A quick google search reveals that the quote is from a song by Elffor titled “Into the dark forest”. The title doesn’t match the regex, so let’s add a “.”. That gives us “Into the dark forest.”

The phrase matches the regex, and guess what? The control sum of this phrase starts with “0x01ccfbfc”. Looks like we solved the first riddle!

🐇Onto the next one!

A couple of days later the second clue was posted.

The quote is a reference to The Hitchhiker’s Guide To The Galaxy, and the answer is obviously 42

The string of characters was the real challenge. In order to decipher it, one would need to write a piece of code similar to this:

[0x6e, 0x99, 0xa1, 0x98, 0x4a, 0x9e, 0x92, 0x8f, 0x4a, 0x9c, 0x8b, 0x8c, 0x8c, 0x93, 0x9e, 0x4a, 0x92, 0x99, 0x96, 0x8f, 0x58].map((x) => String.fromCharCode(x — 42))

That should give us the answer to the riddle: “Down the rabbit hole.”

🧓🏻The human element

The third and last clue was my favorite. It proved to be quite challenging to arrange since it required us to align a few different communication channels. As usual, the human element was the most difficult to control…

Since 0xPoland is based in Poland, our original plan was to give Polish developers an edge. However, after seeing how big of a response this puzzle had around the world, we wanted to level the playing field a bit.

We decided to place an ad in a Polish newspaper. It’s much harder than it sounds! Quite a few daily newspapers declined our ad as they couldn’t wrap their head around the concept of the puzzle and preferred to play it safe.

After countless phone calls and unsuccessful attempts, we managed to place an ad in Gazeta Wyborcza which was published on November 26th, both online and on paper.

@vicnaum1 posted a picture of the ad just a few minutes after we tweeted the clue on how to find it

The phone number was redirected to an Interactive voice response service which played a 16-second recording containing the missing elements of the secret phrase.

The secret phrase was:

With 0xPoland. Into the dark forest. Down the rabbit hole. Where adventure awaits.

⏰Race for time

Now that the whole secret phrase was out in the wild, it was a race for time.

21 minutes after posting a Tweet pointing to the page in the newspaper we saw the winning transaction. The correct hash was committed to the smart contract and three minutes later the transaction solving the puzzle was confirmed. A few hours later the anonymous winner transferred his hard-earned 7ETH to his wallet.

We were watching the contract closely and were exhilarated when the puzzle was finally solved. Everything went according to plan!

🤯But… Why?

By this moment you are probably wondering why we spent so much effort on giving away 7 ETH to a total stranger.

We are closely watching the polish Ethereum developer community and felt like it could use a little adrenaline rush!

Apart from some fun, we wanted to offer a place for developers to grow their skills and join us in building the Decentralized Finance infrastructure.

That's why we are launching 0xPoland - a series of meetups, workshops, and a hackathon. Suited for all developers interested in blockchain, both beginner and advanced.

Guests from Ethworks and top DeFi projects, like MakerDao, will make sure to take your skillset to another level. Join us on the 8th of December 2020!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store