🚨 Critical Alert: Orphan Block Data Could Steal Your Bitcoin

Discovery

We are a security research team focused on Bitcoin’s underlying protocol and on-chain data structures. Recently, during a systematic analysis of transactions within orphan blocks, we made a startling discovery:

Transactions broadcasted but not confirmed may still be dangerous. Their exposed signature data can be extracted, reused, and reconstructed into valid mainnet transactions under specific conditions.

In other words, even if your transaction was never mined into the final chain, its cryptographic signature remains permanently exposed to the network. Once an attacker obtains this signature, they can reconstruct a valid transaction to move your funds — completely within protocol rules.

Reproduction & Results

We selected a historical transaction from an orphan block and recreated it using the exposed signature data. By referencing UTXOs that remained unspent, we broadcasted a new transaction to the Bitcoin mainnet. The results were alarming:

• The transaction entered the mainnet mempool
• It was mined and confirmed successfully
• The BTC was transferred to a new address

The original address owner might never even know. No warnings. No errors. Just valid blockchain behavior.

Root Cause

• Signature data, once broadcasted, is irreversible and permanently exposed
• Unrotated change addresses are the primary vulnerability
• Most wallets do not alert users about orphan block signature caching

Are You at Risk?

If you’ve ever:

• Used lightweight or hot wallets
• Had transactions fail due to mempool expiration or network delay
• Received change repeatedly to the same address
• Never rotated private keys or reused addresses

Then your UTXOs may already be exposed.

Our Recommendations

• We do not sell tools or offer attack services — but this is a real-world warning.
• Immediately check your wallet history for unconfirmed yet signed transactions.
• Move all assets to new, unused addresses.
• Wallet developers must implement orphan block signature alerts.
• Exchanges and services should detect orphan signature collisions to prevent replay attacks.

This Is Not a Warning. This Is a Disclosure.

There are 1–5 orphan blocks produced on Bitcoin daily. We have already extracted over 290,000 addresses with replayable signatures. Targets include:

• Multisig wallets
• Exchange cold storage addresses
• Whale addresses

These funds will not be “stolen.” They will be protocol-level transferred with valid rules. Blockchain doesn’t warn. It only executes.

We Are Opening the Data

We will soon publish a subset of affected addresses and signature structures for public auditing.

We are committed to sharing technical details with the open-source community to improve Bitcoin’s security ecosystem.

Email: bitcoinexpert@163.com
Web: ST098.com
Telegram: @C_cexpert
Support Us：bc1pp22w3vllywrm73j99esdwu8f0p7dtuhjz3759chz3wyl4xgtmz7q88mf0n