Welcome to the Experty.io Bitcoin Halving puzzle write-up, which had a prize of 62,500 EXY as well as a 6.25 ETH extra bonus after puzzle completion. The puzzle was announced on Twitter on the 11th of May, as can be seen below:
The image definitely seems very well made, and there was clearly a lot of effort put into it. So let’s dig in.
Areas of Interest
A first inspection of different elements of the image will reveal 2 things:
- A QR code that has been split into 3 parts
- 12 fruits scattered throughout the image, leading us to think that we need to find 12 BIP39 words (a very clever red herring!). The final “seed phrase” is indeed 12 words long, but not BIP words
There are also some other media/crypto references scattered, that, while fun, are not needed in order to obtain the solution. It’s important to remember that for each of the fruits, some BIP words could be found that matched everything nicely. I will mention these further on.
Here’s an image where the areas of interest are marked (with the 3 QR pieces circled with green)
I will try to present the words in the order that we uncovered them.
Raspberry — QR Code
Obviously, the first thing everyone wanted to see was the message in that QR code. Here it is assembled
Scanning it will reveal a link to https://experty.io/join?utm_source=puzzle. Of course some simple and good BIP words for this could just be “scan”/”link”. But in the end it turned out that the seed word we had to extract for this fruit was “experty”.
There is one extra hint hidden at the link location, if we select (using Ctrl+A for example) all the text in the website link and look at the bottom, some hidden text will be revealed:
This is the order that we have to use for the fruits!
lemon raspberry apple plum grapes pineapple orange pear strawberry banana cherry watermelon
Lemon
The next image that was easy to make out instantly was the lemon fruit
We could easily associate BIP words to this as well, like “link”/”connect”, but the “ayayayLink” is a pretty direct reference to the “ChainLink” project.
Apple
Probably one of the weirdest fruits because we couldn’t easily associate any BIP words directly with it.
Finding the references on advert post was not very hard, as one could simply crop the images and do a reverse image search. You’d turn up with references to The Prague coat of arms (lower left), Judah Loew ben Bezalel and Gustav Meyrink, all of which had in common one thing: “Golem”. This was strange, as the word is not BIP, yet all signs pointed to it. For a while we thought simply that the BIP word for this was “pig” because it was exactly behind the pillar.
Watermelon
The next word we focused on early was the one associated with the watermelon fruit. The reason was that “statue” is not a BIP word, so we realized it should be tricky.
The words “Anders C” can be made out at the bottom, so we figured it was a reference to Anders Celsius, which would link it to BIP words via the word “degree”. Of course, the actual word we were interested in was “Celsius”.
Pear
The real fun started when the Experty team released the full version of the image (as opposed to the compressed one on Twitter). There was no convincing BIP word for the pear, so we took a closer look at the shape. There’s something interesting to make out:
If you invert the colors it’s easier to see, there are 13 points in there. Initially we thought they might represent an ordering, but since they don’t correspond to the position of the fruits in the image, and they seem somewhat “ordered” already, we figured connecting them is a good idea:
They show a symbol that we figured out belongs to the “Lisk” crypto project. Cool little puzzle.
Cherry
Another fruit where we thought the BIP word was definitely correct, “casino”. But then, what was that “NEW” reference?
In this case, the fact that the numbers were hidden behind casino references caught our eye, because it needed decoding and that seemed excessive. So looking at the image with a little creative eye, one could read it as :
38.63N
E
84.58WMap coordinates! They lead to
a random place in Kentucky. It was at about this point that we finally made a connection between the fruits and crypto projects: each fruit has a crypto project corresponding to it! By the way, at this point we were already running bruteforce attempts on 12 bip words, which obviously turned out to be a false path.
Anyway, knowing that we need a crypto project from each fruit, we now turned our eye to…
Pineapple
This was another fun one.
We initially thought that the BIP word for this was “cross” or “across”, but it turns out that “cross” was emphasized as a puzzle mechanic. Once we knew we needed a crypto project, we figured we need to draw a line between Makassar and Waikabubak , and another from Bali to Labuhanbajo. The intersection falls close to “Komodo” National Park! Awesome little puzzle!
Grapes
This one was a bit easier. We already were sure that the BIP word for it should be “icon”, and we had heard of the “ICON” project. Not much to say about it.
Plum
We figured this one out quickly but only after knowing we need another crypto name. Of course, the initial BIP word was “barrel” as it was very obvious.
But a search for that symbol showed it is the greek letter “theta” (ϑ) which is another well known project.
Banana
This one was also very easy to connect to a project. Our initial BIP tries were along the lines of “dog”,”hover”,”board”…
Of course that looks like the well known “Doge” meme, which is what one of the oldest crypto projects used as an inspiration for the name.
Orange
The 2nd to last project we figured out. Everyone was sure of this BIP word, “mask”.
A day after we found all the other projects, we figured searching for the actual film “The Mask” is worth a try. The results showed this:
Since we were familar with the crypto project “Loki” we instantly figured out that has to be the reference.
Strawberry
The last and the most ambiguous one to find was the strawberry project.
Finding a reference for this code is easy enough, since the code shown is also on wiki, https://en.wikipedia.org/wiki/CLU_(programming_language).
Of course, we thought the BIP word should be “cluster”, but what crypto could correspond to it? The CLU programming language was based on ALGOL, which could be taken as a reference to Algorand, but that’s not good enough.
It’s important to note that the overall aesthetic on the right side of the image is futuristic, with neon lines on the clothing of pedestrians and such. At some point we found a reference to the film TRON, which featured a character called Clu (https://tron.fandom.com/wiki/Clu) so we were reasonably sure that the last project has to be “Tron” (but not certain).
Final seed phrase
At first we didn’t know what to make of the crypto project names, we tried ordering the BIP words by project market caps, alphabetically, etc. We did a lot of bruteforce on BIP words. On the 19th of May, Experty tweeted out that the final “seed phrase” contained 6 “E” letters. Our seed phrase made up of crypto projects had 6 “E” letters so we were reasonably sure we had the right answer. We tried a few ways to derive a key from it, with no luck.
On the 20th of May, Experty tweeted out that one of the seed words is the word “experty”. This helped a lot, as it made us very confident that what we had was correct. It also showed that the words should be lowercase! The seed phrase should be very close to:
chainlink experty golem theta icon komodo loki lisk tron doge ark celsius
(or maybe dogecoin instead of doge, and link instead of chainlink)
So we proceeded to bruteforce different key derivation algorithms (SHA256, SHA3, KECCAK256) for different projects instead of Tron (since we weren’t 100% on that). No luck.
Solution
Finally, we had luck with a less known key derivation function that was used to generate Ethereum presale wallets. You can find a script that generates private keys for seed phrases in this way, here:
https://github.com/vergl4s/ethereum-mnemonic-utils
And for completeness, here’s a very short script that makes use of the code above and generates the private key and the address for a given seed phrase:
from mnemonic_utils import mnemonic_to_private_key
from eth_keys import keysprivate_key = mnemonic_to_private_key("chainlink experty golem theta icon komodo loki lisk tron doge ark celsius")priv_key = keys.PrivateKey(private_key)
pub_key = priv_key.public_key
addr=pub_key.to_checksum_address()print("Private key is: ",private_key.hex())
print("Address for private key is: ",addr)
Running this will give:
Private key is: e6186fa5bee8e81711c051f7c6cc8f04633e0cb5915bd38fb9a3e82df0f127d4
Address for private key is: 0xE1a1FB076aC961E31Cb0345ba912F3eB9A35eC5FSuccess!
Acknowledgements
Thank you very much to the Experty.io team and Adam Lapko for designing both the original artwork and the puzzle itself, it was a very fun challenge and it drew a large crowd of potential solves.
Big thanks to mpeg for teaming up with me on this one! He is the one who actually found the old derivation script and pulled the funds! We’ve been sitting on the entire seed phrase for almost a week but we didn’t know what to do with it for the longest time…
Also, thanks to codecrafting for providing some awesome Golang bruteforcing scripts, as well as assisting with the bruting process. In the end the scripts weren’t needed, but they’ll certainly be useful in the future.
