$8.7 billion in OG Bitcoin moved in possible address upgrade, no signs of selling: Arkham
Powered by ChatGPTMore than 80,000 $BTC worth over $8.7 billion were transferred after 14 years of dormancy on Friday, sparking speculation around the potential ownership and reason for the sudden movement. According to the onchain analytics platform Arkham, the transfers may simply be related to address upgrades, and there is no indication the whale is selling Bitcoin.
Two addresses holding 10,000 $BTC each, valued at just $7,800 when their initial inbound transfer was received in April 2011, woke up first. Over the 14 years of dormancy, the 10,000 $BTC in each wallet has appreciated by 13,982,800% in value, rising to nearly $1.1 billion.
Lookonchain suggested the same entity controlled both addresses, as well as six other addresses that also received around 10,000 $BTC each on May 4, 2011, when the price of Bitcoin had risen to $3.37. Those six addresses then subsequently transferred their 10,000 $BTC later on Friday.
Wild speculation about the owner of the substantial Bitcoin stash followed, with suggestions from "Bitcoin Jesus" turned Bitcoin Cash evangelist Roger Ver to the CIA and Satoshi Nakamoto themself being behind the transfers.
Coinbase Director of Product Strategy and Business Operations said the Bitcoin appeared to originate from a single miner in 2011 — noting that they had an address with 200,000 $BTC in it at one point, worth $22 billion today. Grogan later suggested there is a small possibility the funds were hacked via compromised private keys, pointing to an initial BCH test transaction from one of the clusters — also leading to the Roger Ver speculation. "There is a possibility that the owner was testing the private key in a way that wouldn't get noticed, as BCH isn't monitored heavily by whale-watching services," he wrote on X.
None of the receiving addresses have moved the funds again so far, and there is no indication of mixer use or other activity that may indicate foul play. Arkham noted that the majority of the funds had moved from legacy Bitcoin addresses to bech32 addresses, indicating that the owner may have finally just rotated to a more secure modern address format, given the substantial value.
"These coins date back to 2011, before the BIP39 standard existed," Ledger CTO Charles Guillemet noted following the transfers. "Back then, private keys were managed individually per address, with no hardware wallet support (even today)," he explained. "This suggests the keys were stored in a wallet.dat file, and the transaction was likely signed using a software wallet like Electrum. From a security standpoint, this is absolutely insane!"
Legacy Bitcoin wallet.dat addresses are less secure because early Bitcoin Core used outdated key generation, with weak random number generators and often uncompressed public keys. These flaws made private keys easier to guess and public keys more exposed to certain attacks. Hackers could exploit poor randomness, key reuse, or leaks to try and crack them. Modern wallets are safer thanks to stronger randomness, hierarchical deterministic key derivation, and newer address formats introduced with SegWit in 2017.
Starting with a 1, these legacy Pay-to-PubKey-Hash (P2PKH) addresses are the oldest style of Bitcoin addresses. After that came Pay-to-Script-Hash (P2SH) addresses starting with 3, then native SegWit (P2WPKH) addresses starting with bc1q, and finally Taproot (P2TR) addresses starting with bc1p — the most up-to-date format.
However, while the upgraded address format theory is a possible explanation, one of the 10,000 $BTC transfers was sent to another legacy address rather than a more modern format, so it may not be the only one. The exact reason for the transfers, as well as the owner's identity, remains uncertain.