Bots Wage RBF Fee War to Drain Wallets with Exposed Private Keys

Bitcoin-monitoring bots instantly drained a compromised SegWit wallet after detecting two small BTC deposits sent to an address whose private key was derived from a public coinbase txid (block 924,982). On-chain data shows the wallet received 0.00020305 BTC in two inputs; bots swept the funds within minutes using signed transactions and aggressive replace-by-fee (RBF) bidding. One spend used ~12.8 sat/vB, another used 4.8 sat/vB, and competing RBF replacements caused sudden sat/vB jumps in the mempool as bots outbid each other. The result: the wallet ended with zero balance and most of the deposited value consumed by fees. Analysts note the attack vector is predictable or low-entropy private keys (e.g., using txids or block hashes as seeds). Bots precompute addresses from public data, monitor the mempool, and immediately send higher-fee RBF transactions to ensure miner inclusion. Traders should note this incident highlights operational risks (funds sent to predictable addresses can be lost instantly) and demonstrates how automated RBF competition can burn deposited value. Primary keywords: Bitcoin, RBF, mempool, private key compromise, bots. Secondary/semantic keywords: fee war, sat/vB, address sweep, low-entropy keys. Actionable takeaways for traders: avoid sending funds to unfamiliar or nonstandard addresses without verification; custodial and self-custody providers should ensure seed entropy and avoid deriving keys from public block data; expect occasional mempool fee volatility when automated sweeps occur.