These victims sent some Bitcoin to a hacker address, but their transactions are still unconfirmed on the Bitcoin network. They are currently hanging in limbo, or Bitcoin mempool. These transactions seem to be unconfirmed after many hours because the senders designated a very low transaction fee that’s unattractive to miners.
Bitcoin Core developer Wladimir van der Laan confirmed this to Cointelegraph. “Miners pick the highest fee-rate transactions, but also might have some minimum fee below which they won’t mine transactions at all,” he said.
For instance, one transaction proposed a fee of 2 Satoshis per byte. The expected delay for a transaction with such a low fee is between 35 and 780 minutes. As van der Laan explained, they may never get processed:
“It’s possible they’ll be processed when there is really nothing more attractive in the mempool (e.g. some downtime in the weekend with little new transactions?), but also, it’s possible they’ll never be processed and just forgotten about.”
How these victims can get their money back
The victims with their transactions lingering in mempool can send the same Bitcoin (with the same inputs) to another address they control with higher fees. Even if the miners ever get to processing their original transactions, they will not be confirmed because the Bitcoin protocol checks for the validity of the inputs. Since those inputs would have been spent, the original transactions would be rejected.
Hopefully, at least some of the victims will learn their lesson without paying the price.