You don't need to monitor all the transactions in the block chain. The attacker gives you the exact address containing the bounty (hashed_secret). There is no extra information in the block chain that would make brute forcing easier. And brute forcing the public key directly is computationally unfeasible (O(2^256) complexity).
A Bitcoin (ECDSA) private address is a 256-bit binary blob: priv_key
The corresponding ECDSA public key is either represented as <x><y> (curve coordinates, "uncompressed format") or <sign><y> ("compressed format"): pub_key
A Bitcoin address (eg. 1BGbGFBhsXYq6kTyjSC9AHRe1dhe76tD6i) is basically: base58(RIPEMD160(SHA256(pub_key))), plus a version byte, plus a 16-bit checksum
So the "secret" is: SHA256(pub_key)
And the "hashed_secret" is: RIPEMD160(SHA256(pub_key))
A Bitcoin (ECDSA) private address is a 256-bit binary blob: priv_key
The corresponding ECDSA public key is either represented as <x><y> (curve coordinates, "uncompressed format") or <sign><y> ("compressed format"): pub_key
A Bitcoin address (eg. 1BGbGFBhsXYq6kTyjSC9AHRe1dhe76tD6i) is basically: base58(RIPEMD160(SHA256(pub_key))), plus a version byte, plus a 16-bit checksum
So the "secret" is: SHA256(pub_key) And the "hashed_secret" is: RIPEMD160(SHA256(pub_key))