An extraordinary feat of a system architect: how he cracked the bitcoin wallet’s key phrase
A representative of the systems architect profession has accomplished a feat of extraordinary proportions. In particular, he successfully decrypted a key phrase, for which he received a reward of 100,000 satoshi, which is equivalent to 0.001 bitcoin and is currently worth a modest amount of about $29.
For context, the time required to accomplish this feat was just under half an hour. As a result, Cointelegraph spoke with Andrew Fraser, who lives in Boston. Fraser went on to argue the extreme importance of keeping the bitcoin wallet’s passphrase safe and offline.
How the security of cryptocurrencies can depend on the stability of a key phrase
Essentially, a passphrase or recovery phrase is a sequence of random words that are generated during the wallet creation process. Accordingly, this sequence of words functions as a master key that can grant access to the wallet. Fraser used an unorthodox method known as brute force to crack the 12-word passphrase shared on Twitter by a bitcoin educator known as “Evil Bitcoin.”
Anyone want to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL.https://t.co/c9FyMv3HYM pic.twitter.com/nPGTB9bX2g
— Wicked (@w_s_bitcoin) April 26, 2023
It took Fraser an extremely short amount of time to unlock 100,000 satoshis; he did it in just 25 minutes. Given the sequence of events, this is a good time to remind bitcoin users and crypto enthusiasts to take cryptographic security seriously.
BTCrecover: a tool that helped crack a bitcoin wallet passphrase
BTCrecover, an application software available on GitHub, was the tool Frazier chose to crack the code. The software comes with a set of utilities, including tools that can identify initial phrases with missing or encrypted mnemonics, as well as tools to crack passphrases. In a series of direct messages on Twitter, Fraser told Cointelegraph the following:
“My gaming GPU was able to determine the correct order of the opening phrase in about 25 minutes. A more powerful system would have done it much faster, though.”
Bitcoin wallet passphrase hacking: a reminder of the importance of cryptographic security
Cointelegraph asked Fraser about the security of 12-word initial keys. He explained that they are “absolutely secure if the words remain unknown to the attacker or if the wallet’s derivation chain uses the key phrase ’13th initial word’.” In addition, he emphasized that 24-word initial keys are better from a security perspective.
“Even if an attacker knew that the words in the user’s 24-word key were in the wrong order, they still wouldn’t be able to find the correct key.”
24-words > 12-words 🤪
— 2037 (@btc2037) April 27, 2023
How knowledge of Python and BIP39 mnemonics helped to crack a bitcoin wallet’s passphrase
Even with a 12-word passphrase, the likelihood of an attacker successfully cracking it is extremely low. Although a 24-word passphrase is better, Wicked emphasized in its passphrase competition results report that “it’s not going to be cracked, dammit.”
Ultimately, the aforementioned series of events serves as a timely reminder to readers that their key phrases should never be published or shared online.