A system architect cracked the seed phrase and won a bounty of 100,000 satoshis, or 0.001 bitcoin, worth $29, in less than half an hour. Living in Boston is Andrew Fraser. Therefore, he emphasized the importance of keeping the seed phrase of your Bitcoin wallet safe and offline.
The seed phrase or recovery phrase is a series of random words generated with the wallet and used to access the wallet, similar to a master key.Fraser cracked a 12-word seed phrase owned by Bitcoin educator “Wicked Bitcoin” share On Twitter:
“Anyone want to try and crack this 100,000 sats safe 12 word seed phrase? I’ll give you all 12 words, but in no particular order.
As the picture shows, Wicked’s tweet asked users to decipher the correct sequence of the 12-word mnemonic.
Interestingly, it took Andrew Fraser just 25 minutes to unlock 100,000 Satoshi, worth almost $30. The incident is a timely reminder to bitcoin users and enthusiasts to take crypto security seriously.
Fraser cracked the code using the BTCrecover software application available on GitHub. The software offers a wide range of tools to identify seed phrases as well as utilities for remembering missing or garbled words and passphrase cracking utilities. Via Twitter DM, Fraser said:
“My gaming GPU was able to determine the correct sequence of seed phrases in about 25 minutes. Although more powerful systems would do it faster.”
Anyone with a basic knowledge of running Python scripts, using the Windows command shell, and understanding the Bitcoin protocol (especially the ability to memorize BIP39) can do it, he noted.
Regarding the security of the 12-word seed key, Fraser explained that “they are completely secure if the attacker does not know the words, or uses the passphrase ‘from the 13th seed’ in the code path of the wallet”.
Additionally, he highlights the excellent security of the 24-word seed key.
“Even if an attacker knew the words out of order in the 24-word seed key, they would never be able to find the exact seed phrase.”
Fraser analyzed entropy calculations to explain the difference in security between the two seed keys. A 12-word seed key has approximately 128 bits of entropy, while 24 words have 256 bits. When an attacker knows the scrambled words of a 12-word seed, there are only about 5 billion possible combinations, so it’s relatively easy to test with a good GPU. However, a 24-word seed has about 6.24^24 combinations, and this sequence contains many trailing zeros.
Finally, a timely reminder to readers not to make the mnemonic phrase public or share it online. This means that the root word should not be stored in a password manager or cloud storage solution, and certainly not imported to the phone.
Fraser also emphasized the importance of keeping the root key secret and utilizing passphrases as part of the pipeline.
- Here’s Why Billionaire Ray Dalio Holds Some Bitcoin Even If He’s Not a Fan
- Bitcoin (BTC) is on a rollercoaster ride, causing volatility across the market
- New PoW leader? KAS Economic and Market Data Guide
As reported by Cointelegraph