A system architect cracked a seed phrase and won a bounty of 100,000 Satoshi, or 0.001 Bitcoin
BTC ($28,911), a $29 value, in just under half an hour. Cointelegraph spoke to Andrew Fraser in Boston, who highlighted how essential it is to keep a Bitcoin wallet seed phrase secure and offline. A seed phrase or recovery phrase is a string of random words generated when creating an accessible wallet, such as a master key. Fraser’s bully forced a 12-word sentence that a “bad Bitcoin” Bitcoin teacher shared on Twitter:
As mentioned, Wicked’s Tweet challenged users to figure out the correct order of 12 letter words. It only took 25 minutes to unlock all 100,000 satoshis, costing less than $30. This event serves as a timely reminder to Bitcoin users and crypto enthusiasts to take crypto security seriously. Fraser cracked the code using BTCrecover, a software tool available on GitHub. The software provides various tools that can determine passwords with missing or forged mnemonics and easily cracked passphrases. He said that anyone with basic knowledge of running Python scripts, using the Windows command shell, and understanding the Bitcoin system, especially the BIP39 mnemonics, should be able to replicate his success.
Cointelegraph asked Fraser about the security of the 12-character key. Fraser explained that they “have a good chance if the attacker doesn’t know these words or if there is a ‘thirteen seed’ passphrase used on the road to extract the wallet.”
In addition, he pointed out the high security of the 24-word key.
Fraser broke down entropy calculations to explain the difference in security between the two types of seed keys. Twelve words have about 128 bits of entropy, while 24 words have 256 bits. When an attacker knows these unwritten words in a sequence of twelve characters, there are only about half a billion possible combinations, which are easy to test with a good GPU. A 24-word string, however, has about 6.24^24 possible combinations – and that’s a lot of zeros.
Even the chances of an attacker cracking a 12-character password are negligible. A 24-word phrase might be too much, but as the evil villain points out in a dead-end challenge phrase, “it won’t be a hack.”
Finally, it is a timely reminder to readers to ensure that keywords are not published or shared online. That means passwords shouldn’t be stored in a password manager or cloud storage solution, and they shouldn’t be stored on the phone. Fraser emphasized the importance of keeping seed keys secret and generating working fonts as part of the publishing process. About the 100,000 sats Fraser brought home? Fraser tweeted that he had them for dinner that night: chicken marsala. Talk about a circular economy.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up