Bitcoin fan breaks 12-word seed phrase

An adversary who has access to the unordered words of a 12-word seed can use a GPU to test 500,000,000,000 different possibilities.

Bitcoin fan breaks 12-word seed phrase
Bitcoin fan breaks 12-word seed phrase

In less than half an hour, a systems architect solved a seed phrase and won a reward of 100,000 Satoshi, or 0.001 Bitcoin, worth $29 USD.

Similar to a master key, a seed phrase or recovery phrase is a string of arbitrary words generated when a wallet is created that can be used to access the wallet.

Fraser brute-forced a 12-word password phrase that a “Wicked Bitcoin” educator shared on Twitter.

“Anyone wants to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL.”

It took only 25 minutes to acquire the 100,000 satoshis, equivalent to approximately $30. The incident reminds Bitcoin users and crypto enthusiasts to take crypto security seriously.

Fraser deciphered the code using BTCrecover, a GitHub-hosted software application.

The software provides a variety of tools for identifying seed phrases with absent or jumbled mnemonics and passphrase-cracking utilities.

Fraser stated via Twitter Direct Messages:

“My gaming GPU was able to determine the correct order of the seed phrase in about 25 minutes. Though a more capable system would do it much faster.”

He noted that anyone with a rudimentary comprehension of running Python scripts, utilizing the Windows command shell, and comprehending the Bitcoin protocol—especially BIP39 mnemonics—should be able to replicate his accomplishment.

Fraser explained that they are “perfectly secure if the words remain unknown to an attacker or if there is a passphrase “13th seed word” used in the derivation path of the wallet.”

In addition, he highlighted the superior security of 24-word seed keys.

“Even if an attacker knew the out of order words of your 24-word seed key, they would never stand a hope of discovering the correct seed.”

Fraser dissected the entropy calculations to illustrate the security difference between the two categories of seed keys.

A 12-word seed has about 128 bits of entropy, whereas a 24-word seed has 256 bits.

When an adversary knows the unordered words of a 12-word seed, there are approximately 500,000,000,000 possible combinations, which is relatively simple to test with a GPU.

A 24-word seed has approximately 6.2424 possible combinations, which is a lot of zeroes.

Even the likelihood of an assailant deciphering a 12-word seed phrase is absurd.

A 24-word seed phrase may be preferable, but as Wicked noted in their analysis of the seed phrase challenge, “it’s not going to be hacked, tbh.”

Ultimately, it serves as a timely reminder to readers to never publish or spread seed phrases online.

This means that seed phrases should not be retained in a password manager or cloud storage solution, nor should they be entered on a mobile device.

Additionally, Fraser emphasized the significance of keeping seed keys secret and utilizing a passphrase that functions as part of the derivation path.


https://link.space/@tok99toto ladangtoto link alternatif ok88 deposit dana ladangtoto rtp maxwin k86toto login tok99toto https://thewatchmakerproject.com/ https://mannawasalwa.ac.id/3/ladang-toto/ https://mannawasalwa.ac.id/3/s-mania/ https://bintangara.tabalongkab.go.id/public/klik88/ https://klik88.bintangara.tabalongkab.go.id/ https://ladangtoto.sakt1.co.id/ https://manyao.djmusicvibration.com.in/ https://ww.pn-jayapura.go.id/ ladangtoto slot thailand login k86sport tok99toto login https://slot-toto.pa-sungailiat.go.id/ http://103.3.46.79/funmania/ http://103.101.52.68:8005/kaizen88/ https://link-fun77toto.threeways.id/ https://bandar-fun77toto.diansigmaglobal.id/ https://ptbm.co.id/k86toto/ https://sisfo.diskominfo.pa-malangkota.go.id/ https://ftp.fhunwiku.ac.id/ https://103.181.182.174/ https://www.forex.ntu.edu.tw/tok99/ http://nkquoc.ntt.edu.vn/ https://kgaswe.ac.bw/adm-pulsa/ https://szeus.bintangara.tabalongkab.go.id/ https://ptbm.co.id/togel-hongkong/ https://sdnbeneryk.sch.id/s-88/ https://pta-bali.go.id/img/s-macau/ https://pta-bali.go.id/img/s-x500/ https://pta-bali.go.id/img/angka-jitu/ https://sdnbeneryk.sch.id/s-5k/ https://pta-bali.go.id/img/s-jepang/ http://103.3.46.79/888slot/ https://inspektorat.bondowosokab.go.id/assets/s-thailand/ https://pta-bali.go.id/img/s-taiwan/ https://fun77.bintangara.tabalongkab.go.id/ https://yppdb.or.id/s-macau/ http://103.3.46.79/dana-fun77/ https://yppdb.or.id/pg-soft/ https://galvindo.co.id/fun77toto/ http://103.3.46.79/padma188/ http://103.3.46.79/gateszeus/ https://pa-sukabumi.go.id/img/fun77toto/ https://yppdb.or.id/ladang-toto/ https://pa-blambanganumpu.go.id/img/s-mahjong/ https://yppdb.or.id/ying77/ http://103.3.46.79/slot777/ http://103.3.46.79/slot88/ http://103.3.46.79/slot77/ http://103.3.46.79/dewatoto/ http://103.3.46.79/dewaslot/ https://pa-blambanganumpu.go.id/img/s-dana/ https://pa-blambanganumpu.go.id/img/s-jp/ http://103.3.46.79/hokifun/ http://103.3.46.79/gopayfun/ http://103.3.46.79/danafun/ https://yppdb.or.id/data-sydney/ https://smartech.co.id/fun77toto/ http://161.97.112.139/ https://yppdb.or.id/axiebet/ https://yppdb.or.id/s-bri/ https://yppdb.or.id/s-toto/ https://yppdb.or.id/s-jepang/ https://pa-blambanganumpu.go.id/img/joker-123/ https://yppdb.or.id/ladang-duit/ slot thailand http://103.3.46.79/rumah258/ http://103.3.46.79/megaforwin/ http://103.3.46.79/asia188/ http://103.3.46.79/66kbet/ http://103.3.46.79/gb777/ http://103.3.46.79/gudangtoto/