A systems architect cracked a seed phrase and won a 100,000 Satoshi bounty, or 0.001 Bitcoin (BTC), worth $29, in just under half an hour. Cointelegraph spoke to Andrew Fraser in Boston, who underscored how critical it is to keep a Bitcoin wallet seed phrase secure and offline.
A seed phrase or recovery phrase is a string of random words generated when a wallet is created that can access the wallet, similar to a master key. Fraser brute forced a 12-word seed phrase that Bitcoin educator “Wicked Bitcoin” shared on Twitter:
Anyone want to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL.https://t.co/c9FyMv3HYM pic.twitter.com/nPGTB9bX2g
— Wicked (@w_s_bitcoin) April 26, 2023
As shown, Wicked’s Tweet challenged users to decipher the correct order of the 12-word seed phrase.
“Anyone wants to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL.”
It took just 25 minutes to unlock the 100,000 Satoshis–or just under $30. The incident serves as a timely reminder for Bitcoin users and crypto enthusiasts to take crypto security seriously.
Fraser cracked the code using BTCrecover, a software application available on GitHub. The software offers a range of tools that can determine seed phrases with missing or scrambled mnemonics and passphrase-cracking utilities. Over Twitter DMs, Fraser told Cointelegraph:
“My gaming GPU was able to determine the correct order of the seed phrase in about 25 minutes. Though a more capable system would do it much faster.”
He noted that anyone with a basic knowledge of running Python scripts, using the Windows command shell, and understanding the Bitcoin protocol–particularly BIP39 mnemonics– should be able to replicate his success.
Cointelegraph queried Fraser about the security of 12-word seed keys. Fraser explained they are “perfectly secure if the words remain unknown to an attacker or there is a passphrase ’13th seed word’ used in the derivation path of the wallet.”
Moreover, he emphasized the superior security of 24-word seed keys.
“Even if an attacker knew the out of order words of your 24-word seed key, they would never stand a hope of discovering the correct seed.”
Fraser broke down the entropy calculations to explain the difference in security between…
Click Here to Read the Full Original Article at Cointelegraph.com News…