Bitcoin Forum

This reveals to us the reason we should perfectly save and protect our seed phrase, it has been revealed again if parts of the words that form the phrase are known, the remaining words can be known to hackers. John Cantrell, a bitcoin and lightning network project developer  revealed how he successfully hacked bit coin wallet, he said the reason he was able to successfully hack the wallet was because eight out of 12 word phrase was publicly exposed, he said knowing only five out of the 12 words can result to a successful hack also. You can read the whole gist through below link.

https://cointelegraph.com/news/developer-who-successfully-hacked-bitcoin-wallet-ensures-bitcoin-is-still-safe
https://cointelegraph.com/news/developer-successfully-hacks-bitcoin-wallet-to-win-a-contest

Let us be careful of our seed phrase, if part of it is known, the whole words are no longer safe, if the whole 12 words are know, the wallet will be hacked. That is why I even prefer longer phrase, I like 24 words because I think it is safer but the fact is that be it 12 or 24 words, it must be well protected. If none of the word is reveal, it will take hackers 2^128 guess before they can know the complete 12 phrase which is not possible.

John Cantrell concluded that the only way Bitcoin is not secure is when seed words are revealed. “Your bitcoin is safe.  2^128 is a REALLY big number. Just don't let anyone near your seed words".

What a garbage clickbate article, "hacked bitcoin wallet" can mean so many different things, starting from a software flaw and ending with quantum computers, but of course in reality this is the most boring case - a partially known seed phrase.


Breaking news, water is wet!

John Cantrell only talked about seed phrase to be protected? That is right but he ought to talk about other ways that can lead to bitcoin wallet hack. Have you read this article before:

https://bitcointalk.org/index.php?topic=5235930.msg54107672#msg54107672
https://bitcointalk.org/index.php?topic=5235930.msg54107672#msg54107672

From the article, there are other ways wallet can be hacked, and suggested ways to avoid this. There is even a new thread now about how we can secure seed phrase:

https://bitcointalk.org/index.php?topic=5256197.msg54635541#msg54635541

So, telling only about seed phrase to protect wallet is not enough.

Hackers always have new ideas to take down and hack platforms, sites, wallets, exchanges, and other things in order to get their goals. Well, as in this crypto world, hacker will always exist for many reasons. First, they are looking for money to hack, testing how to secure a platform or wallets or even only to take some pride.

Related to the quote above, I have some opinion:
1. Hackers can even hack an account not only by knowing their seed phrase, but sometimes, they don't know the details f the personal data such as password, phrase, PN, private key, and others. But, they are able to hack accounts. They are smart enough.
2. Hackers will always have certain targets to hack, t probably because of the big money, popularity, or other reasons, moreover if they can hack something big, they will be proud of it.
3. How can someone expose their seed phrase? Seed phrase, Private key, password, PIN, and other personal data are very crucial and we cannot expose it to the public or even someone else. If they are exposed, don't blame hackers or other people to hack your account. Therefore, it is always stated in the sites, wallet, or exchanges that we must secure highly our personal data from other parties, whoever they are. It is to prevent hackers or other unwilling condition.

Your point is more centralized on exchanges and online wallets or hardware wallet with security vunirabilities, if talking about paper wallet  or hardware wallet without security vulnerabilities, it will be difficult for hackers to get through. For example, I have my ledger nano s, ledger nano x or trezor one which are believe are the best hardware wallets, my private keys are totally offline, with that, I still make sure I operate it on devices that contain no malware, or assumed not to contain malware and still to be careful of anymalware attack that can change my wallet address to hackers address. All the address used are generated from xpub in a way my private key is always offline. So, how can hackers get through.

How about using airgapped device, this way too, no malware can attack as my airgapped device is always offline and in no connection with anything that can results to malware installation.

He succeeded to hack it using eight words from the 12 words seed when he admitted that this is possible using only five words. This doesn't look convincible for me.
And according to the article mentioned in op, John Cantrell said in a one of his tweets that bitcoin is still safe. Really?
Noting that Mr John Cantrell have just said that he brute forced the missing words of the seed. So if this is really possible then say Goodbye to the whole bitcoin protocole as described by Satoshi.
Indeed, i don't think this is possible. And even so, this would cost much more than the hacker would get from accessing any wallet. As i don't think a wallet containing thousands of bitcoins would have its seed partially revealed even for a genius hacker.

He is not taking about other ways wallets can be hacked, he only talked about the way he successfully hacked bitcoin wallet. Read the whole news before any complain. This was a practical he made and told the result for anyone that has bit coin wallet to protect their seed phrase. Although, he supposed to talk about other ways hackers access another persons wallets though, emphasizing on private keys and malware.


The news can be like water is wet to you but not to everyone, some are new to crypto. Telling people that have bitcoin wallet to keep their seed phrase is nothing bad, because you are not new to crypto does not mean some people are not new to crypto, have you not surprised before how some people are just easily scammed cheaply? Telling about this is not bad at all.

Protect your private key and seed phrase, avoid malware and still always be careful of hackers, use offline wallets, then bitcoin is safe.

If you do not use Shamir's Secret Sharing and part of the seed phrase words is revealed to hackers, then, the whole 12 words can be generated by the hackers, using 24 words seed phrase could be better but the whole seed phrase are still likely to be known to hackers if some of the words are known but with more difficulties.

I hope you get what I explained above, it is very possible to fully know the whole seed phrase words from just only knowing five or more words of the seed phrase but that does not mean bitcoin is not safe if you properly back up your seed phrase in a place not accessible to hackers and also to be careful of malware.

How many Bitcoin wallets have been hacked already? Just one or two? I don't know what is the intention of this because ain't that convincing to me, to be honest. I don't know also if John Cantrell is telling a lie but certainly what he does is telling everyone that having these 12 words seeds isn't enough. Should we need to double it and make it 24 words seeds so there is no chance to hacked? That sounds interesting and this person is actually beyond his knowledge telling and such having this hacking skill is also beyond excellent.
Someone could hire him by now... :D

The majority is still confused with how the word Bitcoin can be used to refer to different things. A lot are hastily jumping into the conclusion that Bitcoin isn't safe after Cantrell's successful hack of a Bitcoin address from a certain Bitcoin wallet and won a Bitcoin.

At the end of the day, everything boils down not to the Bitcoin network's feature, nor to the Bitcoin address, nor to the Bitcoin wallet's security, and so on, but to the Bitcoin (BTC) owner himself/herself. And it is not even worth talking of a successful hack if, in the first place, the seed is exposed due to poor handling by the owner.

It is better to refer on the original article instead of this clickbait, because he hadn't hacked bitcoin wallet nor bitcoin network itself. Consider it as an instructive example of what you should never do when doing back ups of your seed phrase or what should you do when create a new wallet, for example. This is very interesting article in the first place because it gives some useful information on how wallet is created, how private key is generated, how secure a seed phrase actually is when part of it is exposed. After you read it carefully, it will become obvious for you that 24 word seed phrase is harder to brute force, it is safer to use an additional passphrase, don't use first generated addresses to hold big amounts, seed phrase splitting is a stupid idea.

As expected, this title is a typical clickbait. This, after all, as already mentioned in the messages above, is possible only in case of a miscalculation by the owner of the wallet.

You should link this article (https://cointelegraph.com/news/developer-successfully-hacks-bitcoin-wallet-to-win-a-contest), not that one. That didn't even explain how John Cantrell brutforced the mnemonic when he had 8 out of the 12 words. This basically reveals that, if you aren't an idiot, don't spread your private keys and seed phrases. ;D. It's not even hacking at this point, change the title to instead "Guessing the menmonic of a bitcoin wallet". Probably a lot better. Calling it "Hacking" is like insulting all the hackers out there that have hacked various systems, from a school based system to bank account systems.

There are more than one or two bitcoin wallets hacked already, its just some of the hackers publicly share their findings and others are black hat ones who always are hacking but not sharing their trophies. Everyone used to make brainwallets back in the starting days of bitcoin, but there was also a flaw in that method and was also easily crackable by a technically sound person, a researcher in DEFCON made a seminar about brain wallets and how he could have easily stolen more than 100 bitcoins pretty easily but he didn't and after some time those wallets were emptied by someone, it can be the owner of those wallets or can be the work of a hacker, no one knows the whole truth.

I have added it already. The link is also talking about hack. And according to the thread, we should also know that there are many ways hackers can still hack a wallet rather than only the use of seed phrase.

Such news is just to get more clicks, but it is incorrect.
Even with the knowledge of 8 words out of 12 words, the possibility of penetration is still very difficult.

2048⁴ combinations of 8 BIP-39 words  with faster miner 28,000,000 MH/s 2048⁴/ 28,000,000 = 628292.3587 Years

This number is not small and I don’t think anyone will wait for all those years

I think if you have the machine to do what it takes to input all of the possible phrase words included in one wallet, it's possible. It just takes processing power and time for sure. I don't know if that article is just to "add" into the list of Cointelegraph's list of articles, but the title makes it seem that Bitcoin could be hacked, and it reflects negatively to new users IMO. We all know that most people base their opinions on just the title itself. It happens here in the forum as well, lol.

Title of article looks like there was one genious out of sight out of mind who came and hacked bitcoin wallet but in reality what happened, it's a shame someone from cointelegraph decided to publish article on it and it's another shame editors approved this article.
If anyone loudly screams: cream - note - paper - image - chair.... and etc are my seed phrases and can you guess the right combination? - Of course, such wallets will be hacked easily. Also saying that you have to protect your wallet is meaningless cause everyone knows they should! This proposal sounds like when you worry and someone advises to relax and not worry.

crwth
Bruteforce is a sure way to hack anything but it's another task how many devices and centuries you'll need to hack it.

If you succeed in hacking by knowing that some of the seed phrases, you are not hacker in my opinion. The hacker should not know
seed phrases can hack wallets. There have been many incidents of hackers who have successfully hacked online exchanges and wallets,
so this is done by John Cantrell is a normal thing that can be done by some people who have basic programmers. Even so we are required
be careful in storing the seed phrase that we have, so that our account is not easily hacked.

It only took John Cantrell thirty hours to crack a bitcoin wallet by selecting combinations of words. True, it is not yet clear whether he used a special program for this, or whether this happened by manually sorting through the various options. In any case, the situation is frightening. It was said earlier that there may be too many such options, so do not worry about it. However, there are more and more wallets, which is why hackers are getting better chances.
This can happen with any wallet, including MyEtherWallet. After all, many are now talking about hacking their wallets.

Well, luck plays a major role in brute-forcing stuff. I don’t know. You could unlock a couple of wallets and maybe stumble upon a wallet that has crypto in it. It’s not ideal, but it could happen. Certainly not in our lifetime, though. People should be aware of that kind of possibility, but the chances are minuscule.

The problem with people who invested without learning the whole system, chances that hackers will penetrate
them is very possible as there are lots of penetrators who
wanted to hacked  every available wallets. Though it's still not an easy task but the possibilities that being showed
is really alarming, needs to take care of your assets carefully.
People who are in this business needs to look for deeper understanding in terms of protecting their assets and lessen
the chance of being hacked.