Knowing half of the seed phrase words can be used by hackers to brute Force the whole 12 words.
It really depends. If you know 6 out of 12 words and the seed is generated by electrum (best case), then you have to search among 2048
6 = 73,786,976,294,838,206,464 combinations. Having 8 bits of checksum means that you'll have to run through the process of PBKDF2 and HMAC-SHA512 only 2048/(2
8) = 8 times for each seed phrase.
I'll now divide the half of that enormous number with 2
8 to get how many times a hacker will need to repeat this process to exclude the majority of the total possible seeds.
73,786,976,294,838,206,464 / 2
8 = 144,115,188,075,855,872.
So, on average, the hacker will have to perform these functions 144 quadrillion times. Not that I know the exact time required to cover that number, but on my i5 it took around 1-2 minutes to search among 4.1 million, but even if you could, let's say, brute force with 100M per second you would still need 144,115,188 seconds = 2,401,919 minutes = 40,031 hours = 1,667 days to finish. And that is “just” for the majority of the
first derivation path.
Anyway, it isn't dangerous because of a possible brute force. I'd rather say that it's dangerous for the owner to lose funds, not to get stolen. What if that email never comes back? What would you do then? Just use the CheckLockTimeVerify described above and
sleep easy.