Bitmex conducted an experiment with brainwallets

[hatshepsut93]

Found this link on reddit - https://blog.bitmex.com/call-me-ishmael/

What the did was they created 8 brainwallets by doing sha256 of some phrase from a work of fiction or lyrics or some literature, and they have put 0.005 BTC into each address. Within a day, all wallets were emptied by hackers. Some wallets were emptied before the funding transaction was even confirmed.

This means that there are people out there who run servers that monitor millions if not billions of pre-generated brainwallets, and as soon as they see a transaction coming in, they immediately sweep it. Newbies often think that a brainwallet is safe because it will take a long time to bruteforce it, but this is wrong, because no one is trying to bruteforce one specific wallet. The cost of this attack is very-very low, you just generate a list of brainwallets as big as you can handle, and then setup a script that listens to new blocks and very quickly checks if tx have been made to addresses in your list. No need to spend any computational power, just a small server that runs 24/7.

[1715064530]

1715064530

[1715064530]

1715064530

[1715064530]

1715064530

[stompix]

Looking at the speed seems like there is at least one server that looking at addresses that have been created using known quotes from literature and another that, and this is quite scary has a lot bigger database, including a simple phrase from Satoshi's whitepaper which is hidden somewhat in the conclusion.

It would have been interesting if he had chosen also two quotes from foreign literature and not translated into English, I somehow doubt they are monitoring really all the possible brain wallets that can be made with all the books in the world. I'm not eager to throw 0.005, especially since I know someone with not so good intention will get that money for that but maybe I'll try with 0.0005 during the weekend.

The cost of this attack is very-very low, you just generate a list of brainwallets as big as you can handle, and then setup a script that listens to new blocks and very quickly checks if tx have been made to addresses in your list.

I would love some feedback on this, in my opinion you still need a pretty decent server to monitor a few tens if not a hundred million addresses.

[hatshepsut93]

I would love some feedback on this, in my opinion you still need a pretty decent server to monitor a few tens if not a hundred million addresses.

This server doesn't need to store the original phrase, only the resulting private key and address. Private keys are just 256 bits, so with a few terabytes of space that's already trillions of possible private keys. One Bitcoin block has a few thousands transactions, so it will have around that order of magnitude outputs. This server just has to lookup each output address in this list of key-address pairs, and lookup is a very fast operation, nearly instant most of the times, even if you're looking up among trillions of entries. This whole thing probably costs less than $100/month.

[buwaytress]

Looking at the speed seems like there is at least one server that looking at addresses that have been created using known quotes from literature and another that, and this is quite scary has a lot bigger database, including a simple phrase from Satoshi's whitepaper which is hidden somewhat in the conclusion.

It would have been interesting if he had chosen also two quotes from foreign literature and not translated into English, I somehow doubt they are monitoring really all the possible brain wallets that can be made with all the books in the world. I'm not eager to throw 0.005, especially since I know someone with not so good intention will get that money for that but maybe I'll try with 0.0005 during the weekend.

The cost of this attack is very-very low, you just generate a list of brainwallets as big as you can handle, and then setup a script that listens to new blocks and very quickly checks if tx have been made to addresses in your list.

I would love some feedback on this, in my opinion you still need a pretty decent server to monitor a few tens if not a hundred million addresses.

I often thought about this too, I speak two languages very well, and about 4 in various degrees, have wondered just how secure it would be if I mixed up some phrases, swapping between English and others. The bonus is that two of those 4 I know don't even have to my knowledge dictionaries so the attacker would have to come from my population of roughly 200,000 people;)

I still do like the brainwallet concept done up like this, but still, I somehow think it's not as secure as my brain believes.

Also agree you would probbaly need SOME kind of cost to run such servers, probably not an individual monitoring what must at least be hundreds of millions of addresses.

[o_e_l_e_o]

Have a read of this thread, particularly the posts by the OP TheArchaeologist and almightyruler - Collection of 18.509 found and used Brainwallets

You can also see the database he created here - https://eli5.eu/brainwallet/

There are some really interesting results discussed in that thread. For example, the address 15jG7moSaWgQADbG45cbvc79sHjKBBnxBk, which is generated from the phrase "letthegoodtimesroll" was used back in 2017. Within 2 seconds (!) of a deposit being broadcast (note simply broadcast, not confirmed), three other transactions had been broadcast trying to sweep the funds to different addresses. If there were 3 servers which were watching that specific address and generating transactions that quickly 3 years ago, then you can bet that in total there are dozens of servers actively monitoring brain wallets and attempting to steal funds today.

This experiment from BitMex confirms what we already know - brain wallets are for the brainless.

[theskillzdatklls]

Looking at the speed seems like there is at least one server that looking at addresses that have been created using known quotes from literature and another that, and this is quite scary has a lot bigger database, including a simple phrase from Satoshi's whitepaper which is hidden somewhat in the conclusion.

It would have been interesting if he had chosen also two quotes from foreign literature and not translated into English, I somehow doubt they are monitoring really all the possible brain wallets that can be made with all the books in the world. I'm not eager to throw 0.005, especially since I know someone with not so good intention will get that money for that but maybe I'll try with 0.0005 during the weekend.

The cost of this attack is very-very low, you just generate a list of brainwallets as big as you can handle, and then setup a script that listens to new blocks and very quickly checks if tx have been made to addresses in your list.

I would love some feedback on this, in my opinion you still need a pretty decent server to monitor a few tens if not a hundred million addresses.

I often thought about this too, I speak two languages very well, and about 4 in various degrees, have wondered just how secure it would be if I mixed up some phrases, swapping between English and others. The bonus is that two of those 4 I know don't even have to my knowledge dictionaries so the attacker would have to come from my population of roughly 200,000 people;)

I still do like the brainwallet concept done up like this, but still, I somehow think it's not as secure as my brain believes.

Also agree you would probbaly need SOME kind of cost to run such servers, probably not an individual monitoring what must at least be hundreds of millions of addresses.

Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think. I think errors would be better than mix and matching languages but either is very safe as far as I'm concerned.

[hatshepsut93]

Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think. I think errors would be better than mix and matching languages but either is very safe as far as I'm concerned.

Wrong. The article mentions that they have some brainwallets with by picking words from books with some easy pattern and that the funds are still there after a long period of time, but this doesn't mean that this is a secure way to store Bitcoins. Eventually someone will come up with the same pattern and will build a database for potential brainwallets, and because computational power and storage only gets cheaper with years, and as Bitcoin gets more popular, more hackers will be doing this, it means that the security of brainwallets, which is already horrible, will only decrease.

[Casdinyard]

This experiment from BitMex confirms what we already know - brain wallets are for the brainless.

Haha LOL.. Brainwallets aren't that different from normal crypto wallet, yet key phrases are things that you know you can remember (or should I say key phrases that is common and not lives to your brain alone). Sometimes I just wondered, where are the vulnerabilities of this wallet really reside? Also, why would someone use popular words and phrases to use in brainwallet?

I've also wondered, if Bitmex or anyone who would conduct such experiments, how if they've used those mumble raps or multi-language song/s or phrases? Would it still be risky? If that so, then wouldn't it simply indicate that there would be a vulnerability in the server side right?

[dothebeats]

It should be noted that brainwallets are only as good as the people who generated it in their heads. They are crypto wallets just the same, but the level of security that they are offering is not really that effective and tight since people and entities are already running servers that the sole purpose is to monitor and sweep any and every balances that falls under the addresses and wallets they control.

The experiment's conclusion should already be considered greatly; there's nothing new that has been added to the table for this experiment IMO as the outcome is already expected.

[pooya87]

I would love some feedback on this, in my opinion you still need a pretty decent server to monitor a few tens if not a hundred million addresses.

not really. if you run a full node you are already doing this for all the addresses in your wallet. basically each time you receive a transaction in your mempool or in a new block you also check it versus your wallet file. what these thieves do is to simply add a new step after that check to spend the coins they receive in the addresses they have in their wallet right away.
i don't know how optimized the current full node implementations are but the lookup can also be optimized using hashtables and if it is always loaded in memory.

[buwaytress]

Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think. I think errors would be better than mix and matching languages but either is very safe as far as I'm concerned.

Yeah, that's what my brains says, and BitMEX agrees it could be a very secure way to do it (mix with things other people can't possible know and then add with a random variable like dice) but then they didn't think the brainwallet experiment would fail so spectacularly either, now did they?

Problem is our brains can't fathom how easy/difficult things are. So I'd rather not experiment with everything. So far so good for the ones that I do have but then the balances are probably too small, maybe these monitoring servers wait for a threshold too.

[shield132]

There was a challenge on this forum: A challenge to the idea that no-one can create a good brainwallet. There was one bitcoin as a reward on this wallet. Seems nothing have happened from 2012 until 2019 (wallet was created in 2012 but posted on btctalk in 2014). In 2019, there was one bitcoin finally moved but author of that thread has disappeared, so idk whether it was hacked or owner decided to just move that one bitcoin.

Btw there wasn't a need of new experiments, it's clear as day to understand why brainwallets are the terrible idea. Humans aren't a good source of entropy! And it was proven years ago that brainwallets are terrible, contains a high percentage of hack.

[o_e_l_e_o]

Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think.

It doesn't. If a server is checking for your phrase (and there are likely dozens which are) chances are at least one of them is also searching for your swaps or errors. It is trivial to program your database to also look for addresses with common substitutions, letter swaps, added symbols, etc.

I've also wondered, if Bitmex or anyone who would conduct such experiments, how if they've used those mumble raps or multi-language song/s or phrases? Would it still be risky?

Yes, it will still be risky. It might take a little longer for a multi language quote to be broken, but it will be broken at some point. Using a quote, phrase, song lyric, etc. which already exists and is plastered all over the internet is a recipe for disaster.

[kryptqnick]

Found this link on reddit - https://blog.bitmex.com/call-me-ishmael/

What the did was they created 8 brainwallets by doing sha256 of some phrase from a work of fiction or lyrics or some literature, and they have put 0.005 BTC into each address. Within a day, all wallets were emptied by hackers. Some wallets were emptied before the funding transaction was even confirmed.

This means that there are people out there who run servers that monitor millions if not billions of pre-generated brainwallets, and as soon as they see a transaction coming in, they immediately sweep it. Newbies often think that a brainwallet is safe because it will take a long time to bruteforce it, but this is wrong, because no one is trying to bruteforce one specific wallet. The cost of this attack is very-very low, you just generate a list of brainwallets as big as you can handle, and then setup a script that listens to new blocks and very quickly checks if tx have been made to addresses in your list. No need to spend any computational power, just a small server that runs 24/7.

Wow, that seems very dangerous. I've never considered using one of those wallets, but the fact that the phrases are limited to lyrics or literature doesn't make it reassuring. It's worth noting that Bitcoin wiki seems to define a brain wallet differently (focusing just on the fact that one memorizes the passphrase and does not store it anywhere), and while this can be troublesome due to fallible memory, it's not susceptible to hacks in any more way than other wallets, right? I guess this additional terminology confusion can contribute to newbies making the wrong choices (say, you hear someone using the term like Bitcoin wiki does and claiming that a brainwallet is safe, and then you get a brainwallet in the sense describes in the blog).

[bitbollo]

https://bitcointalk.org/index.php?topic=2488493.0
I remember this topic regarding "faults" of brainwallet as a secure way for generating private key... Even an address was used in the past to generate a private key.
I am surprised to see how many bitcoin were at risk due this weakness, despite it can sound initially a suitable method. Bitmex has proved it again!

[BrewMaster]

despite it can sound initially a suitable method.

the problem is exactly this. people sacrifice their security for convenience all the time but sometimes that sacrifice has severe negative consequences. unfortunately when they are not well versed in the topic they are sacrificing (cryptography in this case) the risk of zeroing their security is very high.
the worst part is that programmers who are like this and create tools for people to use like brainwallet sites.

[hatshepsut93]

Btw there wasn't a need of new experiments, it's clear as day to understand why brainwallets are the terrible idea. Humans aren't a good source of entropy! And it was proven years ago that brainwallets are terrible, contains a high percentage of hack.

There's still a lot of people who think that they are smarter than everyone and think that no one will guess their secret phrase. They don't understand that algorithms, human psychology and predictability and raw processing power can make it possible, so having a brainwallet is like having a time bomb - you never know when it will blow up, but there's always a risk that it will happen.

Generating random values and using them as keys has always been a big part of cryptography, but these crypto noobs just throw all that experience out of the window, just because they like a tiny bit of convenience. This convenience is never worth the risk in the long run.

[o_e_l_e_o]

but the fact that the phrases are limited to lyrics or literature doesn't make it reassuring.

They aren't. You simply input any string of data you like, hash it, and use the result as a private key.

It's worth noting that Bitcoin wiki seems to define a brain wallet differently (focusing just on the fact that one memorizes the passphrase and does not store it anywhere), and while this can be troublesome due to fallible memory, it's not susceptible to hacks in any more way than other wallets, right?

It wouldn't be any more susceptible to hacks if the input was long enough and completely random. The trouble is that it never is. It is usually words or phrases, and if it is easily remembered then it is easily cracked. Even when humans think we are being random, we aren't, and any input that someone has come up with themselves will be inherently weak.

[stompix]

Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think.

It doesn't. If a server is checking for your phrase (and there are likely dozens which are) chances are at least one of them is also searching for your swaps or errors. It is trivial to program your database to also look for addresses with common substitutions, letter swaps, added symbols, etc.

Wait a minute...
Ok, as I said first I'm not really sure about the resources needed in the first place but when we start with a phrase and add a single spelling error, aren't the possibilities for it reaching the same results as in trying all combination of private keys? I had a pretty bad day and I'm tired so maybe I'm saying something stupid but taking a phrase like the one in the example:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair

It has 285 characters, of course replacing just one letter won't do much as you a considering just letters and numbers there as just 36x285 possibilities.
But once we do that with two or three the number grows exponentially so for a script to find out all the permutations like for example swapping the first b in the phase with 1 the second with 2 and the third with 3 and do that for the millions of phrases out there I think will start to not be viable anymore.

LE: I know I'm doing it wrong cause the results seem a bit more than weird so before saying again something stupid, how many combinations are in a 285 phase in which 3 of the characters have been replaced by 35 possible variants?

[o_e_l_e_o]

If you are going to replace one random character from 285 possibilities with a random character from a set of 36, then there are 36*285 = 10,260 possibilities.

If you then replace one more random character from 284 possibilities, then there are 10,260*36*284 = 104,898,240 possibilities.

A further character takes that to 1 trillion possibilities.

Sure, such a wallet is likely going to be secure enough for a fairly long time. However, the vast majority of brain wallets are not using long phrases such as this, and just like passwords, any substitutions are the common and predictable ones - O to 0, A to 4, E to 3, and so on.