Not funny problem I opened a wallet that was not mine

[Tichama]

Please fix the back door it's unlockable by even myself let alone bots.

Think of it. Eligible words and eligible phrases. Easy. Please fix this now or economy goes down quick

[LoyceV]

As they say: "extraordinary claims require extraordinary evidence" (source unknown). Please elaborate.

[Tichama]

As they say: "extraordinary claims require extraordinary evidence" (source unknown). Please elaborate.

Download exodus, then install. It shows valid words you can use in white and invalid words in red when you use backup phrase . It will also tell if a backup phrase is eligible

[hosseinimr93]

I guess you could enter a valid seed phrase? Am I right?

A seed phrase usually consists of 12 words. Considering the 4 bits of checksum, these 12 words generate 128 bits of entropy.
This means that there are around 3 * 10³⁸ valid 12-word seed phrases.

It's extremely easy to enter a valid seed phrase.
It's extremely unlikely to enter a seed phrase that has already been generated by someone else and steal the fund.
In other words, you can enter a valid seed phrase and generate valid addresses. But you can't generate funded addresses.

[Tichama]

I guess you could enter a valid seed phrase? Am I right?

A seed phrase usually consists of 12 words. Considering the 4 bits of checksum, these 12 words generate 128 bits of entropy.
This means that there are around 3 * 10³⁸ valid 12-word seed phrases.

It's extremely easy to enter a valid seed phrase.
It's extremely unlikely to enter a seed phrase already generated by someone else and steal the fund.
In other words, you can enter a valid seed phrase and generate valid addresses. But you can't generate funded addresses.

Using just the valid words what is the likelihood of opening a wallet?

Obviously not hard as I did it

[lightfoot]

I guess you could enter a valid seed phrase? Am I right?

A seed phrase usually consists of 12 words. Considering the 4 bits of checksum, these 12 words generate 128 bits of entropy.
This means that there are around 3 * 10³⁸ valid 12-word seed phrases.

It's extremely easy to enter a valid seed phrase.
It's extremely unlikely to enter a seed phrase already generated by someone else and steal the fund.
In other words, you can enter a valid seed phrase and generate valid addresses. But you can't generate funded addresses.

Using just the valid words what is the likelihood of opening a wallet?

Obviously not hard as I did it

Sure, you can open *A* wallet, but since there are a very large number of possible wallet addresses and only a small number of those have actual coin your chances of stumbling on an address with anything in it is pretty low. There are people who look for these kind of intersections, but unless it is a really stupid passphrase it's highly unlikely you will hit anything by trying random seed combos. But give it a go, what's the worst that can happen?

[Tichama]

I guess you could enter a valid seed phrase? Am I right?

A seed phrase usually consists of 12 words. Considering the 4 bits of checksum, these 12 words generate 128 bits of entropy.
This means that there are around 3 * 10³⁸ valid 12-word seed phrases.

It's extremely easy to enter a valid seed phrase.
It's extremely unlikely to enter a seed phrase already generated by someone else and steal the fund.
In other words, you can enter a valid seed phrase and generate valid addresses. But you can't generate funded addresses.

Using just the valid words what is the likelihood of opening a wallet?

Obviously not hard as I did it

Sure, you can open *A* wallet, but since there are a very large number of possible wallet addresses and only a small number of those have actual coin your chances of stumbling on an address with anything in it is pretty low. There are people who look for these kind of intersections, but unless it is a really stupid passphrase it's highly unlikely you will hit anything by trying random seed combos. But give it a go, what's the worst that can happen?

The worst is basically someone opens all wallets with a bot

[lightfoot]

The worst is basically someone opens all wallets with a bot

Sure, but let's think about it: You can open 10,000 wallets a second with a super bot. Off you go.

3*10^38 wallet combinations/10k a second=3*10^34 second.

Divide again by 60 seconds to a minute, 60 minutes to an hour, 24 hours to a day, 365.25 days to a year and you will search all the wallets in:

950,642,634,420,868,507,110,806,905 years.

So be sure to grab a cup of coffee before starting, it may take a bit.

How long before we hit one?

Well, let's take a guess of 100,000,000 wallets with some form of coin in them, just as a starting point. If we divide the above number by 100,000,000 we get:

9,506,426,344,208,685,071 years to find a wallet on average.

So about 9.5 quintillion years and you will most likely find one. Given that the sun will go nova in 4 billion years you have a good solid .0000000420768% chance of hitting a wallet with coin before the sun blows up.

Go go, time's waiting!

[Tichama]

The worst is basically someone opens all wallets with a bot

3*10^38 wallet combinations

How could I have opened one? Obviously not all the words in red are required, just the ones in white

[ranochigo]

How could I have opened one? Obviously not all the words in red are required, just the ones in white

It is statistically improbable.

The combination of words has to be in the correct permutation for your wallet to be recovered. The complexity of being able to find a set of seed phrases that has been used is roughly the same as finding a used private key as well. Provided that your RNG is random enough. If the length of the seed phrase is at least 12 words long, you're fine.

If you have opened someone else's wallet, then there is a problem with your wallet, probably generating seed phrases insecurely.

[lightfoot]

Seriously, was there anything in the wallet you opened? A bitpenny or 100btc?

[pooya87]

You can't call it "a wallet that was not mine" just because you entered some words and saw some addresses. You can type in any random combination of words selected from the 2048-word long wordlist and end up with a valid checksum that lets you derive addresses.
Here is a simple example changing 1 word but changing more would work too. All valid mnemonics:

Code:

bulb piece heavy share impact eyebrow weird copy wish claim crew abandon
bulb piece heavy share impact eyebrow weird copy wish claim crew acquire
bulb piece heavy share impact eyebrow weird copy wish claim crew ahead
bulb piece heavy always impact eyebrow weird copy wish claim crew ahead
bulb piece heavy approve impact eyebrow weird copy wish claim crew ahead

[o_e_l_e_o]

When entering account details to a website, I can input any string of characters as a username and password, but the chances of finding someone else's account by doing this is almost zero.
When entering credit card details online, I can input any string of numbers and other details, but the chances of finding someone else's credit card by doing this is almost zero.
When restoring a wallet, I can enter any combination of words (including with invalid checksums, if I so desire), but the chances of finding someone else's wallet by doing this is almost zero.

[LoyceV]

You're going to be amazed when you find out you can create a Bitcoin private key by rolling a dice! Let's put it this way: any wallet you create is yours.

Maybe this helps: Bitcoin private key aren't secured in a "traditional" way: there is no password or lock on it. There's only a very large number. Anyone can come up with a large number, but nobody will come up with the exact same number.
Theymos puts it like this:

Imagine a massive wall of lockers. Each locker is 1mm by 1mm, and the entire wall of lockers is a square 2 light years on each side. When you choose a private key, you pick one of these lockers at random. When someone sends you bitcoins, there's some magical inbox which puts the bitcoins into your locker without telling the sender anything about the location of your locker.

The lockers don't have locks. If someone knew the location of your locker (ie. your private key), then they could just go take what's in it. Similarly, it's possible to choose a locker at random and find that someone has used it already at some point in the past. But there are just so many lockers that in reality it's never going to happen, even if humanity devotes all of its efforts to searching through all of the lockers.

[BlackHatCoiner]

Obviously not hard as I did it

If you don't own a machine that consumes sun's energy every millisecond, then it's exceedingly hard.

You read what are the chances. There are 2048¹² different combinations, but you found one that was previously generated? Doesn't this seem odd to you? Was your seed phrase a random guess or did you enter the same word eleven times along with the last, checksum valid, twelfth word and it popped you some spent outputs?

Try importing the same mnemonic on electrum, just to confirm that exodus isn't functionating falsely.

[o_e_l_e_o]

There are 2048¹² different combinations

Note that there are only this many combinations if you include all 12 word seed phrases with an invalid checksum. 2048¹² is the same as 2¹³², which makes sense when you consider each of the 12 words encodes 11 bits of data, and 12*11 = 132. However, when you also consider that the last word contains 4 bits of checksum data and only 7 bits of entropy for a 12 word phrase, then the total number of combinations with a valid checksum is actually 2¹³² / 2⁴ = 2¹²⁸.

Edit: Fixed the math, thanks.

[BlackHatCoiner]

Note that there are only this many combinations if you include all 12 word seed phrases with an invalid checksum.

Yep, I had totally forgot that and as I tried, you can't import a seed phrase with an invalid checksum on exodus (see below).  On a twelve-word phrase there are 132 bits of entropy as you said, which leaves us with 4 bits checksum. So, Tichama typed a completely random phrase and it was valid, meaning that he/she succeeded on 1 in 16 chances. Not that difficult, but even that sounds weird.

with a valid checksum is actually 2¹³² - 2⁴ = 2¹²⁸.

Wouldn't that be 2¹³² / 2⁴ = 2¹²⁸ ?

[NotATether]

When entering account details to a website, I can input any string of characters as a username and password, but the chances of finding someone else's account by doing this is almost zero.
When entering credit card details online, I can input any string of numbers and other details, but the chances of finding someone else's credit card by doing this is almost zero.
When restoring a wallet, I can enter any combination of words (including with invalid checksums, if I so desire), but the chances of finding someone else's wallet by doing this is almost zero.

The difference being that your IP address will usually be locked out after a certain number of bad attempts for the first two examples, while there's no such mechanism when restoring from a seed phrase. Maybe that's what OP thinks is a problem.

[pooya87]

The difference being that your IP address will usually be locked out after a certain number of bad attempts for the first two examples, while there's no such mechanism when restoring from a seed phrase. Maybe that's what OP thinks is a problem.

Not if you have direct access to their database, like from a security leak, and then check every permutation against that database assuming the account numbers aren't stored as plaintext and instead are stored as hashes for example.

[o_e_l_e_o]

On a twelve-word phrase there are 132 bits of entropy as you said

132 bits of data; 128 bits of entropy.

The difference being that your IP address will usually be locked out after a certain number of bad attempts for the first two examples, while there's no such mechanism when restoring from a seed phrase. Maybe that's what OP thinks is a problem.

OK sure. Then let's consider the FBI trying to decrypt a criminal's device that they have in their possession, or someone trying to crack the password to an encrypted wallet file. Both have unlimited attempts, both are far quicker processes of simply trying a password compared to generating a private key, converting to a public key, converting to an address, and checking for balance, and both are impossible with a full ASCII password of only around 12+ characters. And yet doing so is still trillions of times easier than stumbling across someone else's seed phrase.