Wallet security

[mklnth]

It's been a long time since I lost a word from my seed phrase and I found different tools to find out the missing word. The truth is that it was very easy to find a single word in a series in which I already had 23 correct words. That made me do some research on the security of crypto wallets. As you may already know, it is almost impossible for someone to discover a seed phrase without having any correct words. It would take us thousands of years to figure out a single correct phrase. Instead, if we assume three random words as the correct initial words and alternate these words in different experiments, the waiting time is considerably reduced. This experiment is the one I have been working on in my free time together with several github repositories and I leave you my result in this video:

https://youtu.be/sUPBi7gBecc

Now I ask you, how secure are crypto wallets? Every day I think it is more essential to have a cold wallet.

[1713490781]

1713490781

[1713490781]

1713490781

[1713490781]

1713490781

[mocacinno]

I fell for the clickbait and watched your video... It shows nothing but you using a (what looks like a) clone of iancoleman's site where you show a seed phrase and a derived ETH address. Then you proceed to lookup the balance on two explorers.
And then, the video stops.

I don't know what you intended to proof with this video, but it doesn't show you bruteforcing a seed phrase with 9 unknown words, so it has little or nothing to do with your post.

In other words: if you intended to proof anything, a video of a couple of seconds with no sound showing nothing but a page that has some text on it and a couple of addresses that were funded will not do the trick i'm afraid.

[mklnth]

Yes, you are right, but I do not want to publish the process so that more people do not replicate it, it could be dangerous

[mocacinno]

Yes, you are right, but I do not want to publish the process so that more people do not replicate it, it could be dangerous

Fair enough...
Why don't i generate a new 12 word seed phrase and publicly post 8 of the 12 words,  the first derived address and the derivation path? If you can brute force the 4 missing words, you'd have proven that you have a method that could potentially a thread in real world situations...

EDIT:
SEED: radio blame wonder double before indoor cancel hawk ? ? ? ?
DERIVATION PATH: m/44'/0'/0'/0/0
ADDRESS: 1LU8dS3raRxx2yuGFyVNUJyQPoGHb72Qbz

Good luck!

PS: i wouldn't consider brute forcing 4 out of 12 words of a seed phrase a real "thread" yet, but at least you could prove to us you have the ability to do this, making your video at least plausible.

[mklnth]

I accept the challenge!

[mocacinno]

I accept the challenge!

Good luck!

Do realise that finishing this challenge does not prove that a 12 word seed is insecure. The last word should even be easyer to brute-force since it contains a checksum...

Back to your initial post... I don't think a 12 word seed is insecure, there are 2048^12 possible combinations. If you substract the fact that there's a 4 bit checksum, that's still very secure (128 bit).
The problem might arise if to much of your seed phrase is known to an attacker. But i'm not completely sure how often an attacker has 8 out of 12 words AND their correct sequence in the seed phrase. I guess usually he/she will either have your complete seed, or nothing at all. I guess most of the times people would try to bruteforce 4 out of 12 words, they're the legitimate owner of the wallet, but they didn't backup their seed phrase, and the paper it was written on got damaged.

Don't get me wrong: i completely agree that one should take precautions against getting robbed, and creating an offline wallet on an airgapped device is defenately a good idear.

[Rehan Zakir]

Wallet security is a big issue. Security is a big issue in crypto wallets. We need to secure our crypto wallets from hackers. They are trying to steal their funds from wallet. So, must secure your crypto wallet from different security layers. such as 2FA (2 factor authentications).
There are two types of crypto wallets hard wallet and  soft wallet. Hard wallet such as Nano Ledger S, There are more secure then other wallets. They are offline wallet.
But soft wallet are online wallets such as metamask, trust wallet, safepal wallet etc.  Security is a big issue in these wallets.

[BlackHatCoiner]

It's a scam, before I even continue thinking about it further. OP qualifies for the “scammer position”;

(How to be a scammer 101:)

• They're using a nonsense title. (“Seed phrase finder with balance ETH USDT”)
• They can't even describe the way they found a more effective way to brute force.
• They say they're working on it in github repositories, but we aren't allowed to look.
• Their video's description contains a telegram account.
• They invoke the viewers about their wallet's security.

[Leviathan.007]

That's too sad to see someone cannot access his/her wallet just because of losing or forgetting one single word, I usually write the words on a piece of paper and store it somewhere safe but accidentally I was thinking about the security of my seed phrase and then I bought a special wallet for me seed phrase the wallet is just a piece of metal and the words are written into it also there ina cover to keep the words secret but still I would say if you can remember all the words the place to keep it safe is your own mind, however, in this case, you better make sure if you can keep the word in your mind.

[BlackHatCoiner]

I know you don't mind and you're probably not going to even read my response, but:

however, in this case, you better make sure if you can keep the word in your mind.

That's the worst way to keep your money safe. Uncountable times, people have forgotten those words. There are so many cases where people lost their money, because they thought it'd be much safer to keep them in their head. Money should be kept in paper instead! Yours is a provably disastrous methodology.

[Charles-Tim]

Now I ask you, how secure are crypto wallets? Every day I think it is more essential to have a cold wallet.

I have preferred multisig and cold storage, they are the safest of all. Some people can go to the extent of buying two hardware wallets and using both to create 2-of-2 multisig wallet, this is also secure.

For seed phrase backup, there is nothing bad to backup your seed phrase or paper or on metallic sheet like steel sheet, having up to three backups and in different locations.

but still I would say if you can remember all the words the place to keep it safe is your own mind, however, in this case, you better make sure if you can keep the word in your mind.

What you are not reciting and writing down everyday will be forgotten, seed phrase are not used everyday, even though if seed phrase are used everyday, it is still not recommended to memorize it because memory can fail someone. This will only be an easy means to forget your seed phrase, when you lost access to your wallet will be the time you will realize it after trying to import your seed phrase on a new wallet.

[Husires]

I accept the challenge!

@OP has not logged in since then, I don't know why he accepted the challenge even though he would fail it in the end.

I have reported that video to Google, but mostly people who lose their seeds desperately search using YouTube and therefore when they find hope in an incomprehensible video they will try to contact the user.

Therefore, I advise everyone to report it and leave comments under the video on YouTube explaining that the video/method/site/service is 100% scam.