Can AI Profile Our Personalities to Guess Passwords? The @cprkrn 5 BTC Recovery

[Dogedegen]

What if human made passwords based on memories are no longer secure due to AI? Can these AI tools profile us? Can they find words that we could have used to secure our wallets?

First of this is not a case of passwords based on memories, this is a case of passwords that are based on generic words that are popular. If I was a big fan of the Dodgers, and my password was something like dodgersarethebest22 that is not a memory based password. It is one of the most common types of passwords and frequently used because it is insecure. Anyway, this type of password was not secure since a very long time ago it has nothing to do with AI. The most probable thing that happened here is that he has not tried the right patterns from his past and that is all.

Passwords should never be:

• Self generated besides maybe your master password and even that one must be quite strong and avoid common errors.
• Based on your personality.
• Based on your memories or anything related to you.

Passwords should be generated by a secure password manager, and have a length of 20 to 30 characters or more and include all possible characters. With this passwords are secure against any kind of cracking attempts, AI has no chance against them. This is actually a topic that has been solved for a while now, it only comes up because many humans are not using these tools.

I mean.  I am sorry.  But if I had 100 notes in the note book of a stranger and half of them had texts about police and 420 then these would have been the first key words and digits in a brute force attempt.  I do not know.  Claude may have done some interesting things but this is not one of them for me.

You get it here correctly. None of my passwords could ever be cracked this way, they are all generated by a password manager.

[Awaklara]

That raises the importance of using password generators, password manager softwares for creating strong passwords to use.

That's good, but for some people, it may present problems related to password storage. That is why many people tend to use the same password for many applications and devices. The reason is to make it easy to remember. 
We might write it down and store it somewhere, then we might also forget the place. 
There are also difficulties when trying to access it. Things like that make people think about being more practical. They might understand the risks, or they might not understand them.

[Dogedegen]

That raises the importance of using password generators, password manager softwares for creating strong passwords to use.

That's good, but for some people, it may present problems related to password storage. That is why many people tend to use the same password for many applications and devices. The reason is to make it easy to remember.  
We might write it down and store it somewhere, then we might also forget the place.  
There are also difficulties when trying to access it. Things like that make people think about being more practical. They might understand the risks, or they might not understand them.

There are no issues relating to password storage, people making up issues because they don't know any better does not mean there is an issue. Password storage has long been solved, there are password managers that handle passwords and there are even more advanced concepts or offline gadgets. Simple users only need to write down 1 password at most which would be their master password, but you can also back up or print all of them out if you want and not rely on software. The real issue is a lack of education, knowledge, and care about security.

Most people that are using these devices do not know what they are doing, it is like if you decide to drive your car during rush hour while missing 2 out of 4 tires... and then you blame cars for being difficult as if that was the problem!

[ZAINmalik75]

Then I decided to limit its access for my mobile phone so that it can not be able to collect further data from my mobile phone, anything so personal about me. We have to pay our best attention in making secure ourselves from AI. No doubt it has many pros, but now I suspect its cons are overcoming its pros, and in the coming time, it can be a headache for us in many ways. So, we need to be attentive regarding this matter before it's too late. What do you think about it?

Maybe the device you are using and the Google services on that device are the issue. If it is Android, then maybe Google services are the main problem because you must have given them all the permissions. These days Android devices have integrated third-party AI tools too, not just Google's, and they can be found in our keyboards or while editing images if we have enabled them.

New smartphones come with these AI tools, and in my opinion trusting third-party tools is a bigger threat than using Google's AI. If the AI you are using is Google's, then my theory is valid. Otherwise, you must have used some AI tool and knowingly given your information to it, even if you don't remember it now.

[rat03gopoh]

First of this is not a case of passwords based on memories, this is a case of passwords that are based on generic words that are popular. If I was a big fan of the Dodgers, and my password was something like dodgersarethebest22 that is not a memory based password. It is one of the most common types of passwords and frequently used because it is insecure. Anyway, this type of password was not secure since a very long time ago it has nothing to do with AI. The most probable thing that happened here is that he has not tried the right patterns from his past and that is all.

This was also my first thought. AI hasn't yet developed the ability to read a person's personality enough to guess a passphrase without any clues to narrow down the number of brute-force attempts. In this case, "lol" might be the AI's basic idea that the passphrase is related to a joke, insult, or disparaging attitude toward something, and then "police" is the keyword.

[Orpichukwu]

There are levels to what information we should feed to these AI tools no matter what we are training them to help us do since that information is also stored in their database, and it might be shared among other research. This experiment has helped the person on the story recover his password, but it could also be used for some ill purpose. Privacy should be taken seriously even when we don't see the AI as any threat; if hackers break into it, a lot will be at risk.

[BALIK]

I think this is the reason for holding on to privacy, which many think no longer exists, but we are still the ones who decide what personal information we share. However, the best passwords are always those automatically generated as random alphanumeric strings, as a password manager system like bitwarden or even just firefox can do

I consider a good password manager like Bitwarden to be the real gold standard of the digital world. If someone creates a password by combining their memory or birthdate or any familiar pattern they are not really that secured. Password created with Bitwarden are a thousand time more secure than these. Even hacker or their whole froup cannot easily crack these.

What I understand after knowing all that is AI scans our devices all the time and keeps updating its database with our actions and doing and making itself more intelligent.

AI tool like Claude can only analyze the data or file that we provide to them, nothing more. And I do not think they are scanning our entire device in realtime like thieves without our permission. The point is that we should not upload your private thing like email or personal note or chat history to AI model by ourself. It is natural that doing so will cause problems. Keep in mind that the real danger is not AI itself. Everything has its good and bad qualities

[X-ray]

Does this mean it's time for us to start fooling AI by deliberately creating a fake story about our lives? I'm somewhat surprised that AI knows more about you than you do, although I can imagine how much information all these trackers collect about us, because we sometimes use our gadgets to correspond on any topics that can also be tracked. Today's Internet requires people to have a "split personality" so that we are alone offline and completely different for all AI watching us online.🫣🤐

My case is the best reflection of this, and we have no other option left, which is why it is better to keep our personal information safe from AI. That is why I think you are saying correctly. We should talk to AI in such a way that our query does not belong to us, and we are asking the question about someone else.

You know what makes me more surprised? When AI told me about some contacts that I have in my mobile phone.
Believe me, AI is not safe, and our data is revealing without leaving any clues. So, we have to limit the use of AI. And for now, the best we can do for our safety is that we can change the AI setting from the mobile settings or Google settings to limit its access to our device to collect any single piece of information. What do you say?

Any android phones default your setting to use their AI and possibly collect your data these days it seems. What's better tool for profiling than your own phone, something that is considered private by government and not even police can freely confiscate your phone and see inside without a warrant.

The answer is to use passkey that is device bound and stored within your hardware's secure enclave or use the most random password ever.

[lovesmayfamilis]

Does this mean it's time for us to start fooling AI by deliberately creating a fake story about our lives? I'm somewhat surprised that AI knows more about you than you do, although I can imagine how much information all these trackers collect about us, because we sometimes use our gadgets to correspond on any topics that can also be tracked. Today's Internet requires people to have a "split personality" so that we are alone offline and completely different for all AI watching us online.🫣🤐

My case is the best reflection of this, and we have no other option left, which is why it is better to keep our personal information safe from AI. That is why I think you are saying correctly. We should talk to AI in such a way that our query does not belong to us, and we are asking the question about someone else.

You know what makes me more surprised? When AI told me about some contacts that I have in my mobile phone.
Believe me, AI is not safe, and our data is revealing without leaving any clues. So, we have to limit the use of AI. And for now, the best we can do for our safety is that we can change the AI setting from the mobile settings or Google settings to limit its access to our device to collect any single piece of information. What do you say?

After searching the Internet after you told your story, I wondered how to limit surveillance from the all-seeing eye of Google. And I liked the decision to try to completely limit Google in my phone, thereby reducing the ability to train AI models, at least on my texts and photos. The first thing to do is to prohibit sending our data to the cloud and switch to open-source software such as the Android Open Source Project (which is something I'll be trying to do soon).

[snowpega]

...

....

After searching the Internet after you told your story, I wondered how to limit surveillance from the all-seeing eye of Google. And I liked the decision to try to completely limit Google in my phone, thereby reducing the ability to train AI models, at least on my texts and photos. The first thing to do is to prohibit sending our data to the cloud and switch to open-source software such as the Android Open Source Project (which is something I'll be trying to do soon).

Really good to see you are making sure to keep yourself safe from AI scanning your data.
What kind of open source project are you considering using at that moment? As far as I know, open source software can also be risky because it may contain loopholes that can bring viruses and phishing attacks to your device. CMIIW! But if it's something that is safe and I don't know, then I would love to know about it from you.

I don't use ChatGPT too much, and not Claud AI. But in some cases, whenever I need quick information, I ask Gemini, but in rare cases. Some days ago, I shared an SS in which Gemini also knows who is snowpega. It shares my recent activity on BTT, like I ran the Bitcoin node challenge, it tells the registration date of my account, my ALTT account, and my BPIP profile link. That blows my mind....
Check this...

So far, in short, AI is far more dangerous than one can think.
It is making itself more and more intelligent by collecting users' data connected to the internet.
It is making its database stronger day by day. 

[Dogedegen]

After searching the Internet after you told your story, I wondered how to limit surveillance from the all-seeing eye of Google. And I liked the decision to try to completely limit Google in my phone, thereby reducing the ability to train AI models, at least on my texts and photos. The first thing to do is to prohibit sending our data to the cloud and switch to open-source software such as the Android Open Source Project (which is something I'll be trying to do soon).

Getting rid of most of Google and its products is fairly easy, the hardest ones would be YouTube and Google Maps. There are alternatives but they come with big downsides depending on what you need these for, everything else is super easy to replace! I would not recommend Android Open Source Project, instead if you want to keep an Android smartphone I would suggest getting a Google Pixel and installing Graphene OS. That is a OS that has maximum security and is completely rid of Google, it is the best OS for Android. If you are willing to transfer to iOS, then Apple generally is much more privacy friendly than Google. Why I don't recommend the Android Open Source Project is that if you gain in privacy but lose some stuff in security, updates or things like that you have actually lost overall. These things are distinct but deeply tied to each other.

Browser, search engine, and all other things from Google are terrible so they can be easily ignored. I have not used anything from Google in a very long time. If you need help with this you could open your own thread about it.

What kind of open source project are you considering using at that moment? As far as I know, open source software can also be risky because it may contain loopholes that can bring viruses and phishing attacks to your device. CMIIW! But if it's something that is safe and I don't know, then I would love to know about it from you.

This is technically true because it is possible but it is false propaganda by proprietary source code sellers. The chance of there being backdoors in open source and closed source software is equal, there is nothing that makes it harder to embed a backdoor in one or the other. Actually open source software has a less likely chance to have that because many people are watching it. Just use reputable and known projects and not something unknown published by who knows who. I have never in my life heard anyone getting infected by open source software personally, but it can happen sometimes you can find news about it.

Linux and open source software is generally much more safer and the privacy is impossible to compare to stuff sold by companies.

So far, in short, AI is far more dangerous than one can think.
It is making itself more and more intelligent by collecting users' data connected to the internet.
It is making its database stronger day by day. 

I don't agree with this, the current LLMs are not conscious, sentient or intelligent so they can't make themselves any more intelligent. Being better at predicting what is the correct thing to output next is not intelligence, it is an algorithm refinement. In the example that was talked about in this thread, the LLM did not any kind of thinking as there is no intelligence it was just predicting based on common trends in its data. If it was actually thinking, then it could never make mistakes or get stuck in loops. Often you can make it stuck in some basic things that even children would not do. 

[PX-Z]

I suggest we should never give our personal information to AI. Just to point out, these days the security system is different than the one in question. We don't need passwords at all, we need seed phrases alone. But passwords are important and someone could have access to our devices and they could access our wallets like this if they have a history of our notes, emails, our discussions and logs etc. It could work for them even if they failed to access the recovery phrase from those notes because it was not written there.

As long you don't give confidential or private info (name, address, number, or email) and similar info, i guess nothing is wrong about that especially to someone who is too desperate to recover such amount for how many years already. It's win-win situation to the owner of that BTC imo..

if AI can sense our personality to guess passwords? Like I am talking a lot on Bitcointalk, my pattern of words is exposed because every single word I have spoken is in my mind. It is like a set of vocabulary that I have in mind, and obviously, I would create a password from my own memory.

That's way beyond of AI today, they don't have such feeling to sense and access to the users mind unless it is made just like Neuralink is making.

[Agathamay]

Can they find words that we could have used to secure our wallets?

Yes, if you store them on the same device hosting them. That’s why any sensitive data stored on an internet  connected device is never fully safe even when encrypted with weak password , especially those running all sorts of AI models.

BTW , passwords shouldn’t be based on things you use or interact with every day. It can be used as an addition, but using only normal words with no extra combinations makes it weak and easier to guess. With stronger combinations, it becomes much harder to guess correctly because an attacker would need to try every possible combination, which can take a very long time.

Also, it doesn’t just guess by itself. It usually relies on toolsand methods, either you ask it to creat one, use existing ones  that people already  built or configured, make a custom one all by yourself e.t.c.

If we are focusing strictly on passwords and how possible AI could crack our passwords then sincerely I'm not bothered because my passwords are alway very funny and very unimaginable and this has helped me over the years to stay safe and secure.
There are people who also use one password repeatedly across platforms and this also makes it easier to crack and for a wallet holding your asset, the password is supposed to be unique and very unimaginable, as well as not been used on other platforms.

[pooya87]

Anyway, a few days before using Claude, he checked all his notes and old college data, and it had emails, notes, everything in it. The data was about 1 GB, and he fed all of it to Claude AI.

I don't know how Claude could find such accurate words, but if it is real, then we are so exposed in this AI era.

That is a valid concern but you are asking the wrong question. You see AI is not "intelligence" despite what the name says. AI is just a pattern matching guessing tool! The real question you should have asked was "what was in those notes he fed the AI".

My guess is that those notes contained physical backups of similar passwords the used, that helped the "pattern mimicking tool" commonly known AI to find variants of the password using same words. I have similar "notes" as well and analyzing them could lead to guessing some of my passwords from old days. That doesn't mean AI can break any passwords though.

[notocactus]

I was reading the news about @cprkrn, a user on X who reported that he successfully recovered his lost 5 BTC from 2013 using Claude AI.

I don't and I will never trust such stories.

You know that if Claude AI can do that, will the user be safe to access his wallet and get his coins before Claude AI and someone else behind take action faster and migrate coins in that wallet to their own wallets.

In addition, it's never recommended to use any online tools for wallet recovery or password brute-force. These sensitive activities must be done completely offline.

Always do these following things offline.

• Wallet creation.
• Wallet backups.
• Wallet recovery.
• Password brute-force.

[snowpega]

That is a valid concern but you are asking the wrong question. You see AI is not "intelligence" despite what the name says. AI is just a pattern matching guessing tool! The real question you should have asked was "what was in those notes he fed the AI".

My guess is that those notes contained physical backups of similar passwords the used, that helped the "pattern mimicking tool" commonly known AI to find variants of the password using same words. I have similar "notes" as well and analyzing them could lead to guessing some of my passwords from old days. That doesn't mean AI can break any passwords though.

Yes, you are correct here as for now AI is not that much intelligent and it is still in the learning phase which means it is making its database strong after getting those quries and data that we are providing to AI. And, I am sure one day AI will be for more dangerous than one can think. Besides this, OP shared an example of a person who save many things in a note that afterward with the passage of many years helped him to recover his BTC wallet password.

But don't you think this can be a risky thing like if someone get to know this strategy and access you are notes and provide it to AI to crack your BTC wallet password and if he somehow find the pattern of your wallet password then he will be able to access your wallet. So i am just asking this question because OP Shared case bring my attention on this matter. CMIIW!

[coinlary]

If we are focusing strictly on passwords and how possible AI could crack our passwords then sincerely I'm not bothered because my passwords are alway very funny and very unimaginable and this has helped me over the years to stay safe and secure.
There are people who also use one password repeatedly across platforms and this also makes it easier to crack and for a wallet holding your asset, the password is supposed to be unique and very unimaginable, as well as not been used on other platforms.

In most case you can spam random characters forming zero words, just group of character with zero meaning but make sure it contains mixture of  different characters,  numbers, symbols , Uppercase and lowercase  letters, and so on . It can't and shouldn't be crammed , used digital backups as storage, write it down  or use an open-source password manager like Keepass(OFFICIAL) , KeePassXC for managing the passwords .
 
I use a password repeatedly income cases but they aren't  really something that worth going extra miles for security. I do need to access them almost everytime. All I do add extra layer apart from passwords .

[PrivacyG]

Passwords should never be:

• Self generated besides maybe your master password and even that one must be quite strong and avoid common errors.
• Based on your personality.
• Based on your memories or anything related to you.

They should not be any trending saying either or known phrase such as 'fuck the police' nor should it be made of popular sequences of numbers such as 420, 1337, 69, 911 et cetera.  There are many more things to consider but generally.  Simply make it random.  And because our brains are REALLY bad at making random things, you can either randomize using a dice which no one ever does or use a generator like most of us all do.

You get it here correctly. None of my passwords could ever be cracked this way, they are all generated by a password manager.

The victim saved by Claude seems like the kind of person who would leave their keys under the rug right in front of the door and be surprised someone found them and robbed their house.  The access to his Bitcoin was a look through his files away.  A kid with enough time and curiosity could have deleted it or done even more stupid things such as getting his Bitcoin sent to someone promising a large bag of Roblox currency!

[joniboini]

This made me remember that I used to copy-paste password on popular website because it looks cool. I never posted about it anywhere though, and I've move on to using password manager to create new passwords now. Not sure how much companies has on me, but hopefully it won't be enough to figure out which password I regularly used in the past. That being said, I found that the chance my old/weak passwords already known because who knows how many platform I used got breached every now and then. I don't think AI is needed in this case.

[OsaiEmma]

I was reading the news about @cprkrn, a user on X who reported that he successfully recovered his lost 5 BTC from 2013 using Claude AI. He had the mnemonics and the wallet ID, but he did not had the password. He also did not have the mnemonics and found it few weeks before the breakthrough, but he found them. But he was still lacking the password. He was using the btcrecover tool to brute force the password, and according to his X post, he tried more than 10 trillion patterns.

Anyway, a few days before using Claude, he checked all his notes and old college data, and it had emails, notes, everything in it. The data was about 1 GB, and he fed all of it to Claude AI. The AI tool found patterns by analyzing his 11 year old writing style and personal notes. It identified some words like "lol420' and "police". Then these words were used by the btcrecover tool to guess the exact password, and it was found. The correct password was "lol420fuckthePOLICE!:)". Interestingly, Claude also found a bug in the btcrecover code that was causing the tool to fail even with the right password, and it fixed the script for him but that's another thing because we know how AI could find logical errors in the code. My concern is following:

I don't know how Claude could find such accurate words, but if it is real, then we are so exposed in this AI era. Because we are leaving our digital footprints open for hackers. What if AI can sense our personality to guess passwords? Like I am talking a lot on Bitcointalk, my pattern of words is exposed because every single word I have spoken is in my mind. It is like a set of vocabulary that I have in mind, and obviously, I would create a password from my own memory.

What if human made passwords based on memories are no longer secure due to AI? Can these AI tools profile us? Can they find words that we could have used to secure our wallets?

I suggest we should never give our personal information to AI. Just to point out, these days the security system is different than the one in question. We don't need passwords at all, we need seed phrases alone. But passwords are important and someone could have access to our devices and they could access our wallets like this if they have a history of our notes, emails, our discussions and logs etc. It could work for them even if they failed to access the recovery phrase from those notes because it was not written there.

Ok, I felt this story was exaggerated, so I went to do some digging. Yep, OP, you're exaggerating here. I don't think AI can get your exact password just from your writing patterns or folders, unless you have it written in one of the folders.

I went in search of the X post by cprkrn

   

I went further in the research and found this article on trading view.

Basically, what happened was, after he tried different recovery methods. Even used service providers for this, spending $250 for each failed attempt, he decided to use claude. Lemme quote directly from the trading view article.

What Claude Actually Did

Despite the "OMG Claude just cracked this shit" framing in the original tweet, the AI did not break Bitcoin's encryption. Cprkrn told Cointelegraph in a follow-up interview that he had already located a handwritten mnemonic in an old notebook before turning to Claude.

The AI then searched two Macs, two external hard drives, an Apple Notes export, an iCloud Mail inbox, a Gmail inbox and X direct messages, totaling more than a gigabyte of unstructured data, according to the user's account.

On the college computer, Claude located a wallet backup file from December 2019 that predated a password change Cprkrn had made on blockchain.info, and the mnemonic decrypted that older file.

Claude also identified a logic detail in the open-source recovery tool BTCRecover, which concatenates a sharedKey value with the user password during decryption.

Total compute spend came to roughly $15, according to a summary the model produced. The recovered password, Cprkrn later disclosed publicly, was "lol420fuckthePOLICE!*".

Wallet Recovery Industry Faces a New Cost Curve

Commercial recovery services have for years charged premium prices for the technical expertise needed to handle legacy Bitcoin Core wallets. Cprkrn said he had spent roughly $250 per failed attempt at such services before turning to AI.

Firms including Wallet Recovery Services and KeychainX market brute-force password recovery and typically take percentage cuts of recovered funds.

He initially couldn't access the wallet because of a bug which Claude corrected. if you check the X post, specifically the Claude log, you'll see exactly how it was carrying out this process.

Claude didn't guess the password either, what happened was, Claude carried out a data forensic, and found an old backup wallet file in his data that the mnemonics successful decrypted. Note, he already knows the mnemonic and the password.

So this is just an exaggeration, I don't think that's how AI works.