Brainwallets, especially those generated with passphrases from popular culture references, might not be as safe as previously imagined.
Pop Culture References Make for Vulnerable Keys
According to a report published by BitMEX Research on Oct. 13, brainwallets might be easy to crack with hackers purportedly setting up servers to crawl the blockchain in search of victims. A brainwallet or “mind wallet,” as the name implies, refers to storing Bitcoin (BTC) in a user’s own brain by committing a seed phrase to memory.
Thus, rather than owning a wallet app or hardware storage, brainwallets store Bitcoin in one’s own mind. The process is fairly straightforward as it involves using a seed generation service like Electrum or Armory to create a passphrase for a BTC wallet that is easy to remember.
Since mnemonic seeds tend to be 12 or more words, users often elect to utilize a degree of familiarity when devising their passphrases. It relies on pop culture references to generate a wallet seed that users are falling victim to this particular attack vector.
As part of its investigation, BitMEX Research created eight brainwallets using quotes from pop culture references like Moby-Dick, Pride, and Prejudice, and even the Christian Bible. None of the wallets survived more than 24 hours before having their stored BTC siphoned by hackers. One wallet even got drained in a breathtaking 0.67 seconds.
According to BitMEX Research:
“The speed and nature of the redemption of the funds clearly indicates that people have servers up online 24/7 scanning the blockchain and their respective memory pools for weak brainwallets to hack. These servers are likely to have pre-generated many hundreds of thousands of Bitcoin addresses, using text from thousands of published works, music, books, academic papers, magazines, blogs, tweets, and other media and then stored these in a database.”
Getting Creative with Mind Wallet Keys
Based on the BitMEX Research findings, it is obvious that brainwallets need a fair bit of thought on the part of the user. The appeal behind brainwallets is that people can move their wealth across borders without having to subject themselves to emerging regulations like travel rule. Mind wallets might also be useful for refugees fleeing from regions suffering from armed conflicts.
Users still keen on utilizing brainwallets need to devise strategies to beat the hackers searching for vulnerable wallets. Passphrases coined from popular works of literature and music lyrics are akin to using 1234 as a password.
One useful technique could be combining texts from different books and adding other parameters like favorite color or food. It is worth remembering that crypto hackers are always improving their attack vectors to become more efficient at stealing funds.
Even wallet apps are not safe from the scourge of rogue actors. Popular Bitcoin wallet Electrum is still dealing with hackers sending fake updates to owners of older wallet versions. As previously reported by CryptoPotato, a Bitcoiner lost 1,400 BTC after installing a fake Electrum wallet.