Carrying a Bitcoin Brainwallet? It’s extremely unsafe, says a BitMEX Research
If you’re one of those who are carrying a Brainwallet using passphrases from your favorite movie or book, they’re extremely unsafe, says a new research bit from BitMEX.
Brain wallets are basically tools that let users choose a simple password, and those passwords are further encrypted with an SHA-256 hashing algorithm. Even though the encryption is practically impossible to reverse engineer, it is highly prone to brute force methods.
According to the experiment, eight Bitcoin Brainwallets were created using paraphrases from popular works of fiction, and all eight of them were hacked and resulting in funds being stolen. All of these wallets were subjected to a small fund of 0.005 BTC being stored in each wallet. Interestingly hackers could guess the paraphrases and steal the fund in a concise span of time, as low as around 0.67 seconds.
To access the viability of Brainwallets, all eight wallets user paraphrases from sources such as popular books (Moby-Dick, Pride & Prejudice, A Tale of Two Cities, the Bible), songs (“Blowin’ in the Wind” by Bob Dylan), and the Bitcoin Whitepaper itself. These paraphrases were then encrypted with the SHA-256 algorithm. While the funds were swept away from all the wallets within a day, it took hackers only 0.67 seconds to steal the wallet’s fund with paraphrase “Call me Ishmael” – the opening line from Moby-Dick.
It is worth noting that funds were stolen from four of the same entity’s wallets and were done by paying quite a high transaction rate. It appears that hackers were quite in a hurry to steal the fund before someone else could do it. While stealing the fund from the wallet with “Call me Ishmael” paraphrase, the hacker paid a fee rate of 390 satoshis per virtual byte that is comparatively quite higher than the market rate. Usually, it tends to be around 1-10 satoshi per byte.
The research also points out that, apparently, hackers are constantly lurking around the meme pool in the Bitcoin network, looking for Brainwallets with weak passwords and paraphrases. There’s also a likelihood of leveraging servers that have already stored pre-generated thousands of Bitcoin addresses using popular work of fiction, movies, and songs.
In summary, it’s advisable to NOT use weak passwords or paraphrases from your favorite movie or book, assuming no one would be able to guess that.