February 22, 2024

What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes

A systems architect cracked a seed phrase and won a 100,000 Satoshi bounty, or 0.001 Bitcoin (BTC), worth $29, in just under half an hour. Cointelegraph spoke to Andrew Fraser in Boston, who underscored how critical it is to keep a Bitcoin wallet seed phrase secure and offline. 

A seed phrase or recovery phrase is a string of random words generated when a wallet is created that can access the wallet, similar to a master key. Fraser brute forced a 12-word seed phrase that Bitcoin educator “Wicked Bitcoin” shared on Twitter:

As shown, Wicked’s Tweet challenged users to decipher the correct order of the 12-word seed phrase.

“Anyone wants to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL.”

It took just 25 minutes to unlock the 100,000 satoshis, worth just under $30. The incident serves as a timely reminder for Bitcoin users and crypto enthusiasts to take crypto security seriously.

Fraser cracked the code using BTCrecover, a software application available on GitHub. The software offers a range of tools that can determine seed phrases with missing or scrambled mnemonics and passphrase-cracking utilities. Over Twitter DMs, Fraser told Cointelegraph:

“My gaming GPU was able to determine the correct order of the seed phrase in about 25 minutes. Though a more capable system would do it much faster.”

He noted that anyone with a basic knowledge of running Python scripts, using the Windows command shell, and understanding the Bitcoin protocol—particularly BIP39 mnemonics — should be able to replicate his success.

Cointelegraph queried Fraser about the security of 12-word seed keys. Fraser explained they are “perfectly secure if the words remain unknown to an attacker or there is a passphrase ‘13th seed word’ used in the derivation path of the wallet.”

Moreover, he emphasized the superior security of 24-word seed keys.

“Even if an attacker knew the out of order words of your 24-word seed key, they would never stand a hope of discovering the correct seed.”

Fraser broke down the entropy calculations to explain the difference in security between the two types of seed keys. A 12-word seed has approximately 128 bits of entropy, while a 24-word seed boasts 256 bits. When an attacker knows the unordered words of a 12-word seed, there are only around half a billion possible combinations, which is relatively easy to test with a decent GPU. A 24-word seed, however, has roughly 6.24^24 possible combinations — and that’s a lot of zeros. 

Related: The worst places to keep your crypto wallet seed phrase

Even the probability of an attacker cracking a 12-word seed phrase is borderline absurd. A 24-word seed phrase may be superior, but as Wicked pointe out in a post-mortem to the seed phrase challenge, “it’s not going to be hacked tbh.”

Ultimately, it’s a timely reminder to readers to ensure seed phrases are never published or shared online. That means seed phrases should not be stored in a password manager or a cloud storage solution, and they certainly should not be typed out into a phone.

Fraser also stressed the importance of keeping seed keys secret and to take advantage of a passphrase that functions as part of the derivation path. As for the 100,000 sats that Fraser took home? Fraser tweeted that he spent them on dinner that night: chicken marsala. Talk about circular economy. 

Cointelegraph Magazine: Bitcoin in Senegal: Why is this African country using BTC?