With a challenge on social media it was possible to demonstrate that if you know the words of a 12-word seed phrase, it is extremely easy to access the wallet and withdraw funds.
A seed phase is a recovery phrase, better to say a string of random words generated when a wallet is created (as happens, for example, when creating a metamask) and this allows access to the wallet itself, when accessed from new devices or for a long time etc.
It was a challenge launched on twitter by Wicked Bitcoin, it provided the twelve words in no particular order and offered the equivalent of about 29 dollars in Satoshi (a ridiculous prize proving that the task was rather easy for the insiders). So it was since in about twenty minutes the system administrator Andrew Fraser was able to enter the Wallet.
Apparently neither a quantum computer nor who knows what was necessary but a trivial software application within everyone's reach.
The problem is that the seed phrases must not be kept except in the mind or in a piece of paper, in any case not in the smartphone or PC, if a hacker does not know them the security of the wallet is quite high even if it would be even better if the seed phrase contained 24 words rather than 12.
Fraser then explained at best what are the limits of the results that can be obtained by illustrating the difference in security between the two types of seed keys (ie one with 12 words and one with 24). A 12-word seed key has approximately 128 bits of entropy, while a 24-word seed key boasts 256 bits. When an attacker knows the unordered words of a 12-word seed, there are only about half a billion possible combinations, which is relatively easy to test with a decent software application for that purpose. A 24-word seed, on the other hand, has so many zeros that it's overkill for those tools.
Otherwise, the likelihood that an attacker will be able to decipher a 12-word seed sentence is also bordering on absurd. 24-word seed phrases may be higher, but as Wicked points out in an article following the seed phrase challenge, "they won't actually be violated."
In the end everything is safe but basically not safe!
Born in Italy in 1976. Graduated in Political Science, Computer programmer & web 3.0 supporter and user. Real Estate Expert (two professional technical register and two active official roles) - Extrajudical civil mediator.