hack a wallet

Just a few minutes to hack a wallet

2 May 2023


With a challenge on social media it was possible to demonstrate that if you know the words of a 12-word seed phrase, it is extremely easy to access the wallet and withdraw funds.

A seed phase is a recovery phrase, better to say a string of random words generated when a wallet is created (as happens, for example, when creating a metamask) and this allows access to the wallet itself, when accessed from new devices or for a long time etc.

It was a challenge launched on twitter by Wicked Bitcoin, it provided the twelve words in no particular order and offered the equivalent of about 29 dollars in Satoshi (a ridiculous prize proving that the task was rather easy for the insiders). So it was since in about twenty minutes the system administrator Andrew Fraser was able to enter the Wallet.

Apparently neither a quantum computer nor who knows what was necessary but a trivial software application within everyone's reach.

The problem is that the seed phrases must not be kept except in the mind or in a piece of paper, in any case not in the smartphone or PC, if a hacker does not know them the security of the wallet is quite high even if it would be even better if the seed phrase contained 24 words rather than 12.

Fraser then explained at best what are the limits of the results that can be obtained by illustrating the difference in security between the two types of seed keys (ie one with 12 words and one with 24). A 12-word seed key has approximately 128 bits of entropy, while a 24-word seed key boasts 256 bits. When an attacker knows the unordered words of a 12-word seed, there are only about half a billion possible combinations, which is relatively easy to test with a decent software application for that purpose. A 24-word seed, on the other hand, has so many zeros that it's overkill for those tools.

Otherwise, the likelihood that an attacker will be able to decipher a 12-word seed sentence is also bordering on absurd. 24-word seed phrases may be higher, but as Wicked points out in an article following the seed phrase challenge, "they won't actually be violated."

In the end everything is safe but basically not safe!

Recent Post
Forbes under 30 list on blockchain - themetaeconmist

Forbes Under 30 list lands on blockchain

agri-food sector blockchain

Agribusiness revolution with the blockchain innovation

Zipmex interrupts trading activity in Thailand

Altman is back, former OpenAI CEO is in charge again. Revolution in the Board

OpenAI and Microsoft logo

Great Migration: after Brockman, Altman too leaves OpenAI for Microsoft

ai tokens - themetaeconomist

Top performance in the weekend for AI tokens

1 2 3 56
TheMetaEconomist 2022 - Privacy / Cookies