hack a wallet

Just a few minutes to hack a wallet

2 May 2023


Share on:

With a challenge on social media it was possible to demonstrate that if you know the words of a 12-word seed phrase, it is extremely easy to access the wallet and withdraw funds.

A seed phase is a recovery phrase, better to say a string of random words generated when a wallet is created (as happens, for example, when creating a metamask) and this allows access to the wallet itself, when accessed from new devices or for a long time etc.

It was a challenge launched on twitter by Wicked Bitcoin, it provided the twelve words in no particular order and offered the equivalent of about 29 dollars in Satoshi (a ridiculous prize proving that the task was rather easy for the insiders). So it was since in about twenty minutes the system administrator Andrew Fraser was able to enter the Wallet.

Apparently neither a quantum computer nor who knows what was necessary but a trivial software application within everyone's reach.

The problem is that the seed phrases must not be kept except in the mind or in a piece of paper, in any case not in the smartphone or PC, if a hacker does not know them the security of the wallet is quite high even if it would be even better if the seed phrase contained 24 words rather than 12.

Fraser then explained at best what are the limits of the results that can be obtained by illustrating the difference in security between the two types of seed keys (ie one with 12 words and one with 24). A 12-word seed key has approximately 128 bits of entropy, while a 24-word seed key boasts 256 bits. When an attacker knows the unordered words of a 12-word seed, there are only about half a billion possible combinations, which is relatively easy to test with a decent software application for that purpose. A 24-word seed, on the other hand, has so many zeros that it's overkill for those tools.

Otherwise, the likelihood that an attacker will be able to decipher a 12-word seed sentence is also bordering on absurd. 24-word seed phrases may be higher, but as Wicked points out in an article following the seed phrase challenge, "they won't actually be violated."

In the end everything is safe but basically not safe!

No active "ca-sidebar-59" sidebar
Recent Post
solar energy and blockchain-themetaeconomist

Solar energy and blockchain to win the ecological challenges

A dive into the future of technological innovations in Milan

Address Poisoning attacks-themetaeconomist

What do you know about Address Poisoning attacks?

ftx refunds customers-themetaeconomist

FTX's collapse, customers to be repaid?

tme tv interview with Laura Rosell -themetaeconomist


cz binance founder - themetaconomist

Binance founder sentenced to prison on money-laundering violations

1 2 3 63
TheMetaEconomist 2022 - Privacy / Cookies