en
Back to the list

This Bitcoin address was just hacked on purpose

source-logo  decrypt.co 19 June 2020 09:00, UTC

A wallet with 1 BTC was just brute-forced, but don’t worry: its owner wanted it this way.

Alistair Milne, the CIO of the Altana Digital Currency Fund, tweeted this morning that he woke up to the “bad news” that 1 BTC (currently worth north of $9,300) had been taken from an address he controlled. Incidentally, Milne actually wanted this Bitcoin stolen. It was part of a giveaway/puzzle that he orchestrated via Twitter.

Woke up to some 'bad' news this morning. The 1BTC wallet has been brute forced, which is pretty impressive. They must have rented several GPUs to do it so quickly!

I knew I was against the clock but most people thought it would take a few weeks to brute force 4 seed words pic.twitter.com/uAoLyQkhRJ

— Alistair Milne (@alistairmilne) June 17, 2020

Milne posted about the giveaway at the end of May, stating that he would periodically release a hint to a 12-word seed phrase for a wallet address containing a little over 1 BTC. In an effort to prevent brute-forcing (or running programs to guess the seed phrase), Milne intended to “give the last 3 or 4 words all at once.”

But he never got the chance, because one community member was able to brute-force the wallet’s seed after the eighth hint was published. It took the attacker 44 hours to find the full seed phrase.

Milne mentioned on Twitter that he was hoping to make the giveaway more inclusive to the “not-so-tech-savvy.” More than a clever giveaway, this puzzle is also a technical experiment in how quickly an attacker can derive a 12-word seed if they have over half of its words.

A seed phrase for a cryptocurrency wallet is a 12- or 24-word phrase. This acts as a backup phrase for a Bitcoin wallet’s private keys. It would take, according to some estimates, billions of years to crack these phrases without knowing any of the words (or letters) in the mnemonic. But with every hint and word that Milne published in this scenario, the seed became easier to crack.

Still, Milne was impressed by the rate at which the hacker brute-forced the seed. He was also intrigued by the high miner fee 0.01 they paid, saying that this likely means the miner felt pressure to move it quickly lest another participant crack the code first.

decrypt.co