What security? Bitcoin enthusiast cracks known 12-word seed phrase in minutes

If the words of a 12-word seed phrase are known, it’s deceptively easy to enter the wallet and sweep the funds.

A systems architect cracked a seed phrase and won a 100,000 Satoshi bounty, or 0.001 Bitcoin (BTC), worth $29, in just under half an hour. Cointelegraph spoke to Andrew Fraser in Boston, who underscored how critical it is to keep a Bitcoin wallet seed phrase secure and offline.

A seed phrase or recovery phrase is a string of random words generated when a wallet is created that can access the wallet, similar to a master key. Fraser brute forced a 12-word seed phrase that Bitcoin educator “Wicked Bitcoin” shared on Twitter:

Anyone want to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL.https://t.co/c9FyMv3HYM pic.twitter.com/nPGTB9bX2g

— Wicked (@w_s_bitcoin) April 26, 2023

As shown, Wicked’s Tweet challenged users to decipher the correct order of the 12-word seed phrase.

“Anyone wants to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL.”

It took just 25 minutes to unlock the 100,000 satoshis, worth just under $30. The incident serves as a timely reminder for Bitcoin users and crypto enthusiasts to take crypto security seriously.

Fraser cracked the code using BTCrecover, a software application available on GitHub. The software offers a range of tools that can determine seed phrases with missing or scrambled mnemonics and passphrase-cracking utilities. Over Twitter DMs, Fraser told Cointelegraph:

“My gaming GPU was able to determine the correct order of the seed phrase in about 25 minutes. Though a more capable system would do it much faster.”

He noted that anyone with a basic knowledge of running Python scripts, using the Windows command shell, and understanding the Bitcoin protocol—particularly BIP39 mnemonics — should be able to replicate his success.

Cointelegraph queried Fraser about the security of 12-word seed keys. Fraser explained they are “perfectly secure if the words remain unknown to an attacker or there is a passphrase ‘13th seed word’ used in the derivation path of the wallet.”

Moreover, he emphasized the superior security of 24-word seed keys.

“Even if an attacker knew the out of order words of your 24-word seed key, they would never stand a hope of discovering the correct seed.”

Fraser broke down the entropy calculations to explain the difference in security between the two types of seed keys. A 12-word seed has approximately 128 bits of entropy, while a 24-word seed boasts 256 bits. When an attacker knows the unordered words of a 12-word seed, there are only around half a billion possible combinations, which is relatively easy to test with a decent GPU. A 24-word seed, however, has roughly 6.24^24 possible combinations — and that’s a lot of zeros.

Even the probability of an attacker cracking a 12-word seed phrase is borderline absurd. A 24-word seed phrase may be superior, but as Wicked pointe out in a post-mortem to the seed phrase challenge, “it’s not going to be hacked tbh.”

In the off chance that someone finds your seed phrase cut up and out of order, then yes lol.

— Wicked (@w_s_bitcoin) April 27, 2023

Ultimately, it’s a timely reminder to readers to ensure seed phrases are never published or shared online. That means seed phrases should not be stored in a password manager or a cloud storage solution, and they certainly should not be typed out into a phone.

Fraser also stressed the importance of keeping seed keys secret and to take advantage of a passphrase that functions as part of the derivation path. As for the 100,000 sats that Fraser took home? Fraser tweeted that he spent them on dinner that night: chicken marsala. Talk about circular economy.

Cointelegraph Magazine: Bitcoin in Senegal: Why is this African country using BTC?