Apr 27, 2023

Architect Cracks Seed Phrase, Wins $29 in BTC

Andrew Fraser, a systems architect from Boston, recently cracked a seed phrase and won a 100,000 Satoshi bounty, or 0.001 Bitcoin (BTC), worth roughly $29, in just under half an hour. Cointelegraph spoke to Fraser to learn more about the incident and the importance of keeping crypto wallets secure.

A seed phrase, or recovery phrase, is a string of random words generated when a wallet is created. This phrase acts as a master key, allowing access to the wallet. Fraser was able to brute force a 12-word seed phrase that Bitcoin educator “Wicked Bitcoin” shared on Twitter, which challenged users to decipher the correct order of the 12-word seed phrase. It took Fraser 25 minutes to unlock the 100,000 Satoshis.

Fraser used BTCrecover, a software application available on GitHub, to crack the code. This software offers a range of tools that can determine seed phrases with missing or scrambled mnemonics and passphrase-cracking utilities.

When asked about the security of 12-word seed keys, Fraser explained that they are “perfectly secure if the words remain unknown to an attacker or there is a passphrase ’13th seed word’ used in the derivation path of the wallet.” He noted that 24-word seed keys are even more secure, with 256 bits of entropy compared to the 128 bits of entropy of a 12-word seed.

Fraser also underlined the importance of keeping seed phrases secret and not storing them in a password manager or cloud storage solution. He also advised users to take advantage of a passphrase that functions as part of the derivation path.

As for the 100,000 Sats Fraser took home? He tweeted that he spent them on dinner that night: Chicken Marsala. Talk about a circular economy!

The incident serves as a reminder for Bitcoin users and crypto enthusiasts to take crypto security seriously. It is essential to keep seed phrases secure and offline to ensure the safety of digital assets.

