I hacked an #ethereum wallet and took all the money!

Ran 16 servers for a whole day!

How did I do it?

What tools did I use?

Was it profitable?

1st of all this was a bounty.

I DID NOT STEAL THE ETH :D

Check Twitter and I am tagged in an Ethereum post.

Only used Ethereum 2 times, initially not interested.

The pictures are clues to a BIP39 seed which unlocks 0.1 ETH

Ok, let me take another look.

As all the words are from the 2048 known words Dictionary.

I took a guess for each picture and checked if it was in the dictionary.

Found 11, not sure about the 4th.

But it's one of the 2048 words, so I just need to try all of them.

Easy job for a computer :p

Enter Seed Savior - Brute forces 1 word.

I just pasted the words I know and it showed all the possible valid 4th word.

As I know the address, I just have to search for it here.

Got 138 valid 4th words ,but my address is not present..

At least 1 of my guesses is wrong.

Now really want to find the seed!

I went through each of the 2048 BIP39 words and looked to see if it matched any of the pictures.

It took 2 hours, to redo the list .🥲

Now I have multiple options for each position.

I have to hurry, this is public, others may be trying.

5 million options are not that many.

I just need the right tool.

Enter BTCRecover

A command line tool that I can tell it how to mix the words, and check if they generate the address I'm looking for.

My Mac M1 tries 90,000 seeds/second

Took 1 min, but NO LUCK!

This means that at least one of the possible words is incorrect.

So on one of the positions, I need to try all the 2048 words.

I will have 2048 options on that position.

Positions 4,6 I'm least sure of.

6 days is too slow, others may also be trying to crack the seed!

What if I use all 3 of my laptops.

Together they try 170,000 seeds/second.

Nearly a 2x improvement.

I cut it down from 6 days to 3 days.

Need a bigger improvement, other may be cracking as I am!

My laptops are all cracking using their CPU.

I need GPUs, a lot of GPUs!

There are 2 ways to do more calculations per second:

1) get hardware that can calculate faster

2) get more of the same hardware and run it in parallel.

A GPU is basically a LOT of tiny weak processors that run in parallel and that is why some things run faster on GPUs.

Luckily there are websites where people allow you to rent their powerful computers and you pay per minute.

I used vastAI as seemed to be the cheapest option.

Prices range from $0.3 to $1 (for my needs)

Pretty much all have strong processors, ones with more GPUs cost more.

Ended up renting 16 servers and I was trying 1,096,000 seeds per second.

It would take 11 hours to try all my candidate words, and on the 4th & 12th positions try all 2048 possible words.

So pressed start and got some much-needed sleep.

Woke up and Seed not found.

Angry and disappointed, I closed all the servers, as it cost me money to keep them up.

But then I looked through the list one more time, and wait a minute 8 is not a park, it's Hard Street.

Could it be?

Used initial list of candidate words, but hard on the 8th position.

4 minutes later SEED FOUND!1!1

When you take out the server costs and donation to the person who made the tool, I was left with ~$50.

Best 50 bucks I ever made in my life.

(10 days of continuous work)

Clarifications

I left out a LOT of things to keep it short.

Everything took multiple tries and 10 days of constant hair-pulling.

The 1st pic in the thread was taken right after I found the seed

The screenshots of the commands, I re-ran later when I documented the process.

Thanks for reading and like & retweet(equivalent of here), if you liked it. :D

Usually, I tweet one interesting #Bitcoin fact every day!

This is the only Ethereum fact I have(story more than a fact :p)

Btw the #BitcoinFactOfTheDay was brought to you by BitBox !🇨🇭🔑