Indeed, most that was cracked is 4 words by John Cantrell
However he wrote his own tooling in Rust and made the process as efficient as it can be.
Oh you mean with position, absolutely, you can even make weird rules on how to match your words.
Yes, you specify the derivation path.
I only checked 1st position.
I did.
The funny part was that after I found the seed I could not figure out how to send mETH, meta-mask was so very confusing :))
I hacked an #ethereum wallet and took all the money!
Ran 16 servers for a whole day!
How did I do it?
What tools did I use?
Was it profitable?
1st of all this was a bounty.
I DID NOT STEAL THE ETH :D
Check Twitter and I am tagged in an Ethereum post.
Only used Ethereum 2 times, initially not interested.
The pictures are clues to a BIP39 seed which unlocks 0.1 ETH
Ok, let me take another look.
As all the words are from the 2048 known words Dictionary.
I took a guess for each picture and checked if it was in the dictionary.
Found 11, not sure about the 4th.
But it's one of the 2048 words, so I just need to try all of them.
Easy job for a computer :p
Enter Seed Savior - Brute forces 1 word.
I just pasted the words I know and it showed all the possible valid 4th word.
As I know the address, I just have to search for it here.
Got 138 valid 4th words ,but my address is not present..
At least 1 of my guesses is wrong.
Now really want to find the seed!
I went through each of the 2048 BIP39 words and looked to see if it matched any of the pictures.
It took 2 hours, to redo the list .🥲
Now I have multiple options for each position.
I have to hurry, this is public, others may be trying.
5 million options are not that many.
I just need the right tool.
Enter BTCRecover
A command line tool that I can tell it how to mix the words, and check if they generate the address I'm looking for.
My Mac M1 tries 90,000 seeds/second
Took 1 min, but NO LUCK!
This means that at least one of the possible words is incorrect.
So on one of the positions, I need to try all the 2048 words.
I will have 2048 options on that position.
Positions 4,6 I'm least sure of.
6 days is too slow, others may also be trying to crack the seed!
What if I use all 3 of my laptops.
Together they try 170,000 seeds/second.
Nearly a 2x improvement.
I cut it down from 6 days to 3 days.
Need a bigger improvement, other may be cracking as I am!
My laptops are all cracking using their CPU.
I need GPUs, a lot of GPUs!
There are 2 ways to do more calculations per second:
1) get hardware that can calculate faster
2) get more of the same hardware and run it in parallel.
A GPU is basically a LOT of tiny weak processors that run in parallel and that is why some things run faster on GPUs.
Luckily there are websites where people allow you to rent their powerful computers and you pay per minute.
I used vastAI as seemed to be the cheapest option.
Prices range from $0.3 to $1 (for my needs)
Pretty much all have strong processors, ones with more GPUs cost more.
Ended up renting 16 servers and I was trying 1,096,000 seeds per second.
It would take 11 hours to try all my candidate words, and on the 4th & 12th positions try all 2048 possible words.
So pressed start and got some much-needed sleep.
Woke up and Seed not found.
Angry and disappointed, I closed all the servers, as it cost me money to keep them up.
But then I looked through the list one more time, and wait a minute 8 is not a park, it's Hard Street.
Could it be?
Used initial list of candidate words, but hard on the 8th position.
4 minutes later SEED FOUND!1!1
When you take out the server costs and donation to the person who made the tool, I was left with ~$50.
Best 50 bucks I ever made in my life.
(10 days of continuous work)
Clarifications
I left out a LOT of things to keep it short.
Everything took multiple tries and 10 days of constant hair-pulling.
The 1st pic in the thread was taken right after I found the seed
The screenshots of the commands, I re-ran later when I documented the process.
Thanks for reading and like & retweet(equivalent of here), if you liked it. :D
Usually, I tweet one interesting #Bitcoin fact every day!
This is the only Ethereum fact I have(story more than a fact :p)
Btw the #BitcoinFactOfTheDay was brought to you by BitBox !🇨🇭🔑
I think that most probably to have happened.
Did you know in 2014 someone uploaded their #Bitcoin wallet to the internet?
The wallet had 10 Bitcoins.
This was done to show no one can break the encryption protecting the wallet.
This is MultiBit a #Bitcoin wallet launched on 12 September 2011.
The tagline was:
- Run it from your USB drive/ home computer.
- Nice and secure.
- Send and receive bitcoin easily
One selling points was that you can open multiple wallets at the same time.
This should really put into perspective how primitive things were back then.
Btw you could not even import/export the private keys in early versions, no interoperability between wallets.
Even though the total size of the blockchain was 600M, the main selling point of the wallet was that it was a light wallet.
The whole directory was only 16M
The wallet would only keep parts of the blockchain that had its own transactions.
TXs it does not use were erased.
So what?
Well, this shows how in the early days the main focus was to make #BitCoin as easy to use as possible!
(yes they wrote it like that)
Also, think about this.
Everything you get by default and do with 1 click, was not even an option back then!
Thanks for reading and like & retweet(nostr equivalents), if you liked it. :D
Follow for more #Bitcoin facts like this every day!
And the #BitcoinFactOfTheDay was brought to you by BitBox !🇨🇭🔑
Did you know @ElectrumWallet was the 1st #Bitcoin deterministic wallet?
Before this people used to backup each individual key, and there was no restore function.
Also, the 1st wallet to implement "mnemonic" backups, way before BIP39.
Electrum wallet was announced on 5 November 2011 as a Lightweight Bitcoin Client.
It was the 1st modern Bitcoin wallet and brought features that improved the UX by 100x.
You did not have that many options back then.
You either use Bitcoin Core(not called Core at the time) or some custodial wallet.
Electrum introduced this server model where it's non-custodial, and you just ask the server for information about balances and broadcast TXS.
(there is a privacy trade-of)
Back then your Bitcoin wallet would generate individual keys for each of your addresses.
You may think, it's still doing that now, true.
But there was no relation between the keys.
And I do mean private keys, there were no English words associated with them.
If you restart your wallet you get new keys every single time!
Hence NONdeterministic.
The #Bitcoin community was aware of this YUGE pain and solutions were being discussed as early as June 2011
This resulted in the widely used BIP32 created in February 2012.
The 1st version of Electrum mnemonic backups worked similarly to BIP39.
- 12 words encoded using a 1626-words-dictionary.
- words chosen from poetry list on Wikipedia.
- encoding is designed, to avoid conflict with a patent.
- words were chosen to be easier to remember.
Meanwhile, in 2013 BIP39 was created and used together with BIP32.
Separate BIPs for each type of script/address, and the same seed can be used ever with multiple coins!
Deterministic wallets are a thing!
But there is there is a catch.
There are a LOT of derivation paths for each type, and new types may be introduced.
BIP39 encodes the secret in English words, but no information about the paths.
This is problematic, as different wallets use different derivation paths, so to be 100% sure of recovery in the distant future you need to back also derivation paths.
Plus you can't upgrade this standard.
The authors made this design choice on purpose.
A flaw in my opinion.
In 2015, with Electrum 2.0 a new and improved seed system was introduced.
(still used today)
Addressing the shortcomings above:
- it had a versioning system
- allows updates
- not dependent on any particular dictionary
However, how many of you are using Electrum seeds?
BIP39 grew more popular and became the de facto standard.
Even though most people think "just the words" are a great backup, they could not be more wrong.
Not all wallets use the same derivation paths!
The fact that this website exists, proves the flaws in BIP39.
Thanks for reading and like & retweet(or what ever its called here), if you liked it. :D
Follow for more #Bitcoin facts like this every day!
And the #BitcoinFactOfTheDay was brought to you byBitBox !🇨🇭🔑
Did you know that #Bitcoin Core did NOT initially have a 21M cap limit?
Because of a C++ quirk, the original code that enforces the halvings would have restarted the halvings after the last halving, around 2214.
This was fixed with BIP42 in 2014.
(fix in pic)
This is the biggest loss in #Bitcoin history.
2,609 are forever!
23 transactions in Block 150,951 on 28 October 2011.
Why are they lost?
Who lost them?
🧵Thread👇
As the blockchain is public we can see which coins are provably lost.
We see coins being burned quite often in small amounts.
(prolly new tokens being issued on Bitcoin)
But if we look at the biggest losses, we can tell they were not burned on purpouse.
It's human error.
When you give someone an address you are actually giving them a box, which ONLY you have a key that can unlock it.
This is guaranteed by the fact that only the entity that has the private key corresponding to a public key can provide a signature to unlock the box.
These locks are called Bitcoin Scripts.
They are small programs that sit on top of each Bitcoin. When you move Bitcoins, when you run these programs.
If needs to return success, coins move.
And the good part is that you can add very various conditions here.
Multi-sig is an example of such conditions.
But it is up to you to make sure you set the right conditions.
One way to make an error would be to add someone's else address.
Another way is to add invalid address, or create some conditions that can never be fulfilled.
Bitcoin addresses have a checksum at the end to avoid sending Bitcoin wrong address.
This safety check is done in the wallet, there is no such check in the Bitcoin script.
To get an address Public Keys are hashed RIPE160.
The same hash function is also used in the script.
All the TXs above have the same script.
The script says:
These Bitcoins can be moved by the public key that when hashed with RIPE160 has a 1-byte-output.
This is impossible, as the function always outputs 20 bytes.
RIPE 160 bits = 20 bytes
This condition can never be meet
The TXs were constructed by Mark Karpeles aka MagicalTux CEO of MtGox.
We know this as he admitted it on #MtGox IRC channel
At the time worth only $10,957 and only a week of profits for Gox.
Today they are worth $120,200,000.
Thanks for reading and like & retweet, if you liked it. :D
Follow for more #Bitcoin facts like this every day!
And the #BitcoinFactOfTheDay was brought to you by @BitBoxSwiss!🇨🇭🔑
IIRC you can exit GBTC only at expiry date, while the ETF is like and spot product.
Yeah sure looks like it ;(
I’m very glad you liked it.
I am aware of the not limit, but I think written in multiple smaller chunks, has a higher change of being ready ;)
Though loading them may be more problematic.