A systems architect has won a bounty of 100,000 Satoshi, or 0.001 Bitcoin (BTC), valued at $29, after cracking a seed phrase within half an hour. Andrew Fraser from Boston highlighted the importance of keeping a Bitcoin wallet seed phrase secure and offline. A seed phrase, or recovery phrase, is a set of randomly generated words that can access the wallet, like a master key. Fraser used the BTCrecover software to brute force a 12-word seed phrase, which was shared on Twitter by Bitcoin educator “Wicked Bitcoin”. The incident serves as a timely reminder for crypto users to take security seriously.
Anyone want to try and brute force this 12-word seed phrase securing 100,000 sats? I’ll give you all 12 words but in no particular order. Standard derivation path m/84’/0’/0’…no fancy tricks. GL. pic.twitter.com/nPGTB9bX2g
— Wicked (@w_s_bitcoin) April 26, 2023
Fraser explained that 12-word seed keys are “perfectly secure” if the words remain unknown to hackers, or if a passphrase is used in the derivation path of the wallet. While emphasizing the superiority of 24-word seed keys, he pointed out that a 12-word seed has roughly 128 bits of entropy, while a 24-word seed has approximately 256 bits. An attacker can easily test the possible combinations of an unordered 12-word seed, whereas the possibility of cracking a 24-word seed is farfetched. Users are advised not to publish or share seed phrases online, store them in password managers or cloud storage solutions, or type them out on their phone. Fraser recommended keeping seed keys secret and using a passphrase as part of the derivation path.
Cointelegraph Magazine: Bitcoin in Senegal: Why is this African country using BTC?