The brain wallet technique consists of memorizing the sequence of words used to generate the private keys of your Bitcoin wallet. But beware ! When this is not random, it is the best way to have your funds stolen. An article from BitMEX Research demonstrates this through experience.
Transporting your fortune … in your head
Theoretically, to store your bitcoins, you just need to have your seed in memory , the sequence of words used to generate your private keys . The wallet current Bitcoin generate this sequence of words so random . This therefore makes it more difficult to memorize than a sentence constructed with human logic.
The user may therefore be tempted to generate their private keys with a popular phrase , like the lines of a poem. Simply apply the SHA256 hash function to the chosen phrase to obtain a Bitcoin private key. This is the experience of the author of the BitMEX paper.
He generated, for his study, 8 brain wallets from different sentences and deposited 0.005 BTC on each address. The sentences are taken from novels, popular songs, the Bible or even Satoshi Nakamoto’s whitepaper .
The author was stolen 0.04 BTC dedicated to this experiment in less than a day . 3 of the addresses were even emptied before the provisioning transaction was confirmed on the blockchain. And for one of them, the transaction moving funds was observed only 0.67 seconds after the occurrence of the provisioning transaction in the mempool .
The most resistant was the brain wallet based on the Bitcoin whitepaper extract . The funds did not disappear until after 80 blocks . The author notes that the same entity stole the funds from 4 of the addresses.
The fees associated with these transactions are very high . This indicates that the hacker is aware that he is competing with others to move funds as quickly as possible. If 2 entities have knowledge of private keys, they will raise transaction fees to increase their probability of success.
The speed with which funds have been stolen shows that hackers specializing in brainwallets have servers running 24/7 . The latter scan the blockchain and memory pool for easy-to-hack brain wallets . To do this, they probably have a huge bank of addresses , generated from phrases from books, songs, research papers, blogs, tweets, or other media.
The moral of the story: don’t create a brainwallet from a known sentence
The author writes that he had carried out the same experiment a year earlier. But unlike that study, he had generated the addresses using sequences to select the words, all from well-known books. Hackers could not find the private keys generated from this method. However, he insists that it is certainly only a matter of time .
In order to increase the security level of your brain wallet , you must select your words from different sources , public and private. It is possible to add entropy , for example, with a dice. But even this method is risky.
In conclusion, the use of a brain wallet is, in most cases, to be avoided. An encrypted backup of their private keys, sent by email, is a more secure way to store their bitcoins. The speed at which funds have been stolen shows that hackers are always on the lookout for human error.