Trusted

BitMEX Reveals Pop-Culture’s Bitcoin “Brain Wallet” Weakness

3 mins
Updated by Ryan Smith
Join our Trading Community on Telegram

In Brief

  • A BitMEX study has shown the weakness of creating so-called “Brain Wallets” using popular culture references.
  • Eight Bitcoin wallets created using lyrics, quotations from books, and other published sources took between less than a second and a few hours to sweep.
  • It appears that malicious actors use a database of pop culture references to quickly guess private keys and drain funds.
  • promo

Despite being touted as a safe way for individuals to store Bitcoin, BitMEX Research has shown the weakness of relying on so-called “Brain Wallets.”
It concludes that deriving private keys from hashed phrases using popular culture references is not suitable for safe storage. Among them were the Bitcoin whitepaper, classic literature, and popular song lyrics.

Pop Culture “Brain Wallets” Sweeped in Seconds

A much-lauded quality of Bitcoin is its unconfiscatability. Those who champion the digital currency often claim that a user can use nothing more than their own mind to store the cryptocurrency in a way that gives no clues of BTC ownership. Simply remembering either a private key, pneumonic seed phrase, or data to derive a private key in one’s head alone is known as a brain wallet. Many Bitcoin proponents reason that such a storage method can provide financial security to vulnerable people around the world – particularly, refugees. The problem, however, is that a private key (essentially a long string of letters and numbers) isn’t the kind of thing humans are good at remembering. A seed phrase (list of 12 or 24 random words) is somewhat easier but still not perfect. Writing down the key or phrase or storing it digitally invites the risk of confiscation. One potential solution is to derive a private key from existing text. A favorite song lyric or introduction to a popular work of fiction, when hashed using SHA-256, provides what, at first glance, may appear to be a strong private key. When an individual needs to use their Bitcoin, they can hash the text again, find their private key, and make a transaction. However, a BitMEX Research study has shown that private keys formed in such a way are actually incredibly weak. In one case, it took around two-thirds of a second to sweep funds from a brain wallet derived from a popular work of fiction.

Malicious Actors Anticipate Pop Culture Private Keys

The BitMEX Research study involved the creation of eight Bitcoin private keys. Each used the hash of a popular culture reference to arrive at its private key. The researcher formed the wallets using hashes from the likes of Moby Dick by Herman Melville, the chorus lyrics to Bob Dylan’s “Blowin’ in the Wind,” a passage from the Bible, and even a quotation from the BTC whitepaper. Each of the wallets received 0.005 BTC to test their security. All of the funds quickly disappeared. The weakest of the private keys was derived from the beginning of Moby Dick. The hash of the famous opening line “Call me Ishmael” took just 0.67 seconds to sweep. Two other wallets were also emptied before the blockchain even confirmed the deposit transaction. The remaining five wallets took less than a day to empty. The analysis showed that the transactions sweeping the wallets used very high fees relative to the average cost of transacting. The researcher suggested that whoever was behind the sweep was aware of other “hackers” attempting to take the funds using similar methods. They, therefore, bumped their own fee up to ensure their transaction succeeded. The speed with which the funds disappeared from the brain wallets suggests the existence of servers constantly scanning the network for weak wallets. The researcher reasons that those behind the attack rely on a vast list of private keys derived from popular culture stored in a database. It’s then simply a matter of testing these against wallets appearing in the Bitcoin transaction memory pool.

Are Brain Wallets Useless?

The BitMEX study concludes that using unmodified text from popular culture is a very poor method of generating a private key. However, it does cite a similar experiment that did not result in lost funds. Wallets with private keys derived from best-selling novels using “a reasonably obvious pattern” remain unsweeped more than a year after creation. The researcher identifies that the difference between the two experiments is that the more recent one used “unmodified text” from books. They do, however, state that such a method should still not be considered absolutely safe. That said, the introduction of additional randomicity, when employed by someone with a solid understanding of both risks and the way hackers operate, may enable the creation of a secure brain wallet derived from pop culture references. Combinations of text sources, used with personal data like dates of births and additional random characters, could result in a secure wallet. The researcher concludes:
“… if you need to use a brainwallet, based on the data on this report, don’t choose anything simple or poetic. I found out the hard way.”
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

c8d670c5ace3fefdd9c2b09519d3b3c7?s=120&d=mm&r=g
A former professional gambler, Rick first found Bitcoin in 2013 whilst researching alternative payment methods to use at online casinos. After transitioning to writing full-time in 2016, he put a growing passion for Bitcoin to work for him. He has since written for a number of digital asset publications.
READ FULL BIO
Sponsored
Sponsored