John Cantrell has published an article showing how he hacked into a Bitcoin address to win 1 BTC.
The hack was part of a contest organized by Altana Digital’s CIO.
A seed phrase for a cryptocurrency wallet could be a 12- or 24-word phrase. This acts as a backup phrase for a Bitcoin wallet’s private keys. It would take, according to some estimates, billions of years to crack these phrases without knowing any of the words (or letters) in the mnemonic.
In an article for Medium, developer John Cantrell revealed how he was able to hack into a Bitcoin address to earn a reward. Part of a contest organized by Altana Digital’s CIO, Alistair Milne, Cantrell claimed it took him 30 hours to review about 1.1 trillion possible mnemonics from 8 seed words Milne gave. The address required entering the 12-word master key. After opening the address, he was rewarded with 1 BTC.
Milne launched the contest in May and gradually posted clues on his social networks. This way, participants could guess the words of a 12-word seed that protected the Bitcoin. The last 4 clues for the words, according to Milne, were to be posted at the same time to prevent anyone from guessing them. But Cantrell’s achievement showed that only 8 were needed. Although, as the developer says, it took considerable effort.
How to crack a Bitcoin address?
To be able to guess the remaining words and win the Bitcoin, the developer said he has written a program to measure the time, the estimated computer power and the real possibility of guessing the 4 remaining words. Cantrell said:
The strategy I was going to use was to calculate a start and end number that I needed to iterate between based on a set of known input words. For each number I would calculate the address corresponding to that number and then check if the address was the one that held the 1 BTC. If it was the address I would then create and sign a transaction to sweep the funds into a wallet I control.
However, according to the developer’s estimates it would have taken him 25 years to guess the 4 words with the computing power of his laptop having 8 words. So he had to rent a more powerful machine: a 32-core CPU-optimized machine from Digital Ocean. This allowed him to check 8,000 possibilities per second.
But the developer still needed too much time and 1000 times more computing power to be the first to guess the words. So he rented about a dozen graphics cards in a GPU marketplace and leased 40 GPUs from Microsoft’s Azure network. In all, he spent about $500 in the process of getting more computing power. The result was as follows:
At the peak I was testing about 40 billion mnemonics per hour. This means it should have taken around 25 hours to test the1 trillion mnemonics. I knew that on average it should only take 50% of the time (depending on what the 9th word actually was).
After several hours without result, the developer began to worry. For a moment he lost hope and was about to turn off the computers to try a new version, but after trying 91% of the possibilities he found the solution.
With the four remaining words he was able to get access to the wallet. Nervous that someone might try to prevent the transaction, he set a high fee of 0.01 BTC to speed up the validation. Minutes later his transaction was validated and included in a block. The Bitcoin was irreversibly his.
Is the Bitcoin network secure?
According to Cantrell, bitcoins stored in every wallet generated from a 12-word mnemonic is secure. The only reason why he was ready to hack the Bitcoin wallet was because the wallet’s owner publicly exposed eight words from his 12-word mnemonic seed.
Cantrell said that with an equivalent mechanism it might have taken him 309,485,009,821,345,068,724,781,056 days to guess the 12 words of the complete seed phrase to achieve access to the address.
As it seems, the sole effective way to hack the Bitcoin Network without the above elements remains a 51% attack. This refers to a situation where an entity gains control of quite 51% of the complete computing (hashing) power within a blockchain network. The protocol of a blockchain system validates the record that's backed by over 50% of the hash power—meaning the attackers could then direct the blockchain to reverse transaction confirmations on the Bitcoin they spend, allowing them to double-spend their own Bitcoin supply.
CTTO: https://www.crypto-news-flash.com/hacker-explains-how-he-could-crack-a-bitcoin-address/amp/
Source:
https://www.crypto-news-flash.com/hacker-explains-how-he-could-crack-a-bitcoin-address/amp/
https://blockchain.news/postamp?id=hacking-cantrell-pulled-off-seemingly-impossible-stunt
https://decrypt.co/32853/hacker-reveals-how-he-cracked-a-bitcoin-address?amp=1
https://decrypt.co/32681/bitcoin-address-hacked-on-purpose?amp=1
There are thousands of words used for seed phrase.. I think it's really impossible to hack it 😅