Bitcoin Brain wallets
Researchers discovered that most of the roughly 1, 000 brain wallets used by Bitcoin owners to store their digital money have been looted by malicious actors.
Brain wallet, or brainwallet, is the concept of storing the private keys used to make Bitcoin transactions in an individual’s memory. Brain wallets are derived from passwords chosen by the user and they were initially considered more secure than traditional Bitcoin wallets because they could not be compromised by malware.
However, it has been demonstrated that brain wallets are not efficient for the secure storage of Bitcoins because the passwords can be easily cracked. Researcher Ryan Castellucci gave a talk at the DEF CON conference last year about cracking brain wallet passphrases, which led to the Brainwallet.org service being compared to the method presented by Castellucci at DEF CON.
An analysis conducted by researchers at the University of Tulsa, Stanford University and the Southern Methodist University found that brain wallets have in most cases failed to protect Bitcoins from getting stolen.
An evaluation of roughly 300 billion passwords generated using a wide range of word lists revealed that only less than 1, 000 brain wallets had been set up between September 2011 and August 2015.
The 300 billion passwords were derived from words found in dictionaries, Wikipedia, song lyrics, passwords leaked as a result of major data breaches, and other sources. The passwords were then compared to a list of all used Bitcoin addresses to determine which of them were associated with brain wallets.
Experts identified 884 brain wallets storing 1, 806 BTC (worth approximately $100, 000), and determined that only 21 of them, representing 2 percent of the total, were not drained by cybercriminals.
According to researchers, many wallets were drained within minutes, while most were emptied within 24 hours. Wallets loaded with at least $100 worth of cryptocurrency were looted faster than ones storing less funds, and there is no evidence that users storing larger amounts of money selected stronger passwords.
An analysis of the Bitcoin transactions involving brain wallets showed that at least 14 individuals or groups are responsible for the attacks.