Crypto hackers appear to be on the prowl once more, as they’re now hunting for passphrases. However, many seem to be hunting specially for brainwallets. According to a recent BitMEX Research report, hackers have been working around the clock to scan the Bitcoin network and check for easy-to-crack passwords in brainwallets.
Weak Mnemonic Phrases
A brainwallet is essentially the concept of memorizing your private key and not writing it down anywhere else. Instead of owning a wallet app or a physical wallet, you store the seed phrase in your mind and employ it whenever you want to make a transaction. Using this method, the only way that a hacker will gain access to your Bitcoins is if you tell them your private key. The method of storing assets is more secure and user-friendly, as long as you’re able to remember the key.
The process of creating a brainwallet is pretty straightforward. A user can get a seed-generation device like Armory or Electrum and create a passphrase that they can easily remember.
However, as BitMEX Research found out, hackers have also been on the hunt for some easier-to-crack variants. While most of these have been mere guesses, they’ve also been quite rampant, as hackers are getting more desperate with their research.
The report explained that hackers have begun setting up servers to crawl the Bitcoin blockchain in search of possible victims. BitMEX Research pointed out that most mnemonic seeds tend to contain 12 or more words, and users have been known to use a combination of words that they are familiar with.
Most of these words rely on pop culture references that they can easily remember. However, hackers have become more aware of this, and they’re hitting wallet owners quite hard.
In its study, BitMEX Research created eight brainwallets using pop culture references. Some references were taken from notable literature books like Moby Dick and Pride and Prejudice, the Christian Bible, and more. The research team found that none of these wallets survived for a day without getting hacked. One of the wallets was even drained in less than a second of its creation.
Traditional Wallets Aren’t So Safe, Either
The company eventually warns that people who create brainwallets take more caution regarding the words they use in their seed phrases.
The issue of brainwallets adds to the many security problems facing the crypto industry at this point. Last month, top crypto exchange KuCoin was breached as hackers managed to steal millions in assets from its hot wallets. Per a company statement, the hackers gained access to KuCoin’s private keys. From there, they stole several tokens and moved them to other exchanges.
Estimates from ZDNet confirmed that the exchange lost about $150 million in user funds. While the company has made significant progress with recovering the lost funds, it shows that the industry still has a long way to go regarding security.