Hacking 101: Security of Bitcoin Wallets, From a Hacker's Point of View

The safety of crypto wallets was recently questioned, after an incident where a Bitcoin address was successfully hacked. John Cantrell, better known as a Bitcoin and Lightning Network developer, successfully completed a challenge issued by Alistair Milne and obtained the private keys to the latter’s e-wallet.

The challenge went viral on social media, with people reiterating that his success was proof that Bitcoins were not secure. John Cantrell explained on his social platform that it was beside the point.

Rather, the moral of the story was that one should never publicly expose one’s own keys. Additionally, he stated that the only reason why the hack was successful was because eight of the 12-word mnemonic seed were uncovered.

The challenge

On May 29, CIO of the Altana Digital Currency Fund Alistair Milne tweeted about a challenge decreeing that over the course of 30 days, he planned on releasing a mnemonic to his Bitcoin wallet, which was comprised of a 12-word mnemonic seed. The prize was the unlocking of 1 Bitcoin inside the wallet once it was successfully hacked.

In order to successfully complete the challenge, roughly 1.1 trillion possible mnemonics would have to be generated and sorted out. As Cantrell explained, “It would take the same system that brute forced the last 4 words of his mnemonic 837 quintillion millennium to brute force all possible 12-word mnemonics [...] if you know as few as 5 words.”

Cantrell turned to cloud computing in order to solve the digital equation, running several dozen Graphics Cards at a time. Finally, after 1 trillion checks, Microsoft’s cloud computing services found a solution.

According to Cantrell, Bitcoin wallets are very secure, and the only way one’s digital assets can be at risk is when seed words to one’s account are revealed publicly.

Is the Bitcoin network secure?

As it seems, the only effective way to hack the Bitcoin Network without the above elements remains a 51% attack. This refers to a situation where an entity gains control of more than 51% of the total computing (hashing) power within a blockchain network. The protocol of a blockchain system validates the record that is backed by more than 50% of the hash power—meaning the attackers could then direct the blockchain to reverse transaction confirmations on the Bitcoin they spend, allowing them to double-spend their own Bitcoin supply.

Image source: Shutterstock