Hackers Crack Hundreds of Bitcoin Wallets; Net Over $700k in Bitcoins
Bitcoin wallet technology is advancing worldwide, with products like Trezor and Case hardware wallets that have cameras and GSM Internet chips. Hackers are also advancing their efforts with overall computer tech improving at an even faster rate. With Bitcoin’s primary blockchain proving impenetrable to any hacking attacks after seven years of service, each individual is a more likely target. Now, over $103,000 USD has been stolen in a recent attack on the owners of some Bitcoin “brain wallets.”
What is a “brain wallet?” A brain wallet is a wallet that does not require any physical storage of keys, nor a computer, fault, paperwork or other means to record owner keys. The allure of a brain wallet is the ability to travel anywhere and maintain your wealth without the need for a bank’s safe deposit box, a paper wallet that may get flooded or burn. The theory is that users have the ultimate freedom and versatility of remembering a passcode to access precious Bitcoin digital currency.
The only problem with this theory of the perfect wallet is that security is far from perfected. 884 Bitcoin accounts lost over 1800 Bitcoins over the course of six years. These Bitcoins today are worth over $722,000 USD. The underlying weakness in these brain wallets was the users created wallets with weak passwords that used a single hash, SHA256 function without cryptographic salt, many of these passwords were even stored on the public blockchain itself.
Marie Vasek, Joseph Bonneau, Ryan Castellucci, Cameron Keith, and Tyler Moore will present “The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin Brain Wallets” publicly at the Financial Cryptography and Data Security 2016 Conference in Barbados next week. They will be exposing the details of this security breach and the inherent flaws with Bitcoin brain wallet security to the audience (This paper is viewable in its entirety here.)
“Our results reveal the existence of an active attacker community that rapidly steals funds from vulnerable brain wallets in nearly all cases we identify,” the paper explains. “In total, approximately $100K worth of bitcoin has been loaded into brain wallets, with the ten most valuable wallets accounting for over three-quarters of the total value. Many brain wallets are drained within minutes, and while those storing larger values are emptied faster, nearly all wallets are drained within 24 hours.”
While some hypothesize on the merit of brain wallets and the ability to increase their security, the brain wallet was public debunked by one of the authors of this paper, Ryan Castellucci, at the Defcon Hacker Convention last August. This led to the closing of the world’s largest producer of brain wallets, brainwallet.org, soon after.