During a giveaway held by Alistair Milne, Bitcoin developer John Cantrell was able to hack a wallet containing 1 BTC, a feat he accomplished in less than 48 hours.
Alistair Milne, cryptocurrency investor and entrepreneur, announced a Bitcoin giveaway several weeks ago, in which the winner would get the amount of 1 BTC, currently valued at €8.542 ($9.626 USD), if they managed to solve the puzzles and clues given. by Milne. In the raffle Milne would provide clues for the participants to discover what the mnemonic seed phrase of 12 words that the wallet contained; For this, only Milne provided 8 of the 12 words of the seed phrase randomly and at regular time intervals. Now recently the developer of Bitcoin y Lightning Network, John Cantrell, announced that he was able to solve the puzzle and hack the wallet with the bitcoin it contained.
Although at the time of his announcement, many Bitcoin users began to claim that Bitcoin is no longer safe, which is why Cantrell published a thread on his Twitter account mentioning that Bitcoin is still safe and that this was an exercise whose objective It was not to check the security of Bitcoin.
Likewise, Cantrell published an article where he described the entire process he had carried out to decipher the wallet's seed phrase, highlighting that he had to try a trillion different words to solve the puzzles in less than 48 hours.
It may interest you: Alert: Lighting Network user funds may be at risk of theft
Bitcoin Challenge Explained by John Cantrell
First of all, Cantrell points out that with only 8 of the 12 words in the phrase he had to try 1,1 trillion mnemonic words to discover the phrase. Likewise, Cantrell pointed out that in order to test a single mnemonic, he had to generate a seed from the master private key (Master Private Key) mnemonic that was generated from the seed, in addition to an address from the master private key.
Cantrell then explains to us that he created a CPU version in Peace in order to compare the performance of a CPU solver, but his computer could only verify about 1.250 mnemonics per second; So checking the trillion mnemonics would have taken approximately 25 years, which is not at all encouraging.
After this test, Cantrell chose to test all the code necessary to generate and verify the mnemonic phrase with the programming language OpenCL C, which allows you to run code on a GPU. From this version, Cantrell notes that he was able to check about 143.000 mnemonics per second, so it would only take him about 83 days to check the trillion mnemonics and discover the wallet's seed phrase. Now using this method, Cantrell reveals that he spent just over $350 renting GPU equipment to pool batches of 16 million mnemonics per GPU, which recorded the results on the server.
On the other hand, Cantrell reveals that he thought other people were doing the same procedure as him, so once he was able to access the wallet he decided to pay a fee of 0,01 BTC in commissions for the miners to confirm his transaction before any other.
Bitcoin remains safe
Despite the great feat he accomplished, Cantrell claims that Bitcoin is still safe for users. In a thread posted on Twitter, Catrell comments that claiming that Bitcoin is no longer secure is a false conclusion, and that users should not worry about applying brute force to hack a wallet.
Likewise, the developer points out that he was able to hack the wallet because Milne had already provided 8 of the 12 words of the seed phrase, so if users want to keep their funds safe they should not publish any of these words anywhere.
For his part, in his publication he also pointed out that with the 8 words of the phrase he still had the remaining 4 to solve, so he would need to test approximately 1 trillion mnemonics to reveal the complete key.
“With 8 words, that means we know 8 * 11 or 88 bits of the 128 bits we are trying to solve. It means that there are 'only' 2^(128–88) or 2⁴⁰ possible mnemonics that we would have to check. This is 1,099,511,627,776 or approximately 1.1 trillion possible mnemonics.”
Likewise, he pointed out that if a user decided to invest in the rental of equipment, even equipment ASIC, would have to spend a million-dollar sum to accomplish this feat starting without any clue. So this feat shows us the importance of keeping our seed phrase safe and protected at all times, if we do not want to lose our funds.
Continue reading: Argent Ethereum presents a serious security vulnerability that can put user funds at risk
