Abstract
In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Technically these are passwords and passphrases. We use password for simplicity of presentation.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
We excluded 17 784 brain wallets that were suddenly assigned a tiny amount of bitcoin from 36 linked input addresses within a few hours on August 31, 2013. We strongly suspect these brain wallets were set up by a researcher. We also excluded 15 brain wallets used in over 20 000 transactions between June and August 2015 as part of a network “stress test”.
- 11.
All USD calculations presented here are normalized by the corresponding day’s exchange rate on Bitstamp, as reported by bitcoincharts.com.
References
Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32946-3_29
Böhme, R., Christin, N., Edelman, B., Moore, T.: Bitcoin: economics, technology, and governance. J. Econ. Perspect. 29(2), 213–238 (2015)
Bonneau, J.: Statistical metrics for individual password strength (transcript of discussion). In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2012. LNCS, vol. 7622, pp. 87–95. Springer, Heidelberg (2012). doi:10.1007/978-3-642-35694-0_11
Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, May 2012
Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Research perspectives and challenges for Bitcoin and cryptocurrencies. In: IEEE Symposium on Security and Privacy, May 2015
Caldwell, M., Voisine, A.: BIP 38: passphrase-protected private key, November 2012
Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the 22nd International World Wide Web Conference, pp. 213–224 (2013)
Courtois, N., Song, G., Castellucci, R.: Speed optimizations in Bitcoin key recovery attacks. http://eprint.iacr.org/2016/103.pdf
de Carnavalet, X.C., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: Network and Distributed System Security Symposium (NDSS 2014). Internet Society (2014)
Eskandari, S., Barrera, D., Stobert, E., Clark, J.: A first look at the usability of Bitcoin key management. In: Proceedings of the NDSS Workshop on Usable Security (USEC) (2015)
gmaxwell: #bitcoin-wizards (2015). https://botbot.me/freenode/bitcoin-wizards/2015-09-22/
hashcat: Combinator attack (2015). https://hashcat.net/wiki/doku.php?id=combinator_attack
Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 Workshop on New Security Paradigms, pp. 133–144. ACM (2009)
Steube, J.: PRINCE: modern password guessing algorithm. https://hashcat.net/events/p14-trondheim/prince-attack.pdf
Taylor, M.B.: Bitcoin and the age of bespoke silicon. In: Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, p. 16. IEEE (2013)
Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 162–175. ACM (2010)
Acknowledgements
We thank the anonymous reviewers and paper shepherd Sarah Meiklejohn for their helpful feedback. Some authors are funded by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS&T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific via contract number N66001-13-C-0131. Support from the Oak Ridge Associated Universities Ralph Powe Junior Faculty Enhancement Award is also gratefully acknowledged. This paper represents the position of the authors and not that of the aforementioned agencies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Vasek, M., Bonneau, J., Castellucci, R., Keith, C., Moore, T. (2017). The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets. In: Grossklags, J., Preneel, B. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-54970-4_36
Download citation
DOI: https://doi.org/10.1007/978-3-662-54970-4_36
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-54969-8
Online ISBN: 978-3-662-54970-4
eBook Packages: Computer ScienceComputer Science (R0)