- One Bitcoin was just brute-forced from a wallet as part of a joint puzzle and giveaway.
- Orchestrated by Alistair Milne, the giveaway involved dropping hints periodically on social media to each word in a 12-word seed phrase.
- After the eighth hint was dropped, it took an attacker 44 hours to hack into the wallet by guessing the last four words.
A wallet with 1 BTC was just brute-forced, but don’t worry: its owner wanted it this way.
Alistair Milne, the CIO of the Altana Digital Currency Fund, tweeted this morning that he woke up to the “bad news” that 1 BTC (currently worth north of $9,300) had been taken from an address he controlled. Incidentally, Milne actually wanted this Bitcoin stolen. It was part of a giveaway/puzzle that he orchestrated via Twitter.
Milne posted about the giveaway at the end of May, stating that he would periodically release a hint to a 12-word seed phrase for a wallet address containing a little over 1 BTC. In an effort to prevent brute-forcing (or running programs to guess the seed phrase), Milne intended to “give the last 3 or 4 words all at once.”
But he never got the chance, because one community member was able to brute-force the wallet’s seed after the eighth hint was published. It took the attacker 44 hours to find the full seed phrase.
Milne mentioned on Twitter that he was hoping to make the giveaway more inclusive to the “not-so-tech-savvy.” More than a clever giveaway, this puzzle is also a technical experiment in how quickly an attacker can derive a 12-word seed if they have over half of its words.
A seed phrase for a cryptocurrency wallet is a 12- or 24-word phrase. This acts as a backup phrase for a Bitcoin wallet’s private keys. It would take, according to some estimates, billions of years to crack these phrases without knowing any of the words (or letters) in the mnemonic. But with every hint and word that Milne published in this scenario, the seed became easier to crack.
Still, Milne was impressed by the rate at which the hacker brute-forced the seed. He was also intrigued by the high miner fee 0.01 they paid, saying that this likely means the miner felt pressure to move it quickly lest another participant crack the code first.