The Bitcoin wallet has been cracked. In a research paper, three researchers have claimed that the Bitcoin brain wallet password can be accessed for less than €49.63 euros or about $55.86 US dollars.
Bitcoin first arrived in 2008 on a white paper presented on the Internet by the unknown Satoshi Nakamoto. It was released as a cryptocurrency which would allow anonymity in peer-to-peer transactions without geographical border restrictions or government interference.
The basic premise is that Bitcoin would be utilized via the Bitcoin wallet with a secure password protocol, both for the sake of security and ease of operability for the user. The simple set-up would require an “address”. The Bitcoin address or string in the ID has between 26 and 35 alpha-numeric characters. The owner of the Bitcoin account has a “private key” for use of access and transfer of bitcoin. All of the original account initiation allows the private key can be controlled and allow the ability to change the passcode later.
Once you have your Bitcoin wallet and buy bitcoin or transfer it, the blockchain or global ledger registers it in real time. Blockchain is considered the future basis for cashless transactions and acts as a notary whether it is banking, mortgage lending, stock transactions or any exchange of value the record keeping.
The blockchain protocol records every transaction completed into the chain with its value and point of record date. Each block has a hash of the previous block and guarantees the chronology. To attempt a change would require an entire block afterward to be regenerated and record of the change. The ability to exchange assets through a cryptology format or currency with permanent, indisputable record is the value of Bitcoin, and its anonymity is the attraction to Bitcoin fervent supporters. The ability to gain access to your Bitcoin brain wallet is the wrinkle presented by the researchers.
The Bitcoin wallet operation on the 2-Factor Authentication key security system is where the entry is vulnerable. Ryan Castellucci, White Ops security researcher, found this is not a safe method to create the Bitcoin private key in the Bitcoin brain wallet. He gave proof of its vulnerability with a demonstration last summer at the DEFCON 23 security conference in Las Vegas, USA. He cracked the passkey in front of an audience.
The two researchers from the University College London stepped in and expanded upon this revelation, and the three cryptology experts explained in their research paper an elliptic curve algorithm known as secp256k1 which is part of the Bitcoin internal composition. Access to this Bitcoin internal component and use of the algorithm allows the hacker 2.5 times faster method of cracking the Bitcoin private keys setup in the Bitcoin Wallet.
How successful were the researchers? They could use their technique and crack 18,000 passwords. Some of the passphrases were silly simple, such as say “hello to my little friend” or “to be or not to be”. They report in their paper that cracking the Bitcoin passkey has been accomplished by other hackers and reported online.
How is this achieved and done so cheaply? The researchers used the very available Amazon EC2 web service account from which an attacker would be able to check over 500,000 Bitcoin passwords per second. Since you only pay only for the capacity in the cloud that you use, it would cost about one US dollar spent for the EC2 server to check 17.9 billion password strings. So, to check a trillion passwords, it would cost the attacker only €49.63 or $72. It is very cost efficient theft.
You may read more about this method in the Speed Optimizations in Bitcoin Key Recovery Attacks research paper, published and hosted on the International Association for Cryptologic Research website.
Featured image from Shutterstock.
Last modified: May 21, 2020 10:33 AM UTC