Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Most Bitcoin Brain Wallets Drained by Attackers

Bitcoin Brain Wallets Drained

Bitcoin Brain Wallets Drained

Researchers discovered that most of the roughly 1,000 brain wallets used by Bitcoin owners to store their digital money have been looted by malicious actors.

Brain wallet, or brainwallet, is the concept of storing the private keys used to make Bitcoin transactions in an individual’s memory. Brain wallets are derived from passwords chosen by the user and they were initially considered more secure than traditional Bitcoin wallets because they could not be compromised by malware.

However, it has been demonstrated that brain wallets are not efficient for the secure storage of Bitcoins because the passwords can be easily cracked. Researcher Ryan Castellucci gave a talk at the DEF CON conference last year about cracking brain wallet passphrases, which led to the service being shut down.

A research paper published this month presented a new method that can be used to crack brain wallet passwords 2.5 times faster compared to the method presented by Castellucci at DEF CON.

An analysis conducted by researchers at the University of Tulsa, Stanford University and the Southern Methodist University found that brain wallets have in most cases failed to protect Bitcoins from getting stolen.

An evaluation of roughly 300 billion passwords generated using a wide range of word lists revealed that only less than 1,000 brain wallets had been set up between September 2011 and August 2015.

The 300 billion passwords were derived from words found in dictionaries, Wikipedia, song lyrics, passwords leaked as a result of major data breaches, and other sources. The passwords were then compared to a list of all used Bitcoin addresses to determine which of them were associated with brain wallets.

Advertisement. Scroll to continue reading.

Experts identified 884 brain wallets storing 1,806 BTC (worth approximately $100,000), and determined that only 21 of them, representing 2 percent of the total, were not drained by cybercriminals.

According to researchers, many wallets were drained within minutes, while most were emptied within 24 hours. Wallets loaded with at least $100 worth of cryptocurrency were looted faster than ones storing less funds, and there is no evidence that users storing larger amounts of money selected stronger passwords.

An analysis of the Bitcoin transactions involving brain wallets showed that at least 14 individuals or groups are responsible for the attacks.

“A few drainers are very successful while the rest do not make very much,” researchers wrote in their paper. “The top 4 drainers have netted the equivalent of $35,000 between them. The drainer who has emptied the most brain wallets — 100 in all — has earned $3,219 for the effort. But other drainers have stolen very little money. For example, one drainer stole from 78 different brain wallets but netted only $62 worth of bitcoin.”

Related: Bitcoin Lending Platform Loanbase Breached

Related: Bitcoin Trader Cryptsy Robbed via IRC Backdoor

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...