The bitcoin brain drain

Examining the use and abuse of bitcoin brain wallets

Marie Vasek, Joseph Bonneau, Ryan Castellucci, Cameron Keith, Tyler Moore

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.

Original languageEnglish (US)
Title of host publicationFinancial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers
PublisherSpringer Verlag
Pages609-618
Number of pages10
Volume9603 LNCS
ISBN (Print)9783662549698
DOIs
StatePublished - 2017
Event20th International Conference on Financial Cryptography and Data Security, FC 2016 - Christ Church, Barbados
Duration: Feb 22 2016Feb 26 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9603 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other20th International Conference on Financial Cryptography and Data Security, FC 2016
CountryBarbados
CityChrist Church
Period2/22/162/26/16

Fingerprint

Password
Brain
Range of data

Keywords

  • Bitcoin
  • Brain wallets
  • Cybercrime measurement
  • Passwords

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Vasek, M., Bonneau, J., Castellucci, R., Keith, C., & Moore, T. (2017). The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets. In Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers (Vol. 9603 LNCS, pp. 609-618). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9603 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-662-54970-4_36

The bitcoin brain drain : Examining the use and abuse of bitcoin brain wallets. / Vasek, Marie; Bonneau, Joseph; Castellucci, Ryan; Keith, Cameron; Moore, Tyler.

Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers. Vol. 9603 LNCS Springer Verlag, 2017. p. 609-618 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9603 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Vasek, M, Bonneau, J, Castellucci, R, Keith, C & Moore, T 2017, The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets. in Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers. vol. 9603 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9603 LNCS, Springer Verlag, pp. 609-618, 20th International Conference on Financial Cryptography and Data Security, FC 2016, Christ Church, Barbados, 2/22/16. https://doi.org/10.1007/978-3-662-54970-4_36
Vasek M, Bonneau J, Castellucci R, Keith C, Moore T. The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets. In Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers. Vol. 9603 LNCS. Springer Verlag. 2017. p. 609-618. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-662-54970-4_36
Vasek, Marie ; Bonneau, Joseph ; Castellucci, Ryan ; Keith, Cameron ; Moore, Tyler. / The bitcoin brain drain : Examining the use and abuse of bitcoin brain wallets. Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers. Vol. 9603 LNCS Springer Verlag, 2017. pp. 609-618 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{af2cc71a89cd4b85ace89b8d31169409,
title = "The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets",
abstract = "In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.",
keywords = "Bitcoin, Brain wallets, Cybercrime measurement, Passwords",
author = "Marie Vasek and Joseph Bonneau and Ryan Castellucci and Cameron Keith and Tyler Moore",
year = "2017",
doi = "10.1007/978-3-662-54970-4_36",
language = "English (US)",
isbn = "9783662549698",
volume = "9603 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "609--618",
booktitle = "Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers",
address = "Germany",

}

TY - GEN

T1 - The bitcoin brain drain

T2 - Examining the use and abuse of bitcoin brain wallets

AU - Vasek, Marie

AU - Bonneau, Joseph

AU - Castellucci, Ryan

AU - Keith, Cameron

AU - Moore, Tyler

PY - 2017

Y1 - 2017

N2 - In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.

AB - In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.

KW - Bitcoin

KW - Brain wallets

KW - Cybercrime measurement

KW - Passwords

UR - http://www.scopus.com/inward/record.url?scp=85019694551&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85019694551&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-54970-4_36

DO - 10.1007/978-3-662-54970-4_36

M3 - Conference contribution

SN - 9783662549698

VL - 9603 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 609

EP - 618

BT - Financial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers

PB - Springer Verlag

ER -