Will your crypto wallet be hacked?

Collection

If you have used a cryptocurrency wallet, you are definitely familiar with mnemonic phrases. A mnemonic phrase is another representation of a plaintext private key, first proposed by BIP39 (Bitcoin Improvement Proposal 39, born in 2013). In the BIP-39 standard, each pair of keys corresponds to a unique set of mnemonic phrases, designed to help users remember and write down complex private keys.

In addition to the concept of BIP39 (which makes backing up seeds more user-friendly by defining mnemonic phrases), there are also concepts like BIP32 (a hierarchical derivation scheme proposed to avoid the hassle of managing a bunch of private keys) and BIP44 (which defines the hierarchical path for BIP32). For example, the well-known MetaMask (Fox Wallet) uses the BIP44 standard for key derivation, allowing users to use a multi-account wallet, where each account has its own pair of independent public keys (the public wallet address you use to receive/send funds) and private keys, but these accounts (sub-accounts) all originate from the same set of mnemonic phrases. The multi-address feature of MetaMask involves an HD (Hierarchical Deterministic) function, which we will introduce later. As for the concepts related to BIP, we won't go into too much detail here; interested friends can Google for relevant information.

Next, we will provide a simple introduction based solely on BIP39. The 12 (or 24) mnemonic phrases generated when you create a wallet correspond to all the assets of that wallet. If the 12 mnemonic phrases are lost, it means that all the assets in your cryptocurrency wallet will no longer belong to you. In other words, whoever has the mnemonic phrases effectively owns all the assets of that cryptocurrency wallet.

Moreover, since most mainstream wallets currently support BIP standards, a set of mnemonic phrases can almost be imported into any cryptocurrency wallet for use. For example, you can import the same set of mnemonic phrases into MetaMask, Rabby Wallet, OKX Web3 Wallet, etc. In short, a wallet is just a tool; it does not store your cryptocurrency assets itself. The cryptocurrency assets in your wallet (strictly speaking, your mnemonic phrases) are stored on the blockchain.

However, it is important to note that there are many counterfeit wallets online, so be cautious and avoid using unknown or poorly rated cryptocurrency wallets to prevent wallet developers from committing fraud.

Returning to the issue of mnemonic phrases, the mnemonic phrases for cryptocurrency wallets are extracted from a specific list of 2048 English words (the BIP39 word list). This means that any tool or wallet DApp that generates mnemonic phrases will contain words from this list of 2048. As shown in the image below.

Furthermore, to ensure the uniqueness of the mnemonic phrases, there are no cases in the BIP39 word list where the first four letters are the same. For example, "apple" and "appl" are not included in the list of 2048 words because they share the same first four letters. This means that if you know the first four letters of a word, you can look it up in the BIP39 word list and know the remaining part of the corresponding word. This is also why, sometimes when you import mnemonic phrases through certain wallet applications, after entering the first four letters, the software will automatically complete the input for you. As shown in the image below.

At this point, some new friends may have a question: since the mnemonic phrases are randomly selected from a fixed set of 2048 words to form 12 words, isn't it easy to crack a cryptocurrency wallet? Or can someone just randomly select 12 words and try to import them to access a wallet containing cryptocurrency assets?

1. Regarding the issue of randomly entering 12 words to access a wallet

The order of generating mnemonic phrases follows a specific algorithm, so you don't need to worry about someone randomly entering 12 words and potentially accessing your wallet. The general process of the algorithm for generating mnemonic phrases is as follows:

2. Regarding the issue of whether cryptocurrency wallets can be cracked

From a probabilistic perspective, it is indeed possible.

However, from a practical operational perspective, the likelihood of this probability occurring is extremely low. Here we can create a calculation list to see (as shown in the image below):

If 1 word is missing, there are 2048 possibilities for cracking (2048¹).

If 2 words are missing, there are 4,194,304 possibilities (2048²).

If 3 words are missing, there are 8,589,934,592 possibilities (2048³).

If 4 words are missing, there are 17,592,186,044,416 possibilities (2048⁴).

If you want to crack a cryptocurrency wallet and have purchased the most powerful CPU currently available—Intel Core i9-14900K, which can handle up to 576 billion calculations per second. As shown in the image below (I directly asked ChatGPT).

Theoretically, using this CPU, cracking all 12 combinations of mnemonic phrases would require 9.45 x 10²⁷ calculations. As shown in the image below.

So how many years would it take to perform this calculation? We can continue to use ChatGPT to calculate. As shown in the image below.

From the above calculation results, if you want to use the CPU's computing power to completely crack 2048 mnemonic phrases, it would take 299,700,000,000,000,000,000 years, which seems almost impossible.

However, if only a few words are missing from the 12 mnemonic phrases, cracking is possible. The specific time and cost required for cracking can be inquired through ChatGPT as mentioned above. Moreover, there are already some tools available for cracking or recovering mnemonic phrases, such as Seed Saviour (suitable for recovering/cracking one missing word) and Btcrecover (suitable for recovering/cracking two or more missing words), as introduced in previous articles. As shown in the image below.

In summary, the main reason for the loss of assets in cryptocurrency wallets may not be due to cracking but rather due to improper use or backup by wallet holders. For example, storing mnemonic phrases carelessly on connected phones/computers or online cloud storage, sharing mnemonic phrases with others, downloading counterfeit wallet software, authorizing problematic phishing websites, etc.

3. Should you choose 12 or 24 mnemonic phrases?

The 12-word mnemonic phrase is the most common, but there are also 24-word mnemonic phrases. From a technical perspective, 12 words correspond to 128 bits, while 24 words correspond to 256 bits. Currently, common wallets like MetaMask (software wallet) and OneKey (hardware wallet) default to generating 12-word mnemonic phrases, while wallets like Ledger (hardware wallet) and Trezor (hardware wallet) default to generating 24-word mnemonic phrases.

There is no significant difference between wallets generated with 12 and 24 mnemonic phrases; their main difference lies in the level of security. In other words, 12 mnemonic phrases provide a security level of 128 bits, while 24 mnemonic phrases provide a security level of 256 bits.

However, in practice, a 128-bit security level is already sufficiently high, as we have understood from the calculations above. Therefore, whether to choose 12 or 24 mnemonic phrases depends on your own considerations and preferences. For ordinary individuals, there is no need to generate 24-word mnemonic phrases for this reason, as remembering and managing too many words can be more difficult and cumbersome.

4. What are the main types of wallets?

Commonly, we often hear about various hot wallets, cold wallets, hardware wallets, paper wallets, etc. However, if we categorize wallets based on their characteristics, the most common types of wallets currently include EOA wallets, MPC wallets, and AA wallets. This topic has been covered in previous articles, so we can briefly review it again:

1) EOA Wallet

An EOA wallet refers to a mnemonic phrase wallet. When mentioning mnemonic phrases, some people may also bring up the issue of private keys. Simply put, a private key equals a mnemonic phrase. A private key typically consists of a long string of numbers and letters, which is not convenient for us (humans) to remember. Therefore, mnemonic phrases were later used to "replace" private keys, allowing us to simply remember or back up 12/24 English words (mnemonic phrases).

Moreover, mnemonic phrases and private keys can also be converted into each other using some online conversion tools, as shown in the image below. However, it is important to note that for security reasons, do not easily use unknown tools and websites to generate mnemonic phrases or perform conversion operations to avoid the risk of mnemonic phrase leakage.

2) MPC Wallet

An MPC wallet refers to a keyless wallet. In this case, the private key is split into parts, with one part stored on the platform, one part on the user's device, and one part backed up on the user's cloud storage (e.g., iCloud).

Many people currently use Binance Web3 Wallet and OKX Web3 Wallet, which are of this type. Of course, they also support importing existing mnemonic phrases to create EOA wallets.

3) AA Wallet

An AA wallet refers to a smart contract wallet, also known as an Account Abstract wallet. This type of wallet does not have a private key and cannot be created independently; it is controlled by code logic and must be created based on existing wallets. In other words, each keyless wallet or private key wallet can only create one AA smart contract account, while each account under a mnemonic phrase wallet (for example, the same set of mnemonic phrases under MetaMask can generate N different wallet account addresses) can create corresponding AA smart contract accounts, such as Wallet A --- Account 01 corresponding to Wallet A --- Smart 01.

Smart contract wallets generally have some special features, such as batch transactions, gas payment on behalf, key recovery, and more customizable and extended functionalities. The Binance Web3 Wallet and OKX Web3 Wallet mentioned above also support the creation of AA wallets.

However, this wallet model currently has a relatively low adoption rate in the market, and many chains (including corresponding DApps) do not yet support it. Therefore, sometimes when you use an AA wallet for swap operations, you may see prompts like "the keyless wallet you are currently connected to does not support XXX chain."

5. Issues related to multi-signature wallets

In addition to the aforementioned topics, when it comes to cryptocurrency wallets, you may often hear the concept of multi-signature (Multi-Signature). Multi-signature mainly refers to authorizing a transaction through multiple different private keys, rather than just a single private key, which is primarily to enhance the security of transactions.

Generally, multi-signature involves several issues:

1) The issue of multiple private keys

A multi-signature wallet typically contains multiple private keys, each associated with a specific authorizer.

2) The issue of signature thresholds

In a multi-signature wallet, a signature threshold can be defined, indicating how many authorizers' signatures are required to execute a transaction. Its working mechanism involves multiple keys and the M-of-N signature concept. In an M-of-N setup, only M of the N keys must sign the transaction to authorize it. For example, in a 2-of-3 multi-signature wallet, there are three private keys, and at least two private keys (authorizers) are needed to execute the transaction.

3) The issue of multi-signature transactions

To execute a transaction, the signature threshold must be met, meaning that a sufficient number of authorizers' signatures are required for the transaction to be broadcast and confirmed.

In practical applications, this multi-signature method is primarily used more by enterprises/institutions, although individuals can also use it. For example, you can store one private key on your phone and another on your computer, requiring both private keys to be used together to transfer funds.

As for examples of creating and using multi-signature wallets, previous articles have already introduced relevant information, so we will not elaborate further here. Interested friends can refer back to historical articles. As shown in the image below.

6. Issues related to Bitcoin wallets

I have previously shared this topic in the group, so let's briefly review it here:

1) From the perspective of encoding

The private key (note: private key) of a Bitcoin wallet address can be divided into multiple formats, such as WIF, WIFC, HEX, B64, MINI, BIP38, etc. This means that a private key can be generated based on different encoding methods (different format private keys can also be converted into each other). Here, we will take WIF and WIFC as examples:

WIF stands for Wallet Import Format, which is a type of encoding for private keys. This method can be divided into compressed and uncompressed forms, where compressed is WIF compressed (abbreviated as WIFC) and uncompressed is WIF uncompressed (abbreviated as WIF).

The difference between them is mainly technical. For example:

WIF encoding means adding the prefix 0x80 to the private key, performing two SHA256 operations on this newly generated value, taking the first four bytes of the calculation result as the verification bit, and finally generating a base58 encoded result that starts with 5.

The calculation of WIFC is similar to WIF but has some differences. In addition to adding the prefix 0x80, it also requires adding a compression flag suffix at the end, which is 0x01. The remaining results are the same as before, followed by two SHA256 operations, taking the first four bytes as the verification bit, and finally generating a private key address that starts with K or L.

Thus, corresponding to the above compressed and uncompressed private keys, Bitcoin addresses can be divided into Bitcoin Address Uncompressed (uncompressed Bitcoin address) and Bitcoin Address Compressed (compressed Bitcoin address).

This means that one Bitcoin corresponds to two addresses (i.e., Compressed/Uncompressed addresses), but both addresses are "valid" and there is no difference in usage. The compressed address is actually the most common and used address (the Bitcoin wallet address starting with 1), and the vast majority of wallet tools should default to generating this address.

In summary, regardless of the tool used to generate the wallet address, the generated wallet address and private key must have a one-to-one correspondence. Just keep track of these two things, and there is no need to get caught up in the issues of compression or technical details during daily use. Just remember this: once your private key is leaked, all your assets may be lost.

2) From the perspective of address formats

Generally speaking, Bitcoin wallet addresses can be divided into four main formats:

Regular Address (i.e., P2PKH Address, Pay-to-Public-Key-Hash): This is the earliest Bitcoin address format, starting with "1" and consisting of 26 to 35 characters, including numbers and uppercase letters.

Native Segregated Witness Address (i.e., Native Segwit Address, also called P2WPKH Address): This is a new address format that starts with "bc1q" or "tb1" and consists of 41 to 62 characters, including numbers and lowercase letters.

Compatible Segregated Witness Address (i.e., Nested Segwit Address, also called P2SH-P2WPKH Address): This is a new address format that combines traditional regular addresses and native segregated witness addresses. It starts with "3" and consists of 26 to 35 characters, including numbers and both uppercase and lowercase letters.

Taproot Address: Taproot is an important upgrade to the Bitcoin protocol (activated in November 2021) aimed at improving Bitcoin's privacy, security, and scalability. Taproot addresses typically start with "bc1p".

In simple terms, all four of these address types can be derived from the same set of mnemonic phrases. Currently, SegWit/Taproot addresses are used relatively more and are the default address format for many mainstream wallets (some wallets may only support 1-2 of the four address types), as bc1 addresses offer more advantages, such as higher capacity and lower transaction fees. Although Bitcoin has different addresses, transfers can be made between them because they all use the same underlying encryption technology and protocol for transactions. The only difference between different addresses is that the gas fees may vary, with SegWit addresses generally being cheaper. As for the differences between SegWit and Taproot, the former mainly simplifies transaction data, while the latter primarily enhances privacy and efficiency.

8. Issues related to HD wallets

HD wallets refer to Hierarchical Deterministic wallets. You may have encountered this concept in some wallet applications. Simply put, we can think of HD as a wallet structure that uses a hierarchical structure to manage and generate key pairs. Based on this framework, users can conveniently create almost unlimited addresses (sub-addresses) using the same set of mnemonic phrases without needing to back up each address's private key.

The advantage of this wallet model is that we only need one set of mnemonic phrases to generate any number of new wallet addresses. Different addresses can be used for different purposes, such as some addresses for airdrops, some for transfers, and some for testing, thereby providing better anonymity and privacy. However, the downside is also evident: once your mnemonic phrases are lost or leaked, all assets under the corresponding addresses will also be lost.

Therefore, it is up to you to decide whether to prioritize convenience or security.

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
ChainCatcher Building the Web3 world with innovators