The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets

Marie Vasek, Joseph Bonneau, Ryan Castellucci, Cameron Keith, Tyler Moore

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.

Original languageEnglish (US)
Title of host publicationFinancial Cryptography and Data Security - 20th International Conference, FC 2016, Revised Selected Papers
EditorsBart Preneel, Jens Grossklags
PublisherSpringer Verlag
Pages609-618
Number of pages10
ISBN (Print)9783662549698
DOIs
StatePublished - 2017
Event20th International Conference on Financial Cryptography and Data Security, FC 2016 - Christ Church, Barbados
Duration: Feb 22 2016Feb 26 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9603 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other20th International Conference on Financial Cryptography and Data Security, FC 2016
Country/TerritoryBarbados
CityChrist Church
Period2/22/162/26/16

Keywords

  • Bitcoin
  • Brain wallets
  • Cybercrime measurement
  • Passwords

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets'. Together they form a unique fingerprint.

Cite this