Topic: 21 word seed got exposed, is it bad ? (Read 392 times)

If you look at the first few replies, you'd see that I understood this. And HCP and a few other users added calculations to how easy it'd be. Their calculations are an optimistic approach as it'll be much easier possibility wise as there are an even fewer number of sets than were estimated by them.

The OP was actually referring to wallet recovery seed and he asked if 21 out 24 get exposed, is it possible for anyone to crack remain 3 and my own answer is yes because some people totally good in doing the cracking and guessing thing.

What? Exposing your wallet seed is the worst thing you could do with a wallet that you are using as the person it is exposed to will have access to everything in your wallet.

Unless you mean exposing the seed in order to be able to write it down somewhere and not publicly exposing it OP is referring to).

With my understand is good to expose your wallet seed because recovery seeds is like your best friend and it the only thing you need to maintain the safety or recover of your coins.

Actually an attacker woulnd not need to know an address from this wallet.
An attacker could easily just derive the priv-/pub- keypairs from each valid seed (using the most common derivation paths), and then check (e.g. via API) for unspent outputs.
Knowing an address of the wallet does increase the speed of this attack. But its definetely not necessary to perform such an 'attack'.

No, it would not. 3 missing seed words are recoverable, however the attacker would need to at least know some of your wallet addresses in order for it to work 100 %.  The more information an attacker has, the more chances he has to be able to break it. If you are not sure on the best way to back up this information, just input an extra word into your seed (just remember which one it is). Scrambling to find which word is fake and which ones are real, now that's a challenge I hardly think anyone could solve.

Everything could happen in an instant it's your choice isn't it? If you rather leave it be or be paranoid and make sure your money is safe.
My advice relocate all your money in another wallet and make a new one in your ledger wallet just to make safe. I know you will lose money from relocating all your money because of fees but would you rather lose all your money in an instant.

Based on the comments The odds are in your side though you should be calm and pick what's best for you if you think my advice is not worth it then ignore me and pick whatever means necessary.

My advice, write down 24 words and encrypt everything with a password (aes++++). Password in the brain.

I'm giving you option C. Make it in three-piece of paper, keep the middle one in extremely safe place. (Try remembering the middle phase). But it's always better to move your funds after compromising any keys/passes or anything that can be harmful to your finance.

My "old" Core i5-3570K with 8Gigs (and a bunch of stuff running on it ) was able to generate and test approximately 500,000 seeds in around 4 or 5 minutes... Call it 100K combinations/minute... By my calculations, it would take me around 60 days to generate and test all the missing 3 word combinations if testing 24x7... Not exactly an "instant" hack... but certainly doable for a determined hacker.

Also, I'm sure better hardware and a better optimised script/program than my hacked together and unoptimised Python script would probably be able to bring that total time down.

Still, I'd consider just not using that address anymore and have peace of mind.

Its 3 out of 24.




3 words (with a character set of 2048) conforms 8.589.934.592 possibilities.
Where 3 missing characters of a private key (with a char set of 16, assuming hex represantation) conforms to 4.096 possibilities.

So, no it would NOT be easier to crack a few words in a seed than a few chars in a priv key.

Yes is the simple answer, the remaining three words out of the eighteen could be dictionary brute force attacked, it is not a hard task and would be easier and faster than cracking some missing characters in a private key. If you have been exposed, move to a new wallet at once.

Did they see the words in the correct order, and do they have a copy of the words to hand? If so, your wallet is probably screwed. If it was just a visual exposure, where a person saw the words but didn't take the time to memorize them, then I would say you're are almost certainly safe. Just in case though, you should move your coins to another wallet, better to be safe than sorry.

Because, as previously explained, the word list is known: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

There are only 2048 words in this list... so the total number of combinations is "only": 2048 * 2048 * 2048 = 8,589,934,592 combinations.

While that might look like a large number (and it is, if you're attempting to test them manually), computers are particularly good at doing repetitive things quite fast... a simple python script can generate all of those combinations in a matter of hours (if not minutes)

Additionally, not ALL combinations are actually valid seeds, the last word is a form of "checksum"... so the number of VALID seeds is actually a LOT less than the total number of combinations... for instance, I ran a script I use for finding missing seed words... I stopped it after it had tested a little over 500,000 combinations (in about 3 or 4 minutes)... it had only found 1960 valid combinations.

The real time consuming part is actually converting these seeds to addresses and checking if they have any BTC value (or match a known address)... It would no doubt take days to check all combinations for a match when trying to find the missing 3 words... but it would certainly be doable in a "reasonable" amount of time.

However, if the order/position of the words is not known, the difficulty increases by a significant amount... as the number of combinations that need to be checked increases by orders of magnitude.

It does matter whether its a word or a number. This determines the searching space and therefore the amount of time you have to invest to crack that wallet.




Most modern wallets use either a 12 or 24 word seed. Thats not an information which is hidden anyway.




For huge amounts thats true. But the average joe with a few btc shouldn't care too much about such targeted attacks.
It would be way more lucrative to just steal cryptos with malware.

but the thing is i just cant see how it would be easy to find some 3 word in the exact right order. That would be so many possibilities.

Its writen on a paper, its a seed that i wrote down on a paper. and it is possible that a person saw it, but i am not that sure. but i have already moved my coins so its ok.

thanks everyone for the answers.

Any information about the wallet could help a hacker to crack your wallet, I doesn't really matter if it is one word or a number. Also you have have now exposed publicly that you phrase is compose out of 24 words so if the hacker finds your ip he could know you made a post on this forum about your wallet and finds out what exactly to look for.

I recommend you to move all your coins to another wallet that is not related at all with your old wallet(email, password, any words). This should be safe enough.

It's specially bruteforceable because seeds use common words which means brute forcing software has an easy time with that since they use dictionary attacks. If you were using weird words that don't exist including special characters, then 3 of these "words" would be a pain in the ass for bruteforcing software.

If I depended on a seed I would definitely split it in two, but an attacker will easily realize that you are splitting a seed when he finds out random words here and there, and he will just join them, so keep them separated with different passwords if you are storing them digitally.