Bitcoin has a ‘dark forest’ of its own, and it has to do with brainwallets

Published at: Oct. 13, 2020

The concept of a blockchain "dark forest" has been popularized recently by Ethereum and the existence of front-running bots that will copy any profitable transaction pending for submission.

The bots are able to assess if any given transaction that just entered the mempool can be replicated, and they will immediately publish their own copy with a much higher gas fee, which virtually guarantees that they will be the first to claim it. The term "dark forest" is inspired from a sci-fi novel and indicates a place where detection means instant death — or in this case loss of funds.

In Ethereum, this usually happens with public smart contracts that for some reason came in control of funds. Dan Robinson from Paradigm Capital demonstrated one such case with money mistakenly sent to a contract address. These types of bots also threw a wrench into Bancor’s vulnerability mitigation plan in June.

Bitcoin (BTC) does not have smart contracts to front-run, but a post by BitMEX Research highlights how a similar event occurs when one uses brainwallets.

A brainwallet is the term for a private key that is only stored as a memory in a person’s brain, meaning that no physical backups exist. This approach is generally discouraged because relying on a person's memory to store a complex alphanumeric string is not ideal.

A potential solution to this is creating a wallet from an easy to remember phrase. This is what the analysts did by generating a seed phrase from extracts of famous literary works, including the Bitcoin whitepaper.

Unfortunately, in some cases the BTC put into these wallets was swept away even before the transaction to fund them was confirmed. This was the case with simple seed words like “Call me Ishmael” from Herman Melville’s Moby Dick. Other longer and more complex excerpts were still swept within a day, with the Bitcoin whitepaper’s “The network is robust in its unstructured simplicity” lasting the longest.

The analysts concluded that addresses generated from these types of complex, but public-domain seed words are fully compromised and are constantly being monitored.

As Cointelegraph reported earlier, blockchain makes it hard to use any type of password-based generation mechanism. Passwords on traditional platforms are mostly protected by the fact that they’re stored on a secret database. The attackers must interact with it to make guesses, but the server will usually issue rate limit denials. Furthermore, having to make a web request to make a guess is already many times slower than hashing through locally-stored combinations.

Blockchain private keys can instead be pre-generated from massive dictionary databases, making attackers the effective owners of those addresses. There are ways to mitigate these vulnerabilities by using salt — random bits of data added to throw off brute force attempts. But the fundamental issue of brainwallets is that any address that is sufficiently resistant to brute forcing will likely be difficult to remember reliably.

There are many stories of people losing their BTC by forgetting a private key they stored in their brain, with one notable loss of $13 million reported in 2019 — though some believe it was fake. Ethereum is likely subjected to the same type of private key brute forcing, with millions of dollars in Ether (ETH) being reportedly stolen in the past.

Tags
Technology
Bitcoin
Hackers
Wallet
Related Posts
Bitfinex hackers move another $30M in stolen Bitcoin from 2016
Bitcoins (BTC) stolen from major cryptocurrency exchange Bitfinex back in 2016 are on the move again, as hackers shift another massive batch of funds to unknown wallets. According to data from crypto transaction tracking service Whale Alert, Bitfinex hackers moved more than $4.6 million in stolen BTC on Oct. 8. These funds were sent to unknown wallets in two separate transactions of 435 BTC and 8 BTC. But the hackers have moved far more than this amount earlier this week. According to Whale Alert, Bitfinex hackers completed seven more similar transactions on Oct. 7, totaling at 2,900 Bitcoin, or $26.4 …
Bitcoin / Oct. 8, 2020
Developer Who Successfully Hacked Bitcoin Wallet Ensures BTC Is Still Safe
John Cantrell, Bitcoin and Lightning Network project developer, recently revealed he had successfully hacked a Bitcoin address. His article, however, received a number of responses with many concluding Bitcoin isn’t secure. Cantrell felt people missed the point of the exercise so, in a tweet thread on June 19, explained and ensured people that despite hacking a wallet, Bitcoin is still safe. Takes forever to crack the wallet According to Cantrell, bitcoins stored in a wallet generated from a 12-word mnemonic is secure. The only reason why he was able to hack the Bitcoin wallet was because the wallet’s owner publicly …
Technology / June 21, 2020
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions
Digital intelligence firm Cellebrite has launched its “Cellebrite Crypto Tracer” solution. The new offering is powered by CipherTrace and aims to trace illicit cryptocurrencies involved in money laundering, terrorism, drugs, human trafficking, weapon sales and ransomware schemes. The suite of tools will be available to investigators, analysts and non-technical agents who want to lawfully obtain evidence and trace criminals who use cryptos like Bitcoin (BTC) through the darknet. Citing figures from an Oxford University study, Cellebrite states that an estimated $76 billion worth of illegal activities involve Bitcoin. Curating millions of information references to trace transactions The Cellebrite Crypto Tracer …
Technology / July 28, 2020
IOTA Urges Trinity Wallet Users to Use Seed Migration Tool
Responsible for one of the top performing cryptocurrencies, IOTA is continuing to release new information in response to a Feb.12 hack on its official wallet. According to a Feb. 19 status update, the IOTA Foundation strongly recommends users of the Trinity Wallet to immediately change their passwords and use the seed migration tool to protect their assets. Trinity users who opened or updated their wallets between December 17th, 2019 and February 18th, 2020 may be vulnerable. Trinity users - If you opened #Trinity between Dec 17th 2019 - Feb 18th 01.30 CET 2020, you will need to use the seed …
Technology / Feb. 21, 2020
IOTA Updates Trinity Desktop Wallet to Partly Address Recent Hack
Following an apparent hack of IOTA (MIOTA) official wallet on Feb. 12, the IOTA Foundation has released a safe desktop version of the Trinity wallet. According to a Feb. 17 update post, IOTA should update their Trinity apps to securely check their balances and transactions via Trinity 1.4.1, a new version that is designed to remove the recently detected vulnerability from the wallets. IOTA’s network coordinator is still paused for an upcoming token migration Released on Feb. 16, the new version of the wallet doesn’t apparently represent the full solution of the recent breach because the IOTA’s dedicated network Coordinator, …
Technology / Feb. 17, 2020