14 DAY TRIAL // Researchers have uncovered a group of individuals who are cracking Bitcoin wallets secured through the Brain Wallet technique and emptying their funds.
The discovery comes only a week after another group of researchers discovered a faster and more cost-effective way of breaking Bitcoin "brain wallets," which were first analyzed and proved to be insecure at last year's DEFCON security conference in Las Vegas, USA.
In their investigation, researchers scanned the Bitcoin blockchain for Bitcoin wallets secured through the Brain Wallet technique by attempting to brute force their private keys using a 300-billion-password cracking dictionary assembled from various sources.
Only 884 accounts used the Brain Wallet technique
"Surprisingly, we identified a relatively small number of brain wallets in use: fewer than 1,000 total," the researchers noted. But the good news stops here.
Looking into the 884 brain wallets they found, all but 21 wallets were drained of their Bitcoin in less than 24 hours after their owners deposited funds inside them.
The total losses amount to around $100,000 / €90,000, stolen between September 2011 and August 2015, up to the DEFCON presentation that presented the attack scenario and after which most users stopped using the Brain Wallet technique to secure their wallets.
The DEFCON presentation affected so much of the Bitcoin landscape that the Brainwallet.org service decided to shut down for this reason.
Thieves stole around $100,000 worth of Bitcoin
As for the Brain Wallet-draining attacks, researchers said that they discovered 1,895 distinct transactions, affecting 863 wallets, which sent stolen funds to 48 different accounts.
All these 48 wallets received payments larger than $100 / €90 (in Bitcoin), and 13 accounts received payments from at least 20 different (robbed) wallets.
Some of these accounts belonged to the same owner, and the researchers say they found 14 different drainers behind these transactions. A breakdown of the drain operations can be viewed at the end of this article.
The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin Brain Wallets research will be presented in more depth at the Financial Cryptography and Data Security conference in Barbados, on February 25, 2016.
