$9 000 USD

JUNE 2020




"Alistair Milne, CIO of the Altana Digital Currency Fund, orchestrated a challenge on Twitter where the winner would get an entire Bitcoin. Starting in May, he periodically published hints to a 12-word seed phrase for a wallet address that contained one Bitcoin. Whoever picked up all the clues could use the phrase to unlock the Bitcoin wallet and take the Bitcoin inside."


"Alistair Milne tweeted that he planned to giveaway 1 Bitcoin in a wallet generated using a 12-word mnemonic." "The private keys to [a] 1BTC wallet were generated from a 12-word mnemonic seed. Over the next ~30 days I will be releasing the words (or a clue to a word) on my various social media pages."


"Milne planned to post the last three or four words in one go. This was an attempt to prevent someone from brute-forcing the address open (by continuously guessing words until a combination worked). But his plan failed. With just eight words, Cantrell was able to guess the remaining words, find the right combination and unlock the wallet."


"With 8 known words there are 2^40 (~1.1 trillion) possible mnemonics." "To test a single mnemonic we have to generate a seed from the mnemonic, master private key from the seed, and an address from the master private key."


"I ported all necessary code for generating and checking a mnemonic (SHA-256, SHA-512, RIPEMD-160, EC Addition, EC Multiplication) to OpenCL C which is a programming language to run code on a GPU." "I wrote a server application that would orchestrate the distribution of work into batches of ~16 million mnemonics to a pool of GPU workers. Each GPU worker would ask the server for the next batch of work to do, perform the work, and log the result back to the server."


"I spent ~$350 renting GPUs from vast.ai (plus ~$75 for free from Azure)." "I was worried about other people doing the same and is why I included a .01 BTC miner fee. I didn’t think even this would be enough and thought there could be a ‘race to zero’ where people continually increased the fee trying to get the miners to include their transaction in the next block."


"Creating a contest that isn’t won by software is difficult. I’d like to pay-it-forward and try crafting one myself."

Twitter user Alistair Milne launched a contest where he would unveil one word of a 12-word seed phrase periodically over a month. The wallet contained a whole bitcoin. John Cantrell was able to brute force the seed phrase with only 8 of the words, extracting the funds prematurely before the last 4 words were unveiled. Ultimately, John was declared the winner of the contest and kept the full amount.


The contest showed that brute forcing a seed phrase can be done practically with only 8 words instead of the full 12. Never share part of your seed phrase with anyone else unless you intend to give them all your funds, as this can be used in a brute force attack.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.