The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets

  • Marie VasekEmail author
  • Joseph Bonneau
  • Ryan Castellucci
  • Cameron Keith
  • Tyler Moore
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9603)


In the cryptocurrency Bitcoin, users can deterministically derive the private keys used for transmitting money from a password. Such “brain wallets” are appealing because they free users from storing their private keys on untrusted computers. Unfortunately, they also enable attackers to conduct unlimited offline password guessing. In this paper, we report on the first large-scale measurement of the use of brain wallets in Bitcoin. Using a wide range of word lists, we evaluated around 300 billion passwords. Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 h but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded. We find no evidence that users of brain wallets loaded with more bitcoin select stronger passwords, but we do find that brain wallets with weaker passwords are cracked more quickly.


Bitcoin Brain wallets Passwords Cybercrime measurement 



We thank the anonymous reviewers and paper shepherd Sarah Meiklejohn for their helpful feedback. Some authors are funded by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS&T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific via contract number N66001-13-C-0131. Support from the Oak Ridge Associated Universities Ralph Powe Junior Faculty Enhancement Award is also gratefully acknowledged. This paper represents the position of the authors and not that of the aforementioned agencies.


  1. 1.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32946-3_29 CrossRefGoogle Scholar
  2. 2.
    Böhme, R., Christin, N., Edelman, B., Moore, T.: Bitcoin: economics, technology, and governance. J. Econ. Perspect. 29(2), 213–238 (2015)CrossRefGoogle Scholar
  3. 3.
    Bonneau, J.: Statistical metrics for individual password strength (transcript of discussion). In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2012. LNCS, vol. 7622, pp. 87–95. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-35694-0_11 CrossRefGoogle Scholar
  4. 4.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, May 2012Google Scholar
  5. 5.
    Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Research perspectives and challenges for Bitcoin and cryptocurrencies. In: IEEE Symposium on Security and Privacy, May 2015Google Scholar
  6. 6.
    Caldwell, M., Voisine, A.: BIP 38: passphrase-protected private key, November 2012Google Scholar
  7. 7.
    Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the 22nd International World Wide Web Conference, pp. 213–224 (2013)Google Scholar
  8. 8.
    Courtois, N., Song, G., Castellucci, R.: Speed optimizations in Bitcoin key recovery attacks.
  9. 9.
    de Carnavalet, X.C., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: Network and Distributed System Security Symposium (NDSS 2014). Internet Society (2014)Google Scholar
  10. 10.
    Eskandari, S., Barrera, D., Stobert, E., Clark, J.: A first look at the usability of Bitcoin key management. In: Proceedings of the NDSS Workshop on Usable Security (USEC) (2015)Google Scholar
  11. 11.
    gmaxwell: #bitcoin-wizards (2015).
  12. 12.
    hashcat: Combinator attack (2015).
  13. 13.
    Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 Workshop on New Security Paradigms, pp. 133–144. ACM (2009)Google Scholar
  14. 14.
    Steube, J.: PRINCE: modern password guessing algorithm.
  15. 15.
    Taylor, M.B.: Bitcoin and the age of bespoke silicon. In: Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, p. 16. IEEE (2013)Google Scholar
  16. 16.
    Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 162–175. ACM (2010)Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  • Marie Vasek
    • 1
    Email author
  • Joseph Bonneau
    • 2
  • Ryan Castellucci
    • 3
  • Cameron Keith
    • 4
  • Tyler Moore
    • 1
  1. 1.Tandy School of Computer ScienceThe University of TulsaTulsaUSA
  2. 2.Applied Crypto GroupStanford UniversityStanfordUSA
  3. 3.White OpsNew YorkUSA
  4. 4.Computer Science and Engineering DepartmentSouthern Methodist UniversityDallasUSA

Personalised recommendations