- John Cantrell has published an article showing how he hacked into a Bitcoin address to win 1 BTC.
- The hack was part of a contest organized by Altana Digital’s CIO.
In an article for Medium, developer John Cantrell revealed how he was able to hack into a Bitcoin address to earn a reward. Part of a contest organized by Altana Digital’s CIO, Alistair Milne, Cantrell claimed it took him 30 hours to review about 1.1 trillion possible mnemonics from 8 seed words Milne gave. The address required entering the 12-word master key. After opening the address, he was rewarded with 1 BTC.
Milne launched the contest in May and gradually posted clues on his social networks. This way, participants could guess the words of a 12-word seed that protected the Bitcoin. The last 4 clues for the words, according to Milne, were to be posted at the same time to prevent anyone from guessing them. But Cantrell’s achievement showed that only 8 were needed. Although, as the developer says, it took considerable effort.
How to crack a Bitcoin address?
To be able to guess the remaining words and win the Bitcoin, the developer said he has written a program to measure the time, the estimated computer power and the real possibility of guessing the 4 remaining words. Cantrell said:
The strategy I was going to use was to calculate a start and end number that I needed to iterate between based on a set of known input words. For each number I would calculate the address corresponding to that number and then check if the address was the one that held the 1 BTC. If it was the address I would then create and sign a transaction to sweep the funds into a wallet I control.
However, according to the developer’s estimates it would have taken him 25 years to guess the 4 words with the computing power of his laptop having 8 words. So he had to rent a more powerful machine: a 32-core CPU-optimized machine from Digital Ocean. This allowed him to check 8,000 possibilities per second.
But the developer still needed too much time and 1000 times more computing power to be the first to guess the words. So he rented about a dozen graphics cards in a GPU marketplace and leased 40 GPUs from Microsoft’s Azure network. In all, he spent about $500 in the process of getting more computing power. The result was as follows:
At the peak I was testing about 40 billion mnemonics per hour. This means it should have taken around 25 hours to test the1 trillion mnemonics. I knew that on average it should only take 50% of the time (depending on what the 9th word actually was).
After several hours without result, the developer began to worry. For a moment he lost hope and was about to turn off the computers to try a new version, but after trying 91% of the possibilities he found the solution.
With the four remaining words he was able to get access to the wallet. Nervous that someone might try to prevent the transaction, he set a high fee of 0.01 BTC to speed up the validation. Minutes later his transaction was validated and included in a block. The Bitcoin was irreversibly his.
Answering a question from a community member, Cantrell said that with the same mechanism it would have taken him 309,485,009,821,345,068,724,781,056 days to guess the 12 words of the entire seed phrase to gain access to the address. Otherwise, the developer said he will be launching his own contest. He invited interested parties to keep an eye on his twitter account, @johncantrell97, for further details.