pull down to refresh

1st of all this was a bounty. I DID NOT STEAL THE ETH :D
Check Twitter and I am tagged in an Ethereum post, Only used Ethereum 2 times, initially not interested.
The pictures are clues to a BIP39 seed which unlocks 0.1 ETH Ok, let me take another look.
As all the words are from the 2048 BIP39 Dictionary. I took a guess for each picture and checked if it was in the dictionary. Found 11, not sure about the 4th. But it's one of the 2048 words, so I just need to try all of them. Easy job for a computer :p
Enter Seed Savior - Brute forces 1 word. I just pasted the words I know and it showed all the possible valid 4th word. As I know the address, I just have to search for it here. Got 138 valid 4th words ,but my address is not present.. At least 1 of my guesses is wrong. https://3rditeration.github.io/mnemonic-recovery/src/index.html
Now really want to find the seed! I went through each of the 2048 BIP39 words and looked to see if it matched any of the pictures. It took 2 hours, to redo the list .🥲 Now I have multiple options for each position. I have to hurry, this is public, others may be trying.
5 million options are not that many. I just need the right tool.
Enter BTCRecover A command line tool that I can tell it how to mix the words, and check if they generate the address I'm looking for. https://github.com/gurnec/btcrecover
My Mac M1 tries 90,000 seeds/second Took 1 min, but NO LUCK!
This means that at least one of the possible words is incorrect. So on one of the positions, I need to try all the 2048 words. I will have 2048 options on that position. Positions 4,6 I'm least sure of. 6 days is too slow, others may also be trying to crack the seed!
What if I use all 3 of my laptops. Together they try 170,000 seeds/second. Nearly a 2x improvement. I cut it down from 6 days to 3 days. Need a bigger improvement, other may be cracking as I am! My laptops are all cracking using their CPU. I need GPUs, a lot of GPUs!
There are 2 ways to do more calculations per second:
  1. get hardware that can calculate faster
  2. get more of the same hardware and run it in parallel.
A GPU is basically a LOT of tiny weak processors that run in parallel and that is why some things run faster on GPUs.
Luckily there are websites where people allow you to rent their powerful computers and you pay per minute. I used https://vast.ai/i as seemed to be the cheapest option. Prices range from $0.3 to $1 (for my needs) Pretty much all have strong processors, ones with more GPUs cost more.
Ended up renting 16 servers and I was trying 1,096,000 seeds per second. It would take 11 hours to try all my candidate words, and on the 4th & 12th positions try all 2048 possible words. So pressed start and got some much-needed sleep.
Woke up and Seed not found. Angry and disappointed, I closed all the servers, as it cost me money to keep them up. But then I looked through the list one more time, and wait a minute 8 is not a park, it's Hard Street. Could it be?
Used initial list of candidate words, but hard on the 8th position. 4 minutes later SEED FOUND!1!1
When you take out the server costs and donation to the person who maintains the tool, I was left with ~$50.
Best 50 bucks I ever made in my life. (10 days of continuous work)

Clarifications

I left tout a LOT of things to keep it short but to enumerate a few:
  • everything took multiple trees and a LOT of hair pulling
  • BTCRecover does not paralilise all the operations when generating addresses
  • when splitting the work between servers it slowed down the tool, i had to write a script and manually split the work between servers
The 1st pic in the thread was taken right after I found the seed, when I posted by "victory" on twitter, but the screenshots of the commands I re-ran after when I was documenting the process. https://twitter.com/raw_avocado/status/1520988465625710593
Usually I share a Bitcoin story, but I though my only Ethereum story is interesting enough to share. Also in case it's not obvious, everything I've done here applies to Bitcoin also, I mean its BIP32 & BIP39.
I tweet 1 interesting Bitcoin fact/day and you can find it here(long form gets posted here on SN): https://twitter.com/raw_avocado/status/1743414238654201869
And the #BitcoinFactOfTheDay is brought to you by BitBox.
67 sats \ 4 replies \ @Fabs 17 Jan
Looks like you've got the tenacity I tend to lack every-so-often.
Walks up to OP and pats him on his shoulder while tipping his fedora in a slightly uncanny way
Good job, OP.
reply
Thank you , kind Sir.
reply
24 sats \ 0 replies \ @Fabs 17 Jan
No problem,
reply
Thank you , kind Sir.
reply
12 sats \ 0 replies \ @Fabs 17 Jan
OP.
reply
That's funny
reply
reply
Well done. What a fun challenge! It is clear you learned a lot, and I appreciate that you listed all of the tools you used to solve the puzzle so that others can learn. Cheers!
reply
Cheer, bud.
reply
Sound like what hackers do, ethical hackers that is
reply
Wow! It's so cool!
reply
Cheers.
reply
21 sats \ 1 reply \ @OgFOMK 17 Jan
Nice work.
reply
Cheers.
reply
21 sats \ 1 reply \ @bzzzt 17 Jan
Interesting, and congrats 🙂
reply
Thanks, bud.
reply
Amazing investigative work! Well done 🫡
reply
Congrats to you! Even this storys all about ETH, we can take key lessons from this situation for Bitcoin too.
  • Don't save your mnemonic online
  • Don't save your mnemonic on a devices that can connect internet
  • Even if you have fractions of mnemonic words, people can find it. Just takes time and effort. I'm not pro but I think using 24 words mnemonic will be safer than using 12 words mnemonic right? Also, that is interesting that no one found this before you without a technic. I guess the 4th word is written with one of the stock MS Office fonts. If you find those characters on a font file (or do OCR) and change the font to Calibri, I guess you can see that word. I wish I see this bounty before 😄
reply
0 sats \ 1 reply \ @brave 18 Jan
You must be a genius to be able to apply logic and reason thus far
reply
Can't tell if you are mocking me or giving me a compliment.
reply
deleted by author
reply
reply
you made a post about a shitcoin in the bitcoin territory.
reply
Bip39 is a BITCOIN problem and solution. So everything that he did could be done to a Bitcoin private key address. He educated me as to the amount of effort it would take if my seed words were found and maybe I obfuscated the order thinking I was clever..
This is good work and but no means is it advertising the shitcoin.
This was BIP39 exercise. If someone gets your private key they can watch all the addresses you use and one day make a fat transaction.
reply
I understand this is not obvious to novice Bitcoiners(though it should) so I'll explain.
The post does not discuss anything particular feature of Ethereum, it talks about BIP32 & BIP38, BITCOIN Improvement Proposal. These both dictate how to generate keys in hierarchical orders and respectively how to encode the entropy. They are used in almost every single wallet out there. Because of their structure, these support other coins, as a subaccount of your main seed.
This is the same exact cryptography that secures your Bitcoins right now.
I am very well aware of what territory this is, and how reads stacker news, and I think it's a perfectly valid post, as it informs how key management is done.
Your response shows incredible ignorance.
reply
I certainly won’t deny any incredible level of ignorance however I was only adding words to the emoji you questioned.
reply
reply
That is definitely not true, and I really don't know why anything thinks that would even be a good thing.
reply
deleted by author
reply