Dictionary Attack
Watch brain wallets get cracked in real-time.
(Don't use weak passwords. Ever.)
đ¯ Attack Simulator
STOPPEDđ Currently Checking
-
-
đ Attack Statistics
đ Cracked Wallets 0
đ§ What is a Brain Wallet?
The Concept
A brain wallet derives a private key from a passphrase using SHA-256 hash. The idea: memorize a phrase, access your crypto anywhere.
SHA256("password") â Private Key
The Problem
Humans are terrible at randomness. Attackers run dictionaries with billions of passwords, checking the blockchain for each one.
Result: Millions stolen within seconds of deposit.
đ Hall of Fame (Passwords That Got Rekt)
This demo shows why brain wallets are fundamentally broken. Even "clever" passphrases get cracked. Always use cryptographically secure random number generators for key generation.
Why Dictionary Attacks Beat Brain Wallets Every Time
A brain wallet is a cryptocurrency wallet whose private key is derived from a memorized passphrase. The attraction is obvious: nothing to lose, nothing to back up, and access to your funds anywhere you can type. The fatal weakness is that humans are catastrophically bad at choosing random passphrases. Studies of human-selected passwords consistently show that the vast majority cluster around a few thousand common words, names, and predictable substitutions. When that pool is squeezed through SHA-256 to produce a private key, the resulting wallet lives in a search space of perhaps 2^30 to 2^50 â astronomically smaller than the 2^256 space a randomly-generated key occupies.
Attackers have known about brain wallets since their introduction. They run continuous, automated dictionaries against the live blockchain: take a candidate passphrase, hash it, derive the address, query the chain, and if it shows a balance, sweep it. Bots have been observed draining brain wallets within seconds of the first deposit landing on chain â sometimes within the same block. There is no such thing as a "safe" brain-wallet passphrase. Even cleverness fails. "Correct horse battery staple," the famous example from XKCD comic 936, was funded as an experiment and emptied in under a minute.
How a Modern Dictionary Attack Pipeline Works
The attack you are watching here is a simplified version of what real adversaries run at industrial scale. The pipeline has four stages. First, candidate generation: combine wordlists, leaked password dumps, song lyrics, philosophical quotes, common phrases, and rule-based mutations like "Password123!" or "L0veCrypto". Second, key derivation: hash each candidate with SHA-256 to produce a 256-bit private key, then run secp256k1 to derive the public key and finally the Bitcoin or Ethereum address. Third, on-chain lookup: query a node or an indexed dataset to see if the derived address has ever held funds. Fourth, draining: for any positive hit, instantly broadcast a transaction sweeping the balance to an attacker-controlled address.
Hardware acceleration makes this very fast. A high-end GPU running optimized SHA-256 kernels reaches several billion candidate hashes per second. A small cluster of consumer GPUs can chew through every entry in the largest public password dump in minutes. Combined with an indexed copy of the blockchain â which is a few hundred gigabytes for Bitcoin â the address lookup step is essentially free. The economic equation is permanently in the attacker\'s favor: a small cloud spend yields any funded brain wallet that has ever existed, including ones funded a decade ago.
The takeaway for users is simple. If you can remember it, an attacker can guess it. Use a hardware wallet, store the BIP39 seed phrase physically, and treat any "memorize-only" wallet scheme as guaranteed-loss collateral. The dictionary demo on this page exists so you can see how quickly the attack actually works, with your own eyes, on real keyspace.
Frequently Asked Questions About Dictionary Attacks
What is a dictionary attack on a cryptocurrency wallet?
A dictionary attack tries every entry in a wordlist as a candidate password, hashes it through SHA-256 (or another KDF), derives the resulting private key, and checks whether the corresponding address has any balance. Against brain wallets â wallets seeded from a passphrase rather than from random entropy â a modest dictionary can crack large numbers of accounts in seconds.
Why are brain wallets dangerous?
Because human-chosen passphrases sit in a far smaller space than 2^256. Famous quotes, song lyrics, common passwords, and dictionary words combine to a few billion candidates â a space that any modern computer can exhaust quickly. Anything funded with a brain wallet is detected and drained by automated bots within seconds of receiving a deposit.
How fast can a brain wallet be cracked?
Open-source attackers routinely test millions of candidate passphrases per second on commodity hardware. Optimized GPU implementations of SHA-256 reach billions per second. Researchers have documented brain wallets being drained within seconds of receiving a deposit, indicating real attackers run continuous live cracking against the public blockchain.
Has anyone actually lost money to brain-wallet cracking?
Yes â millions of dollars. Documented cases include the famous "correct horse battery staple" wallet from XKCD which was emptied within minutes of being funded, and a 2016 study by Vasek, Bonneau and others that traced thousands of compromised brain wallets totaling hundreds of BTC.
Are passphrase wallets the same as brain wallets?
No. A modern BIP39 mnemonic is generated from cryptographically-random entropy and produces a 128-256 bit seed. A brain wallet is generated from a human-chosen string and only contains as much entropy as the human picked. BIP39 with proper randomness is safe; brain wallets are not.
What should I use instead of a brain wallet?
Use a hardware wallet (Ledger, Trezor, Coldcard) or a reputable software wallet that generates a BIP39 seed phrase from cryptographically-secure randomness. Write the seed phrase down on paper or steel and store it physically. Never derive a real wallet from a phrase you came up with yourself.