The Graveyard
Real wallets that were actually cracked.
Not by random chance. By human stupidity.
Brain Wallets
People who used passwords like "password123" or "bitcoin" as their private key.
All drained within seconds.
Bitcoin Puzzles
Intentionally created puzzles with reduced key space.
Legitimate targets with real rewards.
Profanity Bug
Vanity address generator with weak randomness.
$160M+ stolen in 2022.
The tool used only 32 bits of entropy instead of 256. Attackers brute-forced all possible keys in hours.
Weak Randomness
Wallets generated with predictable random numbers.
Including early blockchain.info bug.
Lesson: Never trust weak random number generators. Your entropy is your security.
🎓 The Moral of the Story
Let devices handle randomness
Humans are bad at randomness
256 bits is uncrackable (if random)
A Public Database of Cracked Bitcoin and Ethereum Wallets
The Graveyard collects three categories of cryptocurrency wallets that have been publicly cracked or are tracked as part of an open challenge. The first category is brain wallets — wallets whose private keys were derived from human-chosen passphrases via SHA-256, and which were inevitably emptied by automated dictionary attacks running against the live blockchain. The second is the Bitcoin Puzzle Transaction series, a 2015 challenge in which an anonymous benefactor deliberately seeded 256 addresses with progressively harder bit-restricted private keys, the first 66 of which have now been solved and swept by the community. The third is the small set of vanity-address generators (notably Profanity) whose flawed RNGs led to systematic key recovery and the loss of tens of millions of dollars in 2022.
None of these losses are due to weaknesses in the underlying cryptography. SHA-256, secp256k1, and Keccak-256 remain unbroken. Every wallet on the Graveyard exists because its key was generated from a search space dramatically smaller than 2^256 — either by passphrase memorization, by the puzzle constructor\'s deliberate restriction, or by a buggy RNG. The lesson the Graveyard teaches by example is that wallet security is not about clever choices: it is about cryptographically-secure randomness applied uniformly across the entire 256-bit keyspace.
How Brain Wallets End Up Here
Brain wallets are funded surprisingly often. People hear the pitch — "memorize a phrase, access your crypto anywhere" — and try it with a small balance to see whether it works. It does work. The wallet is real, the address is reachable, and the first deposit confirms normally. The problem only becomes visible after the deposit lands: dictionary-attack bots scanning the live mempool see the new balance, regenerate the key from their wordlists, and broadcast a sweep transaction within seconds. The original owner often watches the balance disappear before they have refreshed the explorer. The Graveyard\'s brain-wallet section is essentially a record of those exits.
The good news is that detection is now easy: any phrase a human can remember, any quote, any song lyric, any mild substitution like "P@ssw0rd!" is already in someone\'s rainbow table. The bad news is that even strong-looking passphrases (long, compound, multilingual) are vulnerable when attackers combine wordlists. The cryptographic fact remains unchanged: a wallet whose key entropy is N bits sits in a 2^N keyspace, and modern attackers can comfortably exhaust 2^60 or more.
Bitcoin Puzzles vs. Real Wallets
The Bitcoin Puzzle entries on the Graveyard are different in one important way: they were never intended to be safe. The funder constructed them as a calibrated test of compute hardware, with each successive puzzle exactly twice the difficulty of the previous one. That property makes the series uniquely valuable as a benchmark — it shows the world how far hash-rate has progressed, and where the practical frontier of brute-force attacks sits. As of late 2025, puzzle #66 is the largest solved (2^66 ≈ 7.4 × 10^19 keys searched). Puzzle #67 (2^67) and beyond remain open. Real Bitcoin wallets generated by reputable software live in the full 2^256 space, and no amount of hash-rate growth could solve those — even if every GPU on Earth was repurposed and ran for a billion years.
Cracked Wallets & Brain Wallet FAQ
What is a brain wallet and why are they cracked?
A brain wallet derives a Bitcoin or Ethereum private key from a memorized passphrase via SHA-256. Because human-chosen passphrases sit in a tiny corner of the keyspace, attackers can dictionary-attack billions of candidates per day and instantly drain any address that receives funds.
How were the wallets in this graveyard identified?
They were either openly published as cracked by security researchers, traced from on-chain forensic analysis after a sweep, or solved as part of the public Bitcoin Puzzle series. Every entry includes the source of the disclosure where available.
What was the Profanity vanity-address bug?
Profanity, a popular Ethereum vanity-address generator, used a 32-bit seed to initialize its key search. Attackers brute-forced the seed and recovered the private keys for any address ever generated by the tool. Tens of millions of dollars were drained in 2022 from wallets created with Profanity.
Are Bitcoin Puzzles still being solved?
Yes. Puzzle #66 was solved in October 2023. Puzzles #67, #68, and onward remain open with bounties of 6.6 BTC and up. Each successive puzzle is exactly twice as hard as the previous one. The Bitcoin Puzzle wallets section of this graveyard tracks the current status.
Could a similar attack drain my regular wallet?
Only if your wallet was created with weak entropy. A wallet generated by a hardware wallet or a properly-implemented BIP39 generator is in a 2^256 keyspace, where no dictionary or brute-force attack can succeed. The graveyard exists specifically to highlight what bad-entropy wallets look like, not to suggest standard wallets are at risk.