If you want to manage your cryptocurrencies, odds are you’re going to need two things. The first is a backup of your seed phrase or the private keys used to control access to your funds and the second is a wallet software to help you execute transactions and manage your portfolio.
Although most users generate and store their seed phrases using secure wallet software, a small fraction of users opt to avoid keeping a physical backup of their seed phrase and instead go the unusual route of simply memorizing their seed. Once recalled, this phrase can then be imported into a wallet at any time, allowing these users to access their funds.
On the surface, this seems like an attractive idea. After all, the seed can never be stolen or accidentally destroyed, can be taken anywhere without restrictions, and literally allows users to be their own bank. But as we’ll soon see, these so-called “brainwallets” are extremely dangerous to use, and will more likely than not lead to complete loss of funds eventually.
Brain Wallets Are Incredibly Fallible
Creating a brainwallet usually involves selecting a number of words and forming a mnemonic out of them. This mnemonic is then memorized, allowing users to deduce the original sequence of words, and the original phrase is deleted from any physical locations, leaving the only copy in the user’s mind.
This mnemonic can be as long or as shown as the user likes — seemingly giving the user choice over the security of their assets, with longer mnemonics generally considered to be more secure than shorter ones. Unfortunately, although it’s possible to use any combination of random words for a brainwallet, a large number of users opt to use their favorite quotes as their wallet — which is anything but random.
According to a recent study completed by BitMEX Research, brainwallets generated from quotes taken from popular works of fiction are extremely insecure and might end up being cracked within just seconds. In the study, BitMEX created eight brainwallets using quotes from popular books and loaded each with 0.005 bitcoins (BTC).
These ranged from three to sixty words long — and every single one was cracked by unknown attackers within a day, and the shortest brainwallet seed phrase ("call me Ishmael”) was cracked in under a second.
Not only this, but once cracked, these wallets were drained with a disproportionately high fee, indicating that there are numerous individuals actively scanning for insecure wallets, and that the hacker was forced to overpay to secure the coins — or potentially lose them to another hacker.
But more than this, brainwallets are also subject to being simply forgotten — thereby rendering the stored cryptocurrencies inaccessible forever. Memories are mutable, and both can and do change over time. The odds of a brainwallet mnemonic memory being modified actually increases the more frequently it is recalled, since the act of recalling the memory also renders it pliable and subject to modification.
For these reasons, brainwallets should only be used in extreme circumstances, and never with a sequence of words taken from public literature.
What to Use Instead
Cryptocurrency wallets have come a long way in recent years. Nowadays, it isn’t necessary to compromise on ease of use, security, or feature-set — since there are wallets that offer all of these in equal abundance.
Among these, Coin Wallet has repeatedly set itself apart from the rest, due to its usability and extreme security, making it ideal for both beginners and veterans. Unlike a brainwallet, Coin Wallet doesn’t require you to memorize your seed phrase in order to keep it safe from prying eyes. Instead, Coin Wallet uses AES-256 encryption to encrypt this seed and store it safely on your computer.
The funds held by this seed can only be accessed once the proper security checks have been passed — such as biometric authentication (fingerprint or FaceID), or if a special hardware-based authenticator has been inserted, e.g. any FIDO-compliant security stick.
The seed phrase generated by Coin Wallet features extremely high entropy — this means it is practically impossible to crack. Once you’ve created your wallet, you will be able to access your seed phrase and generate your own mnemonic sentence to back it up in your brain. But unlike a brainwallet, you will be forgiven if you forget it, since your device will act as a secure backup to recover your funds if needed.
Yuri Molchan
Denys Serhiichuk