Coindesk Logo

Brainwallets: The Bitcoin Wallet You Probably Shouldn’t Use (Unless You Have To)

Brainwallets: The Bitcoin Wallet You Probably Shouldn’t Use (Unless You Have To)

Brainwallets: The Bitcoin Wallet You Probably Shouldn’t Use (Unless You Have To)

A “brainwallet” refers to a private key that is stored in the user’s memory in the form of a seed phrase or a passphrase.

A “brainwallet” refers to a private key that is stored in the user’s memory in the form of a seed phrase or a passphrase.

A “brainwallet” refers to a private key that is stored in the user’s memory in the form of a seed phrase or a passphrase.

AccessTimeIconOct 14, 2020, 1:32 PM
Updated Aug 19, 2021, 4:59 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A relic from Bitcoin’s early days, a “brainwallet” refers to a private key that is stored in the user’s memory either in the form of a seed phrase or a password, essentially giving you a portable “bank account” locked inside your head.

  • Once you have the private key memorized, the rationale goes, you can access your bitcoin wallet from anywhere in the world, as long as you have internet access. It’s especially useful if you need to get out of Dodge quickly; your bitcoin will always be with you.
  • To create a brainwallet, you can generate a new address using Bitcoin wallet software, memorize the seed phrase associated with the address using a mnemonic trick, and then delete the wallet from your computer or smartphone.
  • You can also generate the private key yourself using bitcoin software specifically designed for creating brainwallets. This will create a wallet using whatever passphrase you choose to represent your private key. However, this method of generating a brainwallet is highly insecure for a number of reasons (poor entropy, for example) and is generally discouraged.
  • Since brainwallets rely on the user remembering a passphrase, there is always the risk that you’ll forget it or, in the case of a user-generated phrase, that it will be easily guessed.
  • To demonstrate how vulnerable user-generated passphrase wallets can be, depending on the quality of the password, an anonymous BitMex researcher generated eight wallets using quotes from popular literature, lyrics from a Bob Dylan song and an excerpt from Bitcoin’s white paper. Impressively, the “Call me Ishmael” wallet, derived from the notable opening line in Herman Melville’s "Moby-Dick", was harpooned by a hacker literally the second it was created.
  • For the others, all were swept within the day. The quote from the Bitcoin white paper took the longest to crack at roughly 13 hours.
  • BitMex Research believes a single entity swept the wallets.
  • “The speed and nature of the redemption of the funds clearly indicates that people have servers up online 24/7 scanning the blockchain and their respective memory pools for weak brainwallets to hack. These servers are likely to have pre-generated many hundreds of thousands of Bitcoin addresses, using text from thousands of published works, music, books, academic papers, magazines, blogs, tweets and other media and then stored these in a database,” the post reads.
  • When generating a brainwallet, BitMex Research suggests composing a medley of words and phrases to create a more complex passphrase rather than relying on something “simple and poetic.”

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.