I just came across a story by John Cantrell where he managed to crack a Bitcoin in 2020 by searching through over a trillion mnemonics in just 30 hours. Based on what he shared in that story, I’ve got a few questions.
Here’s what we know:
An Electrum wallet was created back in April 2012.
The wallet's public address is available.
6 out of the 12 seed words are known (but not arranged in the correct order).
There are 4 other words that could potentially fit in.
Considering his method, how much time do you think it would take if only 6, 7, 8, 9, or 10 of the words were correct?
How have the GPU speeds changed since his 2020 attempt?
If someone wanted to rent computing power, what kind could you realistically get, and how much faster would it be?
Also, what would the current cost be for renting that power? Like, how much would it cost to get something 10x faster, 100x faster, etc.?
Thanks for taking the time to read this and I appreciate any insights you can share.
Bruteforcing a 12-Word Seed with Specific Parameters
9 replies 118 views
Take note that a 12 word seed phrase is safe enough if generated truely randomly.
John Cantrell rented several graphic cards and brute-forced a seed phrase which 8 out of its 12 words were known and only 4 words were missing.
If you know 8 words of a seed phrase with correct places and 4 words are missing, there would be around 1.8 * 1013 possible combinations. The number would reduce to around 1.1*1012, if the seed phrase is BIP39.
If you know 7 words of a seed phrase with correct places and 5 words are missing, there would be around 3.6 * 1016 possible combinations. The number would reduce to around 2.3 * 1015, if the seed phrase is BIP39.
If you know 6 words of a seed phrase with correct places and 6 words are missing, there would be around 7.4 * 1019 possible combinations. The number would reduce to around 4.6 * 1018, if the seed phrase is BIP39.
Therefore, if John Cantrell knew only one word less (7 words instead of 8 words), it would take around 20000 times more time to brute-force the seed phrase and if he knew two words less (6 words instead of 8 words), it would take around 4.2 million times more time to brute-force the seed phrase.
I think now it should be clear that a 12 word seed phrase is safe enough, if you keep it securely and what you want to acheive is impossible.
Is it impossible because the words are out of order? What if 2,3 or 4 of the possible words were correct? What if you rented 10x, 100x, 1,000x the computing power?
That's impossible, if you know the correct position of those 6 words, let alone without knowing their position.
If I got you correctly, you are talking about the case of having 8 to 10 words without knowing their correct position.
If you know 10 words out of 12 words of a BIP39 seed phrase without knowing their position, there would be around 6*1013 possible combinations which is around 50 times more than Cantrell's case.
hodler2019Legendary
Posts: 2182 · Reputation: 12913
#5Sep 24, 2025, 08:14 PM
Which would mean likely under 3 months time to crack it. With the same power as Cantrell.
So if the wallet had a decent amount of coin in it. say 10 coins or 660,000 usd. Spending 1,000 a day for ninety days makes sense.
But if I read the op correctly he only knows 6 for sure and 4 maybe.
By the way electrum can add extra words and not be 12 it can be 13
I have an electrum with 13 words and the last word is not a standard word from the list.
HyperRavenFull Member
Posts: 175 · Reputation: 633
#6Sep 25, 2025, 12:04 AM
Quick Math:
Total number of permutations without knowing the exact position for 6 letters:
6!*2048^6 = 5.32 x 10^22 before precomputing the valid seeds when respecting the checksum.
You should be able to do a quick estimation for how much longer it would need; by the formula of keys/rate per sec = seconds. GPUs have gotten better at their compute capabilities and they're becoming cheaper but definitely not 10, 100, or a 1000 times. Even if they were to be cheaper and faster, I don't think we would be able to bruteforce it anytime soon.
The rate and the speed depends on how optimized and how small you can narrow your search space.
My napkin math is telling me that it would still take months if GPUs could run through 10^6 keys per second (very optimistic estimate) and you had 100 of them, you'd still be at over 10^14 seconds for brute forcing which seems to be in light-years time.
I don't think anyone would be able to afford thousands of the latest GPUs, unless they are an AI company or something.
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#8Sep 25, 2025, 06:51 AM
The approach would be slightly different.
First of all, the article that you read is about BIP39 seed phase which is different from old Electrum seed before v2.0.
The striking difference is the 1626 wordlist which is a lot smaller than BIP39's 2048 words.
Next is the derivation path which is shorter with "master_private_key/receiving or change/address_index" (e.g.: m/0/0 = 1st address)
than BIP39 which commonly uses either BIP44, 49, 84, etc. which is longer so it requires more HMAC-SHA512 hashes to get to the address_index (e.g.: m/44'/0'/0'/0/0 = 1st address)
So overall, it may be easier than the article only if the factors are the same.
However, with 6 out of 12 words, that could still take a long time depending if the other 4 words are correct.
(I'll leave the math to others)
Thanks for all the responses. I was hoping that knowing 6 (and possibly 4 more) would make it more feasible. It's a situation where throwing a lot of money in computing power could make sense. I saw an article that stated you could rent 1,000,000 Nvidia CUDA cores for $100/hour. Can someone explain to me how much searching power that is? What would be the math (big assumption, I know) if two of the four maybe words are right, so 8 of 12 words without knowing the order if those machines were rented?
gr3g.0rbitHero Member
Posts: 1025 · Reputation: 2646
#10Sep 26, 2025, 04:54 PM
By following ranochigo's "quick math", that would be:
6 words: 6! 1626^6 = 720 18480905552168525376 = 13,306,251,997,561,338,270,720 permutations7 words: 7! 1626^5 = 5040 11365870573289376 = 57,283,987,689,378,455,040 permutations8 words: 8! 1626^4 = 40320 6990080303376 = 281,840,037,832,120,320 permutations9 words: 9! 1626^3 = 362880 4298942376 = 1,560,000,209,402,880 permutations10 words: 10! 1626^2 = 3628800 2643876 = 9,594,097,228,800 permutations
That's discounting the required steps to derive the address from the mnemonic phrase in each permutations. (and if its address_index is known)
If you're looking for a bruteforce tool, the famous BTCRecover's "SeedRecover" still supports old Electrum seed but GPU supports is experimental.
Here's the documentation if you want to check it:https://btcrecover.readthedocs.io/en/latest/Seedrecover_Quick_Start_Guide/
Related topics
- Seed phrases are safe. People aren't. 19
- bitcoin-qt sync issues and slow speeds 6
- Recovering a Bitcoin wallet and address 8
- Creating a list of non-zero wallets and their balances using Python 4
- CipherSeed: A Comprehensive Guide to Super-Secure Crypto Wallet Backups 5
- Curious about recovering BTC from 2010/2011 7