(Subtitle: Ways to safeguard my coins even if mnemonics/passphrases are stolen)
So, if a hacker gets hold of my mnemonic and passphrase, how do they check my balance?
Well, they’ll probably just run the software, right?
Most likely, they’ll find all the balances in the first few addresses of each wallet type, especially if many folks use default settings like m/84'/0'/0/0~m/84'/0'/0'/0/20 for cold storage.
Boom, they spot my coins immediately!
Now, if I stash my coins in a specific index of a certain account, can the hacker still trace them?
To use the mnemonic and passphrase to locate all accounts and indexes, they’d need to sift through all the possible addresses linked to the private key.
But here’s the kicker: a single private key can generate a massive number of addresses.
It starts with the address type based on the wallet’s purpose (p2tr, p2wpkh, p2pkh, multisig1/1), and there are a ton of factors involved:
Basically, if we look at the HD wallet derivation path (according to bip44)
> m / purpose' / coin_type' / account' / change / address_index
Purpose: 44, 48, 49, 84, 86 (that’s 5 options depending on what the wallet is for)
coin_type: Bitcoin is 0
account: each account can go up to 2^32
change: incoming/outgoing addresses are 0/1 (that’s 2 options)
address_index: serial number for addresses (also 2^32)
So, to check the balance of every address linked to one private key, we’re talking about:
5 x 2^32 x 2^32 = 1.8 x 10^20 addresses.
It would take 1.8x10^15 seconds to go through each address, even if it’s a super...
Can a hidden derivation path really secure Bitcoin if compromised?
19 replies 416 views
r34l_bridgeFull Member
Posts: 93 · Reputation: 701
#2Nov 1, 2022, 03:42 AM
When a hacker has your wallet mnemonic seed, he can import it and steal your bitcoin. He does need to check all addresses in that wallet, if he import it and see bitcoin there, he will send your bitcoin to his wallet without need to know what addresses of yours have bitcoin. I meant he does not need to choose UTXOs for his sending.
If you are fearful that your wallet is hacked, and balance is still there, you must sweep your fund to a new wallet. Do it as fastest as possible because a hacker can do his job faster than you.
In summary of what you meant to say, using a unique derivation path and address index, will add extra security to your wallet? but then, your mnemonic and seedphrase already gotten by a hacker = lost funds.. there's may not be any explanation after that. It won't take couple of minutes for him to empty the wallet.. its just better to store your keys securely to avoid loss of funds..
Also, if you are also smart and fast, at the time the hacker had sent the funds and still awaiting confirmation, if the transaction was RBF enabled, you can decide to make a new transaction with higher fee and send it to another wallet which key is secured... But like I said, that's if you are aware during the time it happened..
The moment a hacker gets access to your mnemonic and passphrase, it means that your bitcoin is gone because those are what anyone that understand wallet even if he's not a hacker needs to steal your coins by importing them on electrum wallet and there's nothing you can do to stop the thief, only if you are faster than the thief to sweep your funds to a new wallet, if he hasn't transferred the funds. Your post is only about someone trying to generate the same private keys as yours, that's when the chance of getting the same private is very tiny and can take 10 million years like you said. However, it's good to keep your back up seed phrase in a separate place from where you keep your backup pass phrase so that it will be impossible for anyone that has access to either your seed phrase or passphrase to have access to your wallet without the other.
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#5Nov 5, 2022, 02:39 AM
Hacking most of the time is to steal funds. That's the more reason hackers target your keys or your seed phrase. Hackers need those keys to remove funds from your wallet since a transaction has to be signed with the keys for it to be valid on the Blockchain. If you feel your keys or funds are in jeopardy the first thing you need to do is make your funds change spending keys. And to do that you will need to sweep the funds from that wallet.
Immediately you notice, create a new wallet on another device that hasn't been compromised and move all the funds from the old wallet to the new one making sure your internet is good and you make use of a huge fee so it gets confirmed as quickly as possible. You don't want to risk a transaction like that being cancelled by the hackers.
I wonder that How can he send balance when he doesn't even know if the private key has a UTXO with or without a balance?
Hackers don't even know what purpose wallet the owner of the private key made with mnemonic (p2tr, p2wpkh, p2pkh, p2sh) so they can send the balance?
The hacker needs to know the UTXO that the wallet has to specify the input of the transaction,
How can he create a transaction when he doesn't know UTXO?
r34l_bridgeFull Member
Posts: 93 · Reputation: 701
#7Nov 5, 2022, 09:53 AM
If your story is true, rather than arguing with me, you must move your bitcoin to a new wallet, then when you finished that transaction with confirmations from Bitcoin miners, you can return to this thread, and argue with me again.
You said what you lost is a wallet mnemonic seed, that means hacker has access to all private keys in that wallet.
Wallets, it's a chapter 5 in Mastering Bitcoin book. Reading it can help you understand about wallet mnemonic seed and a Hierarchical Deterministic (HD) key generation (BIP32).
HD wallet: a tree of keys generated from a single seed.
you don't understand what I mean.
if My bitcoin is at m/86'/0'/1096823754'/1/1189356152, you can not figure out my balance.
How do you find the UTXO unless I wouldn't say that?
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#9Nov 7, 2022, 02:06 PM
Chances are the attacker will never find your coins. BUT: making up your one "encryption scheme" largely increases the chance of losing access yourself! What makes you think you'll remember 1096823754 and 1189356152 and their exact locations 5 years from now? Read how I lost and regained access to my made-up brainwallet: it's a risk.
If you want to add "something" extra on top of the seed words, why not extend the seed with a 13th (or 25th) custom passphrase? That's a much more standard method of adding time in case your seed gets compromised.
To think about: what are the odds of getting robbed, and what are the odds of losing access yourself? This has always been the one compromise in Bitcoin I'm not entirely comfortable with.
Dear signature spammers, what's with the shitposting on the tech board without understanding or even reading what OP wrote?
you are absolutely right.
I don't use it like this m/86'/0'/1096823754'/1/1189356152
I just wondered whether how long will it take to find the balance (or is it possible to find it).
The answer is "impossible"
Your thread's title is sort of bad, because if you actually loose your private keys that control UTXOs, nothing prevents an attacker to spend your coins. Your mnemonic recovery words aren't your private keys!
I'm not so sure about the "impossible" part. If you hide your coins in some custom derivation path, an attacker has to exhaust the derivation path space if he doesn't have any clues about what derivation you've used.
When the attacker has your mnemonic recovery words then he only needs to perform the computationally somewhat expensive 2048x PBKDF2 rounds only once. Further derivations down the branches of the derivation path are far less expensive per index than the PBKDF2 rounds to get to the BIP32 root key derivation.
An attacker would've to build a database of Bitcoin addresses which hold UTXOs. Querying this database for any particular derivation path down from the BIP32 root key is surely a pain and likely not feasible for more than two unknown branches of the derivation path.
While BIP32 allows an index space of mostly 232 per index, which wallet software actually supports such custom derivation paths? You might discover "funny" bugs while exploring custom derivation paths.
To secure a potential compromisation of mnemonic recovery words, I'd rather add a strong mnemonic passphrase instead of a custom derivation path. Reason is that brute-forcing a mnemonic passphrase is more computationally expensive because you always have to go through the 2048x PBKDF2 rounds for every try. This is very likely much slower than walking through derivation path indices.
The answer is not "impossible". It depends on your custom "security" method.
But there is no additional advantage to this method. You will have much greater security by extending the seed phrase with a custom passphrase, because in that case you are not limited to just a numerical index, but you can use any combination of characters or even whole words and phrases. And it protects all addresses in your wallet, not just one.
1. whatever it is BIP44 or BIP32, It doesn't do with database something like that, Hacker has to search every single addresses (one by one) to find valid UTXO. So it takes time.
2. the title is a little bit bad, right. I don't use this dumb method.
It's still extremely long, but it should not be as long as your initial calculation. Single RTX 4090 can convert 8554 million private key to address every second[1].
That speed exclude creating private child key from private parent key, but it should be negligible compared with converting private key to pubic key.
[1] https://bitcointalk.org/index.php?topic=5112311.msg63680043#msg63680043
humbleledgerLegendary
Posts: 1027 · Reputation: 6554
#15Nov 8, 2022, 07:00 AM
You can edit it, for example: "Is a hidden derivation path enough to keep Bitcoin secure after compromised seed phrase?"
thank you for your opinoin.
It' s different converting private key to pubkey with searching a UTXO linked to a every single addresses.
colddiamondHero Member
Posts: 623 · Reputation: 2467
#18Nov 8, 2022, 06:50 PM
Also, keep in mind if a hacker gets access to your machine and gets your seed there is a non zero possibility that they also have access to the rest of the information that would contain the derivation path.
And, there is also the possibility that even if they don't get that they may get some of your addresses. It would take a long time to find the path but as ABCBits pointed out it's not THAT long a time if you have or can rent enough GPU power.
-Dave
Good point, i forget about searching whether the generated address is on address/UTXO list. But FWIW you could create index/bloom filter and then load both list and index/bloom filter to RAM.
colddiamondHero Member
Posts: 623 · Reputation: 2467
#20Nov 8, 2022, 11:38 PM
Most people if they were doing this to crack something like this are going to be using farms of the NVida Tesla cards. Not 3090 / 4090 / etc general use graphics cards.
You can rent the V100 cards in bulk for less then $0.15 per hour and that's today. It's only getting cheaper. So once again, if you are talking a large enough amount of $ then then it can be overcome.
Probably still not worth it on either side. Too much risk on the users side of forgetting the path. Look at the number of posts we have with people who tried something different and now can't get to their coins. And for the person finding the keys unless you KNOW that the owner has 10+BTC and is not going to know you got their seed and move it before they find it, too much risk.
Just my view as always.
-Dave
Related topics
- What derivation path does mm-gen wallet use? 3
- bitcoin-qt sync issues and slow speeds 6
- Recovering a Bitcoin wallet and address 8
- CipherSeed: A Comprehensive Guide to Super-Secure Crypto Wallet Backups 5
- Affordable quiet mini PC for running a Bitcoin node and blockchain explorer 19
- Using two different Bitcoin versions without messing up blockchain data 3